-
Snyk is shutting down the securityheaders.com API
For many in the web security community, securityheaders.com has been a familiar and trusted tool for years. Originally created by Scott Helme, it helped raise the baseline for HTTP security headers across the web, not through flashy reports, but by making the right things visible and measurable. Over time, the project evolved: In April 2025,…
-
Zone Files: The Only Authoritative Source and Why They’re Still Hard
When people talk about “total domain coverage”, they’re often talking past one another. Some mean registration. Some mean DNS resolution. Some mean recent activity. These are related, but they are not the same thing. A zone file is the registry’s authoritative publication. It shows which domains are delegated in DNS under a top-level domain (TLD)…
-
Why You Should Enable Apple’s Stolen Device Protection Today
Smartphones have become far more than communication devices – they’re the keys to our digital lives. Banking apps, email, photos, passwords, health data, even the ability to unlock your front door or car – all of it may be accessible through your iPhone. That makes losing it to theft or opportunistic “shoulder surfing” more dangerous…
-
Why Domain Monitoring is Essential for Microsoft Entra Security
When we think about protecting Microsoft Entra tenants, the conversation often revolves around user identities, conditional access, and multi-factor authentication. Those are all critical – but one piece is often overlooked: verified domains. These domains are the foundation of your organisation’s identity. They determine how email flows, which services are trusted, and ultimately, how people…
-
Don’t let your domains dangle in Microsoft 365
Expired Domains in Microsoft 365: A Hidden Backdoor to Your Tenant Microsoft 365 tenants typically use custom verified domains (like cybaa.io) for user identities and email addresses. Over time, domains may be retired, perhaps after a rebrand, acquisition, or project sunset, and their registrations allowed to expire. If such expired domains remain listed as verified in…
-
Should banks use push notifications for all transactions?
Recently I received notifications from Starling for card transactions totalling £450 that were not made by me (annoyingly they didn’t go through 3-D Secure for some reason, so for all intents and purposes were successful and £450 had been stolen from me. Fortunately multiple subsequent transactions to the same merchant, Taptap Send which appears to…
-
mx.microsoft is coming!
Microsoft is gearing up for a significant shift in its email security infrastructure, replacing the familiar “mail.protection.outlook.com” with a new set of subdomains under mx.microsoft. This exciting move, starting in March 2024, brings with it a powerful security duo: SMTP DANE and DNSSEC. But before you dive into technical details, let’s unpack what this means…
-
Azure Spot Instances or how to scale cheaply
TL;DR I was looking for an inexpensive way to get access to a lot of CPU compute, as inexpensively as I could in order to process a load of data for an upcoming research project, knowing that the compute would be needed for an extended period of time (weeks/months rather than hours/days) and being budget…
Joe Tiedeman
Technology and Security
Joe Tiedeman 