We've just deployed some mega updates to our infrastructure at Report URI that will give us much more resilience in the future, allow us to apply updates to our servers even faster, and will probably go totally unnoticed from the outside! Our previous Redis setup I've talked about our infrastructure| Scott Helme
We’ve just passed a monumental milestone: 2 trillion events processed through Report URI!!! That’s 2,000,000,000,000 events for CSP, NEL, DMARC, and other browser-generated and email telemetry reports—ingested, parsed, and processed for our customers! This is a phenomenal milestone to achieve in the year| Scott Helme
We've been super busy at Report URI HQ and we have some awesome new features to tell you about! This isn't just a case of new features for Report URI though, these are things that will fundamentally change the kind of information we have available as site operators. Are you| Scott Helme
In my first blog post about hacking my Tesla Powerwalls, I laid out all of the foundations and information about my home energy setup. You really need to read that blog post first as I'm going to be building on all of that work here, and assuming that you're familiar| Scott Helme
After using online hotel booking website Hotel Hippo, I found several critical security flaws and had little response from the company to my disclosure.| Scott Helme
Yep, that's a pretty intriguing blog post title and it's not often that you can literally put the payload for an attack into a title! I was invited to taked part in some research recently after a smart CCTV camera made the news here in the UK. Turns out that| Scott Helme
Shortly after having my new fibre broadband installed, I discovered a method to permanently compromise the security of the BrightBox router provided by EE. After a brief period of traffic analysis, something I do to all new devices on my network, I had found that it is incredibly easy to| Scott Helme
Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.| Scott Helme
I've had solar and batteries at home for quite some time now, and despite my experience with them being really awesome, there were a few little things that were bugging me. Using systems from various different suppliers doesn't always provide the perfect integration, so I hacked together my own! No,| Scott Helme
The latest version of PCI DSS just dropped and it's really awesome to see that one of the most notorious threats that we face online when it comes to payment card data is now being directly addressed. Magecart has wreaked havoc on some really large brands and well known organisations| Scott Helme
Back in April 2022, I published PCI DSS 4.0; It's time to get serious on Magecart, and I was seriously impressed with the stance that the PCI SCC were taking against Magecart and other JS based threats. In this last week, PCI DSS v4.0.1 has been published| Scott Helme
CSP allows you to whitelist sources of content the browser can load. An effective solution to XSS, it can be easily deployed and is widely supported.| Scott Helme
We have a little problem on the web right now and I can only see this becoming a larger concern as time goes by. More and more sites are obtaining certificates, vitally important documents that we need to deploy HTTPS, but we have no way of protecting ourselves when things| Scott Helme
HTTP Strict Transport Security (HSTS [https://scotthel.me/d8j3]) is a policy mechanism that allows a web server to enforce the use of TLS [https://scotthel.me/s8d7]in a compliant User Agent (UA), such as a web browser. HSTS allows for a more effective implementation of TLS by ensuring| Scott Helme
In my last couple of posts about CAs and Root Certificates I've talked about something called Alternate Trust Paths. As a result, many people have asked me questions about how a client can use a different intermediate and/or root to the one that issued the certificate and how/why| Scott Helme
