Tesco

As prophesised, it has happened – Tesco has had a serious security incident [http://www.bbc.co.uk/news/technology-26171130]. The prophecy, for new readers, was my piece on Lessons in website security anti-patterns by Tesco [https://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html] from a couple of years back. The catalyst for that post was this now infamous tweet in response to my pointing out that they had mixed content on an otherwise secure page: [https://twitter.com/Tesco/sta...

There’s this whole idea of “the creepy line” when it comes to the way our personal data is collected and reused without our permission. Eric Schmidt of Google fame reckons they get right up to it without crossing it [http://blogs.telegraph.co.uk/technology/shanerichmond/100005766/eric-schmidt-getting-close-to-the-creepy-line/] or in other words, they push the boundaries as far as society will tolerate without getting too pissed off. Thing is though, how you define “creepy” is a very personal th...

It was three weeks ago now that I wrote about Lessons in website security anti-patterns by Tesco [https://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html] where I pointed out a whole raft of basic, flawed practices which jeopardised the security and privacy of shoppers. These practices in and of themselves were (are) bad, but what really seemed to fire up a lot of people was Tesco’s response when I first flagged it with them: [https://twitter.com/UKTesco/status/22954214101210726...

Update, 14 Feb 2014: A year and a half on from writing this, Tesco has indeed suffered a serious security incident almost certainly as a result of some of the risks originally detailed here. Read more about it in The Tesco hack – here’s how it (probably) happened [https://www.troyhunt.com/2014/02/the-tesco-hack-heres-how-it-probably.html]. -------------------------------------------------------------------------------- Let me set the scene for this post by sharing a simple tweet from last nig...