Rob the Geek

Tag: Security

  • XBox Live via an OpenWRT router

    One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router. The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, […]

  • Credential Security …again

    So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use. For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

  • Social Scams and Why They Work

    Over the last week, as New Zealanders begin to change their jandals (flip-flops / thongs) for shoes, I’ve noted a significant increase in the number of “warnings” being posted in my social network feeds. This is not uncommon and it’s not unique only to my network of contacts as these articles point out. Now, for […]

  • Expiring Passwords

    Today there was a question pitched by one of the guys at work as to why we bother having such things as a password expiry / enforced change. My answer (in true Rob fashion), rambled a little (ok, a lot) but I’ve consolidated it below and made it generic to suit anyone facing the same […]

  • Authenticating Users – The Struggle to Raise the Bar

    Interesting quote from an article that I was reading this morning: “When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. […] Spooner notes that some patients have complained that the authentication method for its […]

  • Tabnabbing – An Even More Evil Phishing Attack

    Wow – I’ve just finished reading a recent blog post by Aza Raskin (creative lead for Firefox) and he presents an interesting new phishing attack vector for us to be(a)ware of, that of ‘Tabnabbing’. For many of us, phishing attempts, (that is – attempts by ‘evil’ sites or emails to pretend they are from legitimate […]

  • spyPhone or iPhone?

    I’ve just finished reading this interesting article on an iPhone vulnerability which (could) propagate via SMS messaging and is due to be revealed at Black Hat in Las Vegas on Thursday (US time). While currently unpatched, I imagine it’s got the attention of the team at Apple (though they haven’t responded – yet) so, in […]

  • Can Security Policy live in a Business World?

    I’ve had a couple of decent articles come through my various feeds this morning in regards to IT Security and how companies are gaining traction for the acceptance and adoption of policies.

  • Tanking Twimailer (and Trying Topify)

    Yesterday Alain E. posted the following comment on my Twimailer article It is like Topify.com before less interesting. And in addition their twitter account is not even working. I personnally tried both and prefer Topify (first because their have a much nicer site) because their emails are better and allow follow back right from the […]

  • Security Companies on Twitter

    Since moving from the R&D field into the amorphous world of IT security, I’ve been trawling the web to find good resources to add to my list of feeds and help me learn more about what we do as a collective, and how those stories are sold to the non-security folk. It was with some […]