Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Sunday, January 26, 2014

Worst Passwords

Here are the worst passwords of 2013.

I should be safe. Mine is:


Friday, January 10, 2014

Internet of Things and Security

I've seen several articles about the Internet of Things (IoT) being big in 2014. I am, in general a fan of the advantages of connected devices and the cloud, but I'm not unaware of the problems.

Bruce talks about the security issues of the IoT and routers:
"And the Internet of Things will only make this problem worse, as the Internet -- as well as our homes and bodies -- becomes flooded with new embedded devices that will be equally poorly maintained and unpatchable. But routers and modems pose a particular problem, because they're: (1) between users and the Internet, so turning them off is increasingly not an option; (2) more powerful and more general in function than other embedded devices; (3) the one 24/7 computing device in the house, and are a natural place for lots of new features."
Hans pointed out an example of a security issue on my post about the WRT54G router.

Part of my hope is that companies will take this issues more seriously. Security should be planned just as any other requirement for the application or tool. The market should severely punish companies like SnapChat that approach security issues with arrogance. And Nest had a painful, confusing experience when some of their smart/connected thermostat users were left without heat. I'm sure it will get worse before it gets better, but like given time I expect these devices will mature... or we will quit using them. At least the ones we have a choice in.

And maybe I don't want my toothbrush connected after all.

Thursday, July 18, 2013

Dead Man's Switch

Schneier points out that is works both ways for Snowden:
"I'm not sure he's thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it's important to keep all of them in mind when designing a security system."

Thursday, July 11, 2013

Tactical Helmets

Since I have an account at at AliExpress, I get e-mails with suggestions of things I might also like. For example, this tactical helmet ($41) for operators operating in operations on a tight budget.

Friday, June 28, 2013

Ham Radio Encryption

I'm guessing many of you have seen the proposal to allow encryption on the ham bands under certain circumstances. They (Bruce, Bob, Hans) are agin it. I'm fer it - but only if we use ROT26 for the encryption.

I use ROT13 for all my sensitive information.

Or fher gb qevax lbhe Binygvar

Saturday, June 8, 2013

Two Factor

Doing a little house cleaning and just added two-factor authentication to Facebook and Twitter. I had already done it with Google and Dropbox.

Better than nothing even if it won't keep everyone out of my business.

Thursday, June 6, 2013


From an unsolicited commercial e-mail...
"Are you concerned with the recent hacking of City Databases"
Yes. So concerned in fact, that I am willing to jump into the arms of the first company that e-mails me with a solution. It doesn't matter the cost. It doesn't matter that I've never heard of you before today. And it doesn't matter that your lack of punctuation and odd capitalization is off putting.

Okay, maybe I am not that concerned after all.

Friday, May 10, 2013

No Radio News

Nothing in the radio world is inspiring me at the moment, so you get this...

Game of Thrones character name is the fastest growing baby name - Arya.

A geography game using Google Street View - GeoGuessr.

Download your 3-D gun plans - at Joe Huffman's place.

The truth about IT people - Google Skills.

Say Uncle's worst nightmare - Unstoppable.

Ellen does security - Password Minder.

Almost radio related - DIY AUX port.

Baofeng, but still not a radio.

HP rep, in talking about new side docking stations for their laptops, described it as looking like a credit card imprint machine. If I was any younger, I probably would not know what she is talking about.

A weeks worth of groceries from around the world.

A split-screen interview - because we can!

Because I have the sense of humor of a 12 year-old: ship my pants!

Monday, March 25, 2013

Apple Two-Factor Authentication

I've started the process to enable it on my account. If you have an Apple ID, you should consider it, too.

Apple ID: Frequently asked questions about two-step verification for Apple ID

I also don't keep a credit card on file with them. I get gift cards and just add them as I run out of money.

Monday, March 11, 2013

Friday, January 25, 2013

On-Line Banking PSA

Here is my public service announcement for the week: Tips for Safer Internet Banking. Some good tips like using the mobile apps. I use the mobile app for my bank, but primarily for the convenience -  I hate driving to  the bank to deposit a $32 check. Extra security is a bonus!

Wednesday, October 24, 2012


I agree they are getting more aggressive - aggressive with the people they are supposed to protect.

I've had run-ins with the TSA before (and another thing about that encounter).

I had another discussion with them this week. My daughter was sick when we left Knoxville for the happiest place on earth, so we had her digital thermometer in a carry-on. No issues when going through security in Knoxville - in fact, we got to go through the metal detector instead of the cancer machine. Win!

On the return, my wife and daughter got to go through the metal detector, so I asked if I could go through, too. Surprisingly, they let me. No fuss. So far, so good. (In fact, on the way to Orlando, I got to meet Jessie Godderz of Big Brother fame aka Mr. PEC-Tacular.)

However, the aforementioned digital thermometer got flagged in the x-ray machine because it had a nine volt battery in it. They asked whose bag it was, so I pointed to the three year old. The TSA agent took the backpack to a metal table to do the search. He asked if there was a battery in the bag. We said yes and that it was in a digital thermometer. He could not find said thermometer in the bag and my wife kept reaching to help him. This seemed to annoy him as we were not supposed to touch the bag.

During the search, I don't remember what he said, but something set me off, so I started my usual speech about my tax dollars at work and security theater. This really got his knickers in a knot. After finally finding the "hidden" thermometer, he took the bag to be re-scanned. While he was there, he must have asked for a supervisor to talk with the grumpy old white man.

The supervisor asked me if I had a problem with them searching my bag. I said I had a problem with the inconsistency - that the thermometer had not been a problem at the other airport. She said I should be glad that they found it here to keep me safe. What?!?! I should be glad you found a thermometer?!?! These people have no concept that false-positives are a bad thing, too. She was quite aggressive in her tone and insisted that I was in the wrong.

My wife got nervous and asked me to drop it.

The original agent held out the bag to me, but would not let go. I truly believe that he was hoping I would jerk it out of his hand, so that they could give me an even harder time. Finally, he let go and we moved on to our flight.

I cannot believe so many people are happy with the TSA as stated in the first link of this post. Security theater is better than reality.

Wednesday, June 20, 2012

Swiss Defense

Very interesting... A book about the Swiss infrastructure and their plans to destroy bridges and close tunnels as a component of national defense. Comments on the BLDG Blog and on Bruce Schneier's blog indicate that some of the information is dated, but I still find the concept fascinating. I also learned that one of my favorite treats can also be used to stop tank invasions.

Via Bruce Schneier

Tuesday, March 27, 2012

KF9ZA - Hide your Mobile

A neat idea to hide a mobile radio head unit in your car:

Protect Your Ham Radio From Theft With Kleenex Box Security - By Steve, KF9ZA 

This would be a lot better than the hat I might throw on top of it.

Tuesday, March 20, 2012

All Your Device Are Belong to Us

There isn't a ton of technical details to be had in the presentation, but it seems too easy for all of these devices to be hacked/disrupted. I agree that a better user interface on the P25 radio might solve the encryption problem, but I still think people will be one of the weakest links.


(All Your Device Are Belong to US is a reference to this.)

Monday, January 16, 2012

2-Step Verification for Google

After reading this and confirming that Eric Schmidt is not in my friend list on Facebook, I have activated the two step authentication for my Google accounts. Now logging in requires two factors - something I know (the password) and something I have (my mobile phone). You can register a computer for 30 days, so you don't have to repeat the process all the time.

It is not too intrusive on the main Google pages, but not all of their apps are configured to require the code from your mobile phone. In those cases, Google creates a special, complex password that you must use.

I just cannot imaging losing all the work from the past year. I have been doing the poor man's backup, but I was sending to the Gmail account that is tied to the blog. I even commented then that might not be the best strategy. I'm off to change that now.

Saturday, December 3, 2011

Advanced Persistent Threat (APT)

Bruce Schneier on the Advanced Persistent Threat (APT) concept in his Crypto-Gram Newsletter:
"It highlights an important characteristic of a particular sort of Internet attacker.
A conventional hacker or criminal isn't interested in any particular target. He wants a thousand credit card numbers for fraud, or to break into an account and turn it into a zombie, or whatever. Security against this sort of attacker is relative; as long as you're more secure than almost everyone else, the attackers will go after other people, not you. An APT is different; it's an attacker who -- for whatever reason -- wants to attack you. Against this sort of attacker, the absolute level of your security is what's important. It doesn't matter how secure you are compared to your peers; all that matters is whether you're secure enough to keep him out.
APT attackers are more highly motivated. They're likely to be better skilled, better funded, and more patient. They're likely to try several different avenues of attack. And they're much more likely to succeed."  

Monday, November 7, 2011

Ninja Librarians

My worst nightmare... government ninja librarians. I would have said zombies, but they have jumped the shark.