Vulnerability Disclosure in the Age of AI
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence…
Security
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Weekly Update 506
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Friday Squid Blogging: Another Squid
Someone named “Squid” seems to be a “West Country legend.” As usual, you can also use this squid post to…
Chilling Effects
Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran…
IIS security best practices: How to secure an IIS server and web applications
Learn how to secure Microsoft IIS with practical hardening best practices, attacker-focused insights, and continuous validation strategies. This guide covers…
FBI’s 2025 Internet Crime Report
The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting…
Identifying People Using Wi-Fi Routers
Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through…
SNI proxy SSRF vulnerabilities: Misconfigurations, exploitation, and defense
SNI proxy SSRF is a lesser-known but high-impact vulnerability class where misconfigured proxies route traffic based on attacker-controlled TLS metadata.…
Welcoming the Bhutanese Government to Have I Been Pwned
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…