PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST

So, a friend* of mine asked me yesterday, (following my posting of an article), what I thought of a particular password manager – I obviously wanted to answer her question. I then decided that since I was in for a penny, I might as well be in for a pound and here we are, (hopefully) fixing my response, and posting it in a more readable format.
The status post that launched a thousand words...
The status post that launched a thousand words…

TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.

Continue reading “PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST”

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”

Managing Behaviour & Technology – A Night with NEAL

Managing Technology
Image Credit: IBoomMedia/Flickr CC: by-nc-sa

I’ve just arrived back from an evening session on “Managing Technology and Behaviour @ Home” run by Andrew Cowie, Heather Eccles and Alan Curtis from NEAL (Northern Education Access Loop).

I surprised myself by enjoying the session, it wasn’t that I personally learned anything technical, it was all about the presentation of the material which was simply outstanding.


Continue reading “Managing Behaviour & Technology – A Night with NEAL”

Credential Security …again

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.

Don't put all your (credential) eggs into one basket
Don’t put all your (credential) eggs into one basket

It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.

For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

Continue reading “Credential Security …again”

This is water

A bit of a deviation from my standard fare of techy news and opinion, but I’m bundling this under “Community & Social” – I think it fits well.


This video gave me pause for thought…
It’s a well produced, visually engaging excerpt from an address to graduates in 2005 by novelist David Foster Wallace. Sadly, this man took his own life in 2008 after struggling with depression for many years.

Watch this. Listen to the message. See if you can use it in your life.

The full address can be found here:

Hat Tip to my former colleague Curtis – thank you for sharing.

Standing on the Wall

Image Credit: US Army / Flickr (CC: by)Today I was discussing the recent work by the New Zealand Police in bring a number of people up on charges for their part in an international pedophile ring. While I’ll save you from the details (you can do your own reading using this article as a starting point), some of the alleged offenses are pretty horrific. Suffice it to say, the conversation quickly turned to how soul-destroying it must be for the OCEANZ team and organisations such as ECPAT. Continue reading “Standing on the Wall”

Social Scams and Why They Work

Over the last week, as New Zealanders begin to change their jandals (flip-flops / thongs) for shoes, I’ve noted a significant increase in the number of “warnings” being posted in my social network feeds. This is not uncommon and it’s not unique only to my network of contacts as these articles point out.

Scam ImageNow, for the most part, folks in my social stream tend to only get caught on an infrequent basis by these messages. I do my best to flick a link back if it’s an obvious hoax, as do others who we share as common contacts. I have been caught myself and have more than once shared something which, if I’d relied on more than wishful thinking, would/should have been filtered out.

So – why do these attacks work, why do the hoaxes perpetuate, and what can we do as a community to reduce our chances of passing on misinformation to our networks?

The simple answer is diligence. Continue reading “Social Scams and Why They Work”

Expiring Passwords

Image Credit: Louise Docker / Flickr (CC:by)Today there was a question pitched by one of the guys at work as to why we bother having such things as a password expiry / enforced change. My answer (in true Rob fashion), rambled a little (ok, a lot) but I’ve consolidated it below and made it generic to suit anyone facing the same line of questioning…

The reason passwords are set to expire, is it limits the exposure of compromised credentials. Continue reading “Expiring Passwords”

Authenticating Users – The Struggle to Raise the Bar

Photo Credit: Ibrahim Asad / Flickr (CC: by)Interesting quote from an article that I was reading this morning:

“When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. […] Spooner notes that some patients have complained that the authentication method for its patient portal is cumbersome.”

It’s not the fault of the user, they’ve not been educated as to why the bar should be higher (and they don’t necessarily understand the potential consequence of a low bar). It’s not the fault of the business, after all things have been “good enough so far” so why spend money changing something that doesn’t look like it’s broken?

It’s (almost) nice to know there are others struggling with the balance between usability, user acceptance, funding and the changing landscape of threat.

Interesting developments in the connectivity world…

Photo Credit: Gloria Garcia / Flickr (CC: by-nc-nd)The Australian Government has just dropped the ban hammer on Chinese Telecommunications equipment company Huawei and it’s going to be interesting to see how this plays out across the Tasman here in New Zealand…

Given the traditional “copy our West Island cousins” approach versus the “but they’re part of a free trade agreement” view of China (as of 30 minutes ago, the Prime Minister was still comfortable) – Government backed Kordia has an agreement with Huawei Marine for additional cable connectivity to the intertubes  however, that cable touches down in Sydney so is the connectivity now off the table?

Huawei already has a foot in the door through agreements with Enable Networks in Christchurch and the middle of the North Island

/popcorn