XBox Live via an OpenWRT router
One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router. The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, […]
Credential Security …again
So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use. For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.
Today there was a question pitched by one of the guys at work as to why we bother having such things as a password expiry / enforced change. My answer (in true Rob fashion), rambled a little (ok, a lot) but I’ve consolidated it below and made it generic to suit anyone facing the same […]
Authenticating Users – The Struggle to Raise the Bar
Interesting quote from an article that I was reading this morning: “When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. [â€¦] Spooner notes that some patients have complained that the authentication method for its […]
Tabnabbing – An Even More Evil Phishing Attack
Wow – I’ve just finished reading a recent blog post by Aza Raskin (creative lead for Firefox) and he presents an interesting new phishing attack vector for us to be(a)ware of, that of ‘Tabnabbing’. For many of us, phishing attempts, (that is – attempts by ‘evil’ sites or emails to pretend they are from legitimate […]
spyPhone or iPhone?
I’ve just finished reading this interesting article on an iPhone vulnerability which (could) propagate via SMS messaging and is due to be revealed at Black Hat in Las Vegas on Thursday (US time). While currently unpatched, I imagine it’s got the attention of the team at Apple (though they haven’t responded – yet) so, in […]