Archive for the ‘Security’ Category

Sneak peek

In the past few days the tech community has gone into a panic over a discovery that computers have been vulnerable to a specific kind of attack for over 20 years. Despite being present for a very long time, it would seem that nobody has exploited the vulnerability. The details are complicated, but let’s consider a part of their discovery in more simple terms:

The problem is in the processor (CPU), the thing that does calculations using information in the computer’s main memory (RAM). Decades ago, CPU designers from companies like Intel, AMD and others, decided that they could speed up a computer if they could get it to do some calculations ahead of time, even if the results of [click title to read more…]

Front doors

We’ve all heard of “back door” access. This refers to a situation where some kind of access to the system is available that does not go through the normal procedures, and is sometimes present during the early stages of development to provide convenient and efficient ways to interact with a partially complete system.

Obviously, it is essential that the final version of the solution is built without these back doors present, otherwise you have a major hole in your security.

Then there is the front door, and that will be present in the final version you put into the hands of your customers.

During development it is tempting to make the front door as “convenient” as the back door, just [click title to read more…]

Bleeding hearts

It’s the first weekend after the announcement of CVE-2014-0160, aka “Heartbleed” and if you were to believe even a small fraction of what’s been written about it you’d think the world had come to an end. There’s a lot of nonsense. A lot of dumbed-down explanations seem to add more confusion (Randall Munroe’s angle is a notable exception). The detailed investigations will be read by many, but only understood properly by those who already understand.

As a consequence of this bug I’ve been particularly busy with many of the systems around the world in which I have a role (always behind the scenes). All is a bit quieter now, so I’ve had a chance to peruse what has been written, [click title to read more…]

Password recipe

Password creating tips you should not use (because the hackers already know about them):

  • Replace letters with numbers that have a similar shape. Like E becomes 3.
  • Use “CamelCase”.
  • Add 123 to the end.
  • Use your name twice: FredFred…
  • … or backwards: Dref
  • Start with a digit.
  • Put a space at the end.
  • Use a random password generator.

Don’t agree with the last one? In my experience, the more random and/or long the password becomes, the greater the chance that the user will write it down somewhere. Perhaps even in a file on a related computer, which makes it vulnerable.

A good password will be a little random and not too long, and preferably will have nothing to do [click title to read more…]

My information

There’s been a lot of talk recently about privacy and the right to access personal information for “new” purposes, mainly in connection with new taxes that will require a census of home ownership, which some are proposing be based on data from utility bills. The information held by the utility companies was given to them to facilitate the payment of utility bills, not the gathering of unrelated taxes. People are a little concerned. The Data Protection Commissioner is echoing that concern.

So in what way can we consider certain facts to belong to us? It’s easy enough to understand that one’s thoughts and opinions are “owned”, and perhaps the derivatives of these (e.g. artistic works) could also be owned. But [click title to read more…]