So, a friend* of mine asked me yesterday, (following my posting of an article), what I thought of a particular password manager – I obviously wanted to answer her question. I then decided that since I was in for a penny, I might as well be in for a pound and here we are, (hopefully) fixing my response, and posting it in a more readable format.
The status post that launched a thousand words…
TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.
The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.
TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.
The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”
I’ve just arrived back from an evening session on “Managing Technology and Behaviour @ Home” run by Andrew Cowie, Heather Eccles and Alan Curtis from NEAL (Northern Education Access Loop).
I surprised myself by enjoying the session, it wasn’t that I personally learned anything technical, it was all about the presentation of the material which was simply outstanding.
So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.
So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
Don’t put all your (credential) eggs into one basket
It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.
A bit of a deviation from my standard fare of techy news and opinion, but I’m bundling this under “Community & Social” – I think it fits well.
This video gave me pause for thought…
It’s a well produced, visually engaging excerpt from an address to graduates in 2005 by novelist David Foster Wallace. Sadly, this man took his own life in 2008 after struggling with depression for many years.
Watch this. Listen to the message. See if you can use it in your life.
Today I was discussing the recent work by the New Zealand Police in bring a number of people up on charges for their part in an international pedophile ring. While I’ll save you from the details (you can do your own reading using this article as a starting point), some of the alleged offenses are pretty horrific. Suffice it to say, the conversation quickly turned to how soul-destroying it must be for the OCEANZ team and organisations such as ECPAT. Continue reading “Standing on the Wall”
Over the last week, as New Zealanders begin to change their jandals (flip-flops / thongs) for shoes, I’ve noted a significant increase in the number of “warnings” being posted in my social network feeds. This is not uncommon and it’s not unique only to my network of contacts as thesearticlespoint out.
Now, for the most part, folks in my social stream tend to only get caught on an infrequent basis by these messages. I do my best to flick a link back if it’s an obvious hoax, as do others who we share as common contacts. I have been caught myself and have more than once shared something which, if I’d relied on more than wishful thinking, would/should have been filtered out.
Today there was a question pitched by one of the guys at work as to why we bother having such things as a password expiry / enforced change. My answer (in true Rob fashion), rambled a little (ok, a lot) but I’ve consolidated it below and made it generic to suit anyone facing the same line of questioning…
Interesting quote from an article that I was reading this morning:
“When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. […] Spooner notes that some patients have complained that the authentication method for its patient portal is cumbersome.”
It’s not the fault of the user, they’ve not been educated as to why the bar should be higher (and they don’t necessarily understand the potential consequence of a low bar). It’s not the fault of the business, after all things have been “good enough so far” so why spend money changing something that doesn’t look like it’s broken?
It’s (almost) nice to know there are others struggling with the balance between usability, user acceptance, funding and the changing landscape of threat.
The Australian Government has just dropped the ban hammer on Chinese Telecommunications equipment company Huawei and it’s going to be interesting to see how this plays out across the Tasman here in New Zealand…