Credential Security …again

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.

Don't put all your (credential) eggs into one basket
Don’t put all your (credential) eggs into one basket

It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.

For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

Continue reading “Credential Security …again”

This is water

A bit of a deviation from my standard fare of techy news and opinion, but I’m bundling this under “Community & Social” – I think it fits well.


This video gave me pause for thought…
It’s a well produced, visually engaging excerpt from an address to graduates in 2005 by novelist David Foster Wallace. Sadly, this man took his own life in 2008 after struggling with depression for many years.

Watch this. Listen to the message. See if you can use it in your life.

The full address can be found here:

Hat Tip to my former colleague Curtis – thank you for sharing.

Standing on the Wall

Image Credit: US Army / Flickr (CC: by)Today I was discussing the recent work by the New Zealand Police in bring a number of people up on charges for their part in an international pedophile ring. While I’ll save you from the details (you can do your own reading using this article as a starting point), some of the alleged offenses are pretty horrific. Suffice it to say, the conversation quickly turned to how soul-destroying it must be for the OCEANZ team and organisations such as ECPAT. Continue reading “Standing on the Wall”

Technology and Recreation – a recipie for AWESOME

For gadget geeks like myself, there’s always been an opportunity to mix technology with what we do when AFK (away from keyboard).

My first heart monitor watch *had* to be imported because no one in this country was selling the IR receiver (connecting through a DB9 (serial) cable no less.. for the more normal, serial cables were “how things were done” before the simplicity of USB arrived). Continue reading “Technology and Recreation – a recipie for AWESOME”

Social Scams and Why They Work

Over the last week, as New Zealanders begin to change their jandals (flip-flops / thongs) for shoes, I’ve noted a significant increase in the number of “warnings” being posted in my social network feeds. This is not uncommon and it’s not unique only to my network of contacts as these articles point out.

Scam ImageNow, for the most part, folks in my social stream tend to only get caught on an infrequent basis by these messages. I do my best to flick a link back if it’s an obvious hoax, as do others who we share as common contacts. I have been caught myself and have more than once shared something which, if I’d relied on more than wishful thinking, would/should have been filtered out.

So – why do these attacks work, why do the hoaxes perpetuate, and what can we do as a community to reduce our chances of passing on misinformation to our networks?

The simple answer is diligence. Continue reading “Social Scams and Why They Work”

Expiring Passwords

Image Credit: Louise Docker / Flickr (CC:by)Today there was a question pitched by one of the guys at work as to why we bother having such things as a password expiry / enforced change. My answer (in true Rob fashion), rambled a little (ok, a lot) but I’ve consolidated it below and made it generic to suit anyone facing the same line of questioning…

The reason passwords are set to expire, is it limits the exposure of compromised credentials. Continue reading “Expiring Passwords”

ASUS Garmin A10

I got one of these phones when they first came out – they were pretty awesome back then, however over time they have been orphaned on older, vulnerable iterations of Android and they simply don’t have what it takes to be a primary device any longer.

Because of this – I’m currently looking to root the phone and install upon it a modified ROM which will give me *just* what I need to turn this into a useful device for sitting in the car.

I got one of these phones when they first came out – they were pretty awesome back then, however over time they have been orphaned on older, vulnerable iterations of Android and they simply don’t have what it takes to be a primary device any longer.

Because of this – I’m currently looking to root the phone and install upon it a modified ROM which will give me *just* what I need to turn this into a useful device for sitting in the car.

Step #1 – Hard Reset to Factory Defaults.

  • Turn the phone OFF
  • While holding the volume UP button, press and HOLD the power button
  • Keep holding the buttons until ‘Clear User Data’ is displayed in text on the phone’s screen.

The phone will continue to boot after factory resetting the device (note, items on the Micro SD card will NOT be affected – you would need to reformat that independently yourself.

Step #2 – Find a ROM.

  • The new firmware needs to enable the more recent features of Android without overtaxing the processing power or battery capacity of the aging device…
  • Suggestions?

Authenticating Users – The Struggle to Raise the Bar

Photo Credit: Ibrahim Asad / Flickr (CC: by)Interesting quote from an article that I was reading this morning:

“When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. […] Spooner notes that some patients have complained that the authentication method for its patient portal is cumbersome.”

It’s not the fault of the user, they’ve not been educated as to why the bar should be higher (and they don’t necessarily understand the potential consequence of a low bar). It’s not the fault of the business, after all things have been “good enough so far” so why spend money changing something that doesn’t look like it’s broken?

It’s (almost) nice to know there are others struggling with the balance between usability, user acceptance, funding and the changing landscape of threat.

Interesting developments in the connectivity world…

Photo Credit: Gloria Garcia / Flickr (CC: by-nc-nd)The Australian Government has just dropped the ban hammer on Chinese Telecommunications equipment company Huawei and it’s going to be interesting to see how this plays out across the Tasman here in New Zealand…

Given the traditional “copy our West Island cousins” approach versus the “but they’re part of a free trade agreement” view of China (as of 30 minutes ago, the Prime Minister was still comfortable) – Government backed Kordia has an agreement with Huawei Marine for additional cable connectivity to the intertubes  however, that cable touches down in Sydney so is the connectivity now off the table?

Huawei already has a foot in the door through agreements with Enable Networks in Christchurch and the middle of the North Island

/popcorn

Going Dark…

You may have noticed that I took the main page of this site offline yesterday and replaced it with this one as part of the Anti-SOPA protest… this post is not related to that action.

Going DarkFollowing a conversation yesterday, the social networks, communities and “non-standard” contact channels that I am active in will now see me “going dark” during working hours (NZDST – currently GMT +13).

This means I will be missing many of the conversations I would otherwise have been able to engage in, commentary directed at me will no longer be addressed in a timely manner, and, essentially, I will become a lot quieter on the subjects that I have previously been active on.

It doesn’t mean I’m dead, it doesn’t mean that I no longer care, it doesn’t mean I’ll be dropping the activities that I believe I can make a difference in – it simply means I won’t be ‘available’ from 08:00 – 19:00, Monday – Friday NZ Time and I will no longer be available for assistance or to be involved in conversations during this time period.

The reasons for this action are purely for perception management and to not disadvantage those with whom I work.

Essentially, there are folk in boxes higher up on our corporate HR chart who have set particular measurements by which my team, and I as an individual, are judged. It has been suggested therefore, that I stick solely to areas of work that the group to which our team now reports is responsible for, rather than continue to be involved across the business as I have previously been engaged. While my day to day responsibilities have never suffered through my extra-curricular involvements, I have a moral responsibility to my team. I need to do what I can to ensure that the handful of measures by which we are judged are addressed as effectively as possible, and any perceptions of ‘distraction’ are eliminated.
While I am more than happy to discuss what I do with anyone who believes I’m operating outside of my mandate, I cannot put the team in a position where they may be affected by my wider activities.

Can you help me manage the transition? Absolutely you can, please make sure you tag me in conversations where I’ve previously waded in, or on subjects that you know I have a particular soapbox.
I’m going to do my best to catch-up with the wider world after the kids are in bed and while I’m in transit to and from work – and we’ll review the whole thing at the end of February.

This is NZRob – not over, and not out.