Monitor your email address for data breaches

November 30, 2015

There was other big data breach in the last days, this time at VTech. You don’t know it? You most likely don’t have young kids.

Wikipedia has following on the company:
VTech (Traditional Chinese: 偉易達) is a Hong Kong global supplier of electronic learning products from infancy to preschool and the world’s largest manufacturer of cordless phones. It is also one of the top 50 electronic manufacturing services providers globally.

Anyway a friend of mine with a child asked me, if they (he and his kid) are affected and how he should check. The easiest way I know to get information about your email address or username is to use a free service from the security researcher Troy Hunt called

pwned

You can also add your email address to get informed if your email has been part of a new breach.

ps: Just check you’re mail address … its not that unlikely that you’re affected by at least one breach … my tip is the Adobe breach … was the biggest one. 😉

Lock out of possible customers for your online shop by bad HTTPS configuration

November 1, 2015

As I wanted to send a registered mail today, I did a fast google search if this is now also possible online in Austria. I found a news article what said that sendstation.at provides such a service .. so I clicked on the link and got an error message in Firefox that the HTTPS connection is not Ok. A check at SSL Labs shows that … newer seen something bad like this:

sendstation

Ok, the news article was a bit older so I though lets check if the site is still in commission. So after excepting the error I was redirected to briefbutler.at and got again an error message in Firefox. And the SSL test shows that this time the configuration of the TLS is better, but the root is from A-Trust and least my Firefox, Chrome and SSL Labs don’t have that Certificate in the trust store.

briefbutler

Not sure how many customers this site gets .. maybe its in the Windows Trust Store and that’s ok from them if IE customers can visit them. Who needs more customers.  The lesson learned here should be to check your HTTPS not only with your PC – check with other devices and services like https://www.ssllabs.com/ssltest/.

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 31 queries. 0.101 seconds.