Scott Helme

@[email protected]
385 Followers
1 Following
62 Posts
Hacker, researcher, builder of things. Founded
securityheaders.com and report-uri.com, Pluralsight author, BBC hacker in residence, award winning entrepreneur. Likes cars.
Show threadScott Helme2d ago

@tdp_org πŸ˜‡πŸ˜‡πŸ˜‡

No idea what you mean... πŸ˜‚

Scott Helme2d ago

We're starting to see some really positive results with more customers using our CSP Integrity feature!

https://scotthelme.co.uk/leverage-our-treasure-trove-of-threat-intelligence-data/

Leverage our treasure trove of Threat Intelligence data

We've been working on CSP Integrity for a little while now, and it was only announced in open beta back in September. Since then, as more of our customers start to use it, we've continued to improve it and observe the potentially huge benefits. CSP Integrity You can read the

Scott Helme
Scott Helme3d ago

The new reduced limit of 200 days validity for certificates landed over the weekend and, so far, all seems good!

https://scotthelme.co.uk/shorter-certificates-are-coming/

Shorter certificates are coming!

Well, I was certainly hoping for this result, but wasn't necessarily expecting it! I'm pleased to report that Ballot SC-081v3 passed, and that shorter certificate lifetimes are now coming! The Schedule I will go into more detail later in the post, but right now, let's cover the important details! Here

Scott Helme
Scott HelmeMar 5

Today is your last chance to catch us at NDC Security in Oslo! We’ve had a great week of workshops, talks and conversations at the booth. Stop by for a chat about my talk β€œYour website is running coe you’ve never seen!”

https://report-uri.com

Scott HelmeFeb 27

Big update from Report URI πŸš€

βœ… Report Sampling in Open Beta
βœ… Audit Trail in Open Beta
βœ… Alert thresholds for all Watch products
βœ… New Magecart case study
βœ… CSP Integrity webinar recording live
βœ… Find us at NDC Security Oslo 4–5 Mar, CyberUK Glasgow 21–23 Apr

https://blog.report-uri.com/newsletter-feb-2026/

Newsletter - Feb 2026

After kicking 2026 off with a pretty big update, we've continued to push forwards with a lot of work across the board at Report URI HQ.

Report URI Blog
Scott HelmeFeb 10

It should be a lot easier to manage your certificate renewals this year with the introduction of a new Domain Control Validation mechanism!

https://scotthelme.co.uk/dns-persist-01-handling-domain-control-validation-in-a-short-lived-certificate-world/

DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

This year, we have a new method for Domain Control Validation arriving called DNS-PERSIST-01. It is quite a fundamental change from how we do DCV now, so let's take a look at the benefits and the drawbacks. First, a quick recap When you approach a Certificate Authority, like Let's Encrypt,

Scott Helme
Scott HelmeFeb 2

The European Space Agency got hacked, and now we own the domain used!

Here's my blog post with details: https://scotthelme.co.uk/the-european-space-agency-got-hacked-and-now-we-own-the-domain-used/

And here's the domain if you want to try it, but I can't link it as it's flagged as malicious: esaspaceshop[.]pics

The European Space Agency got hacked, and now we own the domain used!

It's not often that two of my interests align so well, but we're talking about space rockets and cyber security! Whilst Magecart and Magecart-style attacks might not be the most common attack vector at the moment, they are still happening with worrying frequency, and they are still catching out some

Scott Helme
Scott HelmeJan 28

Eating Our Own Dogfood: What Running Report URI on Report URI Taught Us

https://scotthelme.co.uk/eating-our-own-dogfood-what-running-report-uri-on-report-uri-taught-us/

Eating Our Own Dogfood: What Running Report URI on Report URI Taught Us

Dogfooding is often talked about as a best practice, but I don't often see the results of such activities. For all new features introduced on Report URI, we are always the first to try them out and see how they work. In this post, we'll look at a few examples

Scott Helme
Scott HelmeJan 22
How screwed am I? It’s a Western Digital drive (WD7500BPVT) that seems to have a short when power is connected. The laptop won’t boot with the drive in. It seems component C52 is burnt/damaged on the PCB…
Scott HelmeJan 22
Conference swag coming in absolute clutch! Thanks for the emergency T6 @steel_con!! 🀩