Junade Ali

“As studying took a larger share of my time, I took a role working with embedded electronics for road traffic systems at a more traditional engineering firm,” he says. “About five years ago I was headhunted by an internet infrastructure and cybersecurity firm I had always wanted to work for.” Now an Engineering Manager, Junade leads an Operations Research team in charge of developing technologies in Artificial Intelligence and formally verified software to drive improvements in cybersecurity an

Online security is a significant issue these days, and as people rely more on internet services, their libraries of accounts and login credentials also grow. Unfortunately, it’s practically guaranteed that somewhere along the line, attackers will breach a service you use and expose your passwords, login details and more. There are plenty of tools to help mitigate the threat — password managers, biometric authentication and two-factor authentication (2FA) can all help. Another popular tool is a

These days, we almost take it as a given that piss-poor security will inevitably expose some of your usernames and passwords to the world — that’s why 2FA is so important, and why you might want a password checkup tool like the ones now built into every modern browser (well, Safari is coming soon) so you can quickly replace the ones that were stolen. But nearly all of those password checkup tools owe something to Troy Hunt’s Have I Been Pwned, which was kind of a novel idea when it first launch

Firefox has started testing an easier way for users to check whether they're using an online service that has been hacked, through integration with Troy Hunt's HaveIBeenPwned database. The hookup will work like this: part of a user's email address is hashed, and this hash is used to check if the address appears in HaveIBeenPwned's database of 5.1 billion email addresses linked to compromised internet accounts. The “Firefox Monitor” test will start with 250,000 users, mostly in the US, accordin

Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61 for Windows, Mac, Linux and Android. The testing of Firefox Monitor also comes on the heels of Mozilla’s partnership with Cloudflare and Have I Been Pwned (HIBP). Similar to the existing function of HI

Mozilla is integrating with the online tool Have I Been Pwned to alert users if they are at risk following website hacks. Mozilla is now offering the ability to check if Firefox users have been the victim of data breaches through the new Firefox Monitor service. The service uses the dataset of the popular website Have I Been Pwned? (HIBP), which collects and analyzes the database dumps disseminated in the darker corners of the internet. From this dataset, both users of HIBP and Mozilla's Firefo

Hello! I'm Junade; by day I work at Cloudflare, focussing on running the Support Operations engineering group. By night, I work on a PhD in theoretical computer science. I started my developer career at 16, initially working as a web dev for a mental health charity before entering the Digital Agency world; eventually working my way up to being the Lead Developer of the largest digital agency in the UK (by headcount). After leaving the agency world, I worked on mission critical road safety softw

Researcher Troy Hunt announced a major revamp of his Pwned Passwords tool that includes more passwords, added features and tightened privacy for organizations who want to check if their in-use passwords can easily be cracked. In V2 of Pwned Passwords, launched last week, Hunt updated his password data set from 320 million passwords to 501 million new passwords, pulled from almost 3,000 breaches over the past year. These new data sources come courtesy of the Onliner Spambot Dump breach from Aug

Password management service 1Password has a neat new feature that lets users check whether a password they’re thinking of using has already been breached. At which point it will suggest they pick another. This is in addition to the more usual password strength indicator bar that tries to encourage web users to improve their security practices. The pwnage check builds on that by further reducing the risk of password reuse because it’s verifying if the specific password has appeared in a number o

A new system that securely checks whether your passwords have been made public in known data breaches has been integrated into the widely used password manager, 1Password. This new tool lets customers find out if their passwords have been leaked without ever transmitting full credentials to a server. Security researcher Troy Hunt this week announced his new version of "Pwned Passwords," a search tool and list of more than 500 million passwords that have been leaked in data breaches. Users can a

If you’re online then you know nobody is safe. We’ve witnessed some colossal hacks in recent years, whether we’re talking about Target, Yahoo, Equifax, Yahoo, or Yahoo, to name just a few of the more prominent ones. Hackers usually steal a treasure trove of information about users, including login credentials for the hacked site. While it may not be your fault that your data was just stolen in a massive cyber heist, if you recycle passwords between various online accounts, then it’s your fault

Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares. This JSON request instructs the alarm clock on every "alarmSound" event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk. By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vu

French interior minister Bernard Cazeneuve is due to meet his German counterpart, Thomas de Maizere this month (August 2016) to discuss new measures that could result in a limitation in the use of encrypted communications across the EU. Cazeneuve has already told the press that he regards this as a, “central issue in the fight against terrorism.” Existing methods including phone tapping are now thought to be somewhat outdated in an age where online communications platforms exist in so many mult

Paradoxically, 'good' news for businesses and ransomware cyber-criminals alike appears to be bad news for security platform provider FireEye. Security firm FireEye is said to be laying off hundreds of staff as a result of what is perceived to be a tactical shift among the global cyber-criminal community. With the firm's software aligned towards protection for larger-scale compromises, the suggestion is that smaller-scale ransomware attacks are essentially easier to clean up without recourse to