Scott Helme

United Kingdom

Writer, Security Researcher at Freelance

Hacker, researcher, builder of things. Founded @securityheaders/@reporturi, Pluralsight author, Microsoft MVP, award winning entrepreneur. Likes cars.

Featured in: Favicon

arstechnica.com Favicon

zdnet.com

theiet.org Favicon

grahamcluley.com Favicon

digital-library.theiet.org

Articles

Shorter certificates are coming!

1 month ago | scotthelme.co.uk | Scott Helme

Well, I was certainly hoping for this result, but wasn't necessarily expecting it! I'm pleased to report that Ballot SC-081v3 passed, and that shorter certificate lifetimes are now coming! The Schedule I will go into more detail later in the post, but right now, let's cover the important details! Here is the schedule that was proposed and voted on, and will now come into effect: Certificate issued on or after Certificate issued before Maximum Validity Period March 15, 2026 398 days March 15,...
Hacking my Tesla Powerwalls to be the ultimate home energy solution!

1 month ago | scotthelme.co.uk | Scott Helme

I've had solar and batteries at home for quite some time now, and despite my experience with them being really awesome, there were a few little things that were bugging me.
Let's Encrypt to offer 6-day certificates!

Mar 4, 2025 | scotthelme.co.uk | Scott Helme

Continuing their trend of radical change for the better, Let's Encrypt have announced that, this year, you will be able to request certificates with a validity period of only 6 days!Let's EncryptI remember sitting in the room for this DEF CON 23 panel discussion in Las Vegas, almost 10 years ago in 2015(!), discussing the launch of Let's Encrypt.
Stronger Than Ever: How We Turned a DDoS Attack Into a Lesson in Resilience

Feb 3, 2025 | scotthelme.ghost.io | Scott Helme

Operating an online service like Report URI, it comes with the territory. The ever present threat of attack is something we are fully aware of, and prepare for as best we can. Being the regular subject of attacks, mostly handled by our robust systems and automated defences, these attacks mostly go unnoticed, but not the most recent one!Transparency is at our coreI've been open about how things work at Report URI since the beginning, almost a decade ago.
XSS Ranked #1 Top Threat of 2024 by MITRE and CISA

Dec 10, 2024 | scotthelme.ghost.io | Scott Helme

As we draw near the end of 2024, MITRE have taken a look back at the security vulnerabilities discovered throughout the year and published their list of the Top 25 Most Dangerous Software Weaknesses, and Report URI is here to help you with the #1 Top Threat: XSS. Common Weakness EnumerationThe CWE Program is a standardised way of referring to types of security vulnerabilities with a unique ID, allowing a common classification to be used for a particular type of vulnerability across industry.
Report URI Penetration Test 2024

Dec 4, 2024 | scotthelme.ghost.io | Scott Helme

It's that time of year again! At Report URI, we've just been through our 5th penetration test, and as usual, we're going to publish the results, take a look at what was found, and what we're going to do about it.
Report URI: Simplifying pricing and changes to free accounts

Oct 28, 2024 | scotthelme.ghost.io | Scott Helme

We've been making great progress on developing new features at Report URI recently, and over the coming months, you're going to see many of them launched! As we've expanded the team to achieve this, and as we want to continue to grow, we're going to be making some changes to support our ongoing activities. The Paradox of ChoiceOne of the first things that many will notice is that there are now fewer subscription options to choose from.
Are shorter certificates finally coming?!

Oct 15, 2024 | scotthelme.ghost.io | Scott Helme

Regular readers will know my views on the validity period of TLS certificates, and how they definitely need to be made shorter than they currently are! We made some good progress on reducing their lifetime over the last few years, but recently, that progress seems to have stalled out... Well, now, we might have our first glimmer of hope!The story so farThere's a lot of really good information out there on this topic, and I myself have covered this in various ways over the years.
iOS 18 Quick Tips; Security Edition

Oct 2, 2024 | scotthelme.co.uk | Scott Helme

Having recently updated to iOS 18, there are a couple of features that I've immediately enabled now that they're available! I'm going to share with you what those features are, and, a security tip that has been available prior to the release of iOS 18 too. iOS 18There are a bunch of good reasons that you should always be making sure that your devices are fully updated, so if you have a recent iPhone, you can update it now.
Scan results for troyhunt.com

Aug 18, 2024 | securityheaders.com | Scott Helme

Security Report Summary Site: https://www.troyhunt.com/ IP Address: 2606:4700::6812:1929 Report Time: 18 Aug 2024 22:13:14 UTC Headers: Advanced: Raw Headers HTTP/2 200 date Sun, 18 Aug 2024 22:13:14 GMT content-type text/html; charset=utf-8 cf-ray 8b553ffe0cf76428-SJC cf-cache-status MISS cache-control public, max-age=14400 expires Mon, 19 Aug 2024 02:13:14 GMT strict-transport-security max-age=31536000; includeSubDomains; preload vary Cookie, Accept-Encoding via 1.1 varnish, 1.1 varnish,...