We’re back for another roundup of all things security that caught our eye. And there is plenty to dig through on this edition.
My favourite blogger from down-under, Troy Hunt, has been running haveibeenpwned for a while, providing valuable insight into where users credentials may have been compromised in a breach. However, he has introduced a new concept called ‘fabricated’ data breaches. That's where it’s not been possible to verify the authenticity of data, but there is enough legitimate data contained within to merit inclusion. More details on his blog.
You spend some time looking for a blog about Domain fronting, and all of a sudden two show up at once. High-reputation Redirectors and Domain Fronting and Domain Fronting Via Cloudfront Alternate Domains
The security impact of HTTPS interception in the wild
Scott Helme writes an interesting piece about his experiences around Bug bounties and extortion.
A long, but fascinating tale of espionage. I thought I was smarter than almost everybody: My double life as a KGB agent
Do you want to analyse malicious PCAP files and don’t know where to do the analysis? Turns out, there’s a free website to do that.
F-Secure published their 2017 state of cyber security report - it’s a good read.
Microsoft is calling for a Digital Geneva Convention, as global tensions rise. It’s a nice idea in concept, but it's unlikely any such thing will happen.
Banks often conjure up images of stringent checks and balances. You wouldn’t expect one of the largest banks in the world to be falsifying letters and manipulating transcripts of phone calls with customers to cover up its own wrongdoing would you? Would you?
Gotta love the Register. In between their snark and witty headlines, there’s a lot of truth. Zuckerberg thinks he's cyber-Jesus – and publishes a 6,000-word world-saving manifesto
Why it sucks to be a Security Researcher