Credential Stuffing is an attack where credentials stolen from one or more sites is used at other sites, in the hope that the same credentials were used by users on multiple sites. This post discusses some of the steps consumers and services providers can take to prevent these attacks.
Should you implement HTTP Public Key Pinning (HPKP) for your site? Some reasons I don’t like it in its present form and when it can be acceptable.
Business Email Compromise (BEC) happens when someone receives an email supposedly from their companies’ CFO, CEO or even their manager asking them to make a payment to a vendor account. In this attack, the person making the payment is socially engineered to make a fraudulent payment.
Who is responsible for payment fraud? Why customers also need to get involved and cannot just depend on service providers to protect them.
The top ten most used passwords on Ashley Madison shows that people have not learned much about using strong passwords, even with all the data breaches that have occurred recently.