Thursday, August 19, 2010
Succinctly put!
Just read a presentation that very succinctly put why I'm so pessimistic about security. Way too much press goes to the trivial, easy attacks with little to no sophistication. Ofcourse this by design as the professionals simply don't indulge in the type of behavior that makes script kiddies famous. About the only caveat I have to the presentation is that in most cases their success is predicated on one of two things, either having the talent in house to be able to break in, or access to specialized attack tool chains. It is possible, albeit not probable, that in some cases the in house talent might refuse (if they knew!) to break in on behalf of a nefarious entity. That's about the only hope you have against the real pro's.
Wednesday, August 18, 2010
Industrial Malware
I just read an article over at cnet about malware that is targeted at major industrial infrastructure. In summary there are now virii / malware that is automating attacks against specific things like Oil drilling platforms and the like. I wonder if governments (and major companies) will get to the state that the benefits of having major infrastructure on the net are outweighed by the negatives.
Thursday, August 12, 2010
Train Announcements
Living in the UK for 8 years, specifically London, opened my eyes to train announcements. In fact Londoners take great pride in the nature of the quirky announcements that happen on the Underground ( Living in Ealing we had a particular announcer that loved the sound of his own voice and used to regularly entertain the entire station with his antics.) and there are many sites around that list some of the antics. For the sake of those with some interest here's a link that contain a few amusing ones.
Now I'm back in Australia and I'm wondering how Cityrail can have mismanaged the trains infrastructure such that it is impossible to even hear the announcements. I'm currently catching trains for ~2 hours a day and so each day I'm in a position to hear various announcements, some of them important (it seems fairly commonplace for trains in Sydney to have their destinations changed mid-route so that if you don't hear the announcement you can often be caught out!) and yet without fail, I've been unable to hear any announcements clearly. It seems that there are a few problems. Firstly the speaker volume on most of the trains is set so low that you'd need a bionic ear to hear a thing. Secondly, there aren't enough speakers around, and so unless you're near one of the few that is in working order, you're just SOL. Finally it would appear that Cityrail need to invest some money in public speaking classes for their train drivers as the majority of them seem to be intimidated by using the speaker and invariably mumble, rush and shorten what they are trying to say in an effort to have it done as quickly as possible. In 2010, surrounded by technology with technology playing an ever increasing role in our lives it's a little disconcerting to see that in some area's we still can't even get the ~60 year old technology implementation right.
Now I'm back in Australia and I'm wondering how Cityrail can have mismanaged the trains infrastructure such that it is impossible to even hear the announcements. I'm currently catching trains for ~2 hours a day and so each day I'm in a position to hear various announcements, some of them important (it seems fairly commonplace for trains in Sydney to have their destinations changed mid-route so that if you don't hear the announcement you can often be caught out!) and yet without fail, I've been unable to hear any announcements clearly. It seems that there are a few problems. Firstly the speaker volume on most of the trains is set so low that you'd need a bionic ear to hear a thing. Secondly, there aren't enough speakers around, and so unless you're near one of the few that is in working order, you're just SOL. Finally it would appear that Cityrail need to invest some money in public speaking classes for their train drivers as the majority of them seem to be intimidated by using the speaker and invariably mumble, rush and shorten what they are trying to say in an effort to have it done as quickly as possible. In 2010, surrounded by technology with technology playing an ever increasing role in our lives it's a little disconcerting to see that in some area's we still can't even get the ~60 year old technology implementation right.
Friday, July 23, 2010
New beginnings and old problems
So it's been a while (again) since I wrote anything, and I felt that it was time that I had a look around at some of the other blogging software rather then continue to use the horrid wordpress that I had been running up till now. I've always been against using services on the net to host anything personal (i've always insisted on running my own email servers for example) but I've changed my mind when it comes to blogging. The main reason in this case is security, as trying to keep up with the slew of wordpress vulnerabilities was proving to be a full time job and one that I didn't have an interest in. On top of that, I'm a fan of googles work in a variety of area's and thought I'd give this a try, so here I am at my new blogging home on blogger.com. Hopefully the transition will be relatively transparent to most of you as I'll do a few technical things in the background.
I've been inspired to start writing again for a few reasons. Firstly I've just had about a year off from regular work and I'm feeling rested and fired up to get stuck into problems and generally start working again, which means that I start to think about more challenging things then "When will I get up?" and thus some of it might be of interest to a wider audience. The other reason is that a few friends are also starting to blog a bit and ask some questions that I have some interest in trying to answer, so the combination means I think I might, finally, start writing a bit more regularly again :)
Something I read recently amused me and served as a good example of what I've been warning my non technical friends about for years. I'm referring to the well publicized attack on twitter. This was something that passed my by until now because for starters I've been on sabbatical from all things security while I've been "off", and secondly because everytime I see the word "twitter" my mind tends to shut down and ignore everything it see's for the following 5 seconds. You could say I'm not really a big fan of the concept ;) Still I couldn't think of a better example as to why reusing the same passwords and security credentials across multiple sites is a bad idea then the linked article. If you want to avoid re-using credentials with your web related applications but don't trust your memory then consider the following steps.
Firstly go and get a decent password safe application. Once you've installed that, each time you are prompted for a password for an account somewhere, use the random generate password function and put that into the requested field. Now whenever you are prompted you can simply double click on the right entry in password save and it will then load the password into your copy and paste buffer for use.
Normally I wouldn't recommend the following, because it is a slight lessening of security, however, if you're using a lot of different accounts and you find it too onerous to use password safe to manage all of them, then try the following additional tip. Generally it's a bad idea to let your browser save passwords, however, if you have a mechanism of encrypting all of the passwords it saves, or it does it automatically for you like Firefox does, then configure a master password (using a random one from password safe) and let Firefox now save your password for each of the sites you go to. Now firefox will automatically fill in your username and password for any given site you go to, however, you will have some protection over the username and passwords being stored on your local computer (or where ever your firefox password repository resides).
I've been inspired to start writing again for a few reasons. Firstly I've just had about a year off from regular work and I'm feeling rested and fired up to get stuck into problems and generally start working again, which means that I start to think about more challenging things then "When will I get up?" and thus some of it might be of interest to a wider audience. The other reason is that a few friends are also starting to blog a bit and ask some questions that I have some interest in trying to answer, so the combination means I think I might, finally, start writing a bit more regularly again :)
Something I read recently amused me and served as a good example of what I've been warning my non technical friends about for years. I'm referring to the well publicized attack on twitter. This was something that passed my by until now because for starters I've been on sabbatical from all things security while I've been "off", and secondly because everytime I see the word "twitter" my mind tends to shut down and ignore everything it see's for the following 5 seconds. You could say I'm not really a big fan of the concept ;) Still I couldn't think of a better example as to why reusing the same passwords and security credentials across multiple sites is a bad idea then the linked article. If you want to avoid re-using credentials with your web related applications but don't trust your memory then consider the following steps.
Firstly go and get a decent password safe application. Once you've installed that, each time you are prompted for a password for an account somewhere, use the random generate password function and put that into the requested field. Now whenever you are prompted you can simply double click on the right entry in password save and it will then load the password into your copy and paste buffer for use.
Normally I wouldn't recommend the following, because it is a slight lessening of security, however, if you're using a lot of different accounts and you find it too onerous to use password safe to manage all of them, then try the following additional tip. Generally it's a bad idea to let your browser save passwords, however, if you have a mechanism of encrypting all of the passwords it saves, or it does it automatically for you like Firefox does, then configure a master password (using a random one from password safe) and let Firefox now save your password for each of the sites you go to. Now firefox will automatically fill in your username and password for any given site you go to, however, you will have some protection over the username and passwords being stored on your local computer (or where ever your firefox password repository resides).
Saturday, February 21, 2009
Writing - the return!
So another full year has passed and I note my previous decision to start to blog more frequently. Ofcourse equally obviously there hasn't been a post in that time frame, so much for good intentions.
This time around I'm not going to make any bold claims, but I'd like to get in the habit of writing an essay a month so I'll see if I can keep up with it. Perhaps sitting down and having to formulate an article or chain of thought will spur me on to write smaller snippets more suitable to a blog, we'll have to see.
This time around I'm not going to make any bold claims, but I'd like to get in the habit of writing an essay a month so I'll see if I can keep up with it. Perhaps sitting down and having to formulate an article or chain of thought will spur me on to write smaller snippets more suitable to a blog, we'll have to see.
Saturday, March 8, 2008
art
I stumbled across this article today. Definitely worth a read and it resonated very strongly with me. I can still remember arguing with my math teacher about the value of what we were being taught and how we were being taught. Actually I'd go so far as to say it sums up why I have a problem with our education system.
Friday, December 14, 2007
Upgrade path
As most technologist will tell you, the first thing to do when you get a new gadget is to upgrade it to the latest software and bios version. So this was in my mind when I recently upgraded my phone to a new Nokia 6500 classic. I promptly downloaded the software to manage the phone and at the same time downloaded the software to update the phone itself. I started off by transferring the phone numbers on my old phone to it's sim card, then i put the old sim card into the new phone and moved the numbers from the sim to the new phone. Then I put the new sim in my new phone and moved the numbers from the phone to the sim card. My idea being that I prefer the numbers on the sim card rather then the phone in case something happens to it (reasoning that it is more likely the phone would get broken then the sim card inside of it, besides I'd be able to put the sim card in another phone and still have access to my numbers). So there I was with my new sim card in my new phone with all my numbers on it. At this point I decided to back up my phone using the supplied software from nokia. That done, I decided to try and finally fix all the spelling mistakes in my address book and update some numbers. I was a bit annoyed to discover that while the software on my computer was able to manage other aspects of my new phone just fine, when it came to getting the numbers out of it and allowing me to edit them on the software on my computer, it just wasn't working. There appeared to be some bug, so before I started to try and solve that I decided to upgrade to the latest version. Big mistake.
I downloaded the new software for the new phone and updated it. I once again tried to manage the names and numbers in the phone with the software on my computer only to find that the bug had persisted and in fact got worse. Now instead of seeing maybe 25% of the numbers that were in the phone, I could see 2. I decided to try and create a new number and push it to the phone to see if that would help. I promptly added a number and asked it to synchronize. Just as promptly the phone deleted ALL numbers on the phone and synchronized the new number. Annoyed but not panicked, I thought I'd simply restore from backup all of my numbers, because I realized at this point that by moving the numbers off my old sim to the new phone I had ofcourse deleted them from the old sim. The only copy of my numbers now resided in my back up of the phones configuration. Well I'm sure you can guess what happened then. I restored from backup but the bug seemed to have taken residence in no uncertain fashion and ate all of the numbers. When it was done restoring I had 2 numbers in the phone. Thanks Nokia, thanks very much.
If you're reading this please drop me a line with your contact details because chances are I don't have them any longer.
I downloaded the new software for the new phone and updated it. I once again tried to manage the names and numbers in the phone with the software on my computer only to find that the bug had persisted and in fact got worse. Now instead of seeing maybe 25% of the numbers that were in the phone, I could see 2. I decided to try and create a new number and push it to the phone to see if that would help. I promptly added a number and asked it to synchronize. Just as promptly the phone deleted ALL numbers on the phone and synchronized the new number. Annoyed but not panicked, I thought I'd simply restore from backup all of my numbers, because I realized at this point that by moving the numbers off my old sim to the new phone I had ofcourse deleted them from the old sim. The only copy of my numbers now resided in my back up of the phones configuration. Well I'm sure you can guess what happened then. I restored from backup but the bug seemed to have taken residence in no uncertain fashion and ate all of the numbers. When it was done restoring I had 2 numbers in the phone. Thanks Nokia, thanks very much.
If you're reading this please drop me a line with your contact details because chances are I don't have them any longer.
Subscribe to:
Posts (Atom)