The latest hot news is the budget telecoms provider in the UK "TalkTalk" and their latest (third this year) hack.
There are many excellent discussions on the whole thing from people such as Brian Krebs (http://krebsonsecurity.com/), Paul Moore (https://paul.reviews/) and of course Troy Hunt (http://www.troyhunt.com/) - although admittedly, most of the discussion has been on Twitter.
Sunday 25 October 2015
Sunday 11 October 2015
1Password - losing the battle
As I wrote yesterday, I am looking at bailing on LastPass.
I am still playing with 1Password, and becoming less and less impressed.
The sync via DropBox (which I was not impressed with having to use) is going slowly.
I thought "I'll use the 'WiFi-sync' option!" This uses (I found) Apple's "Bonjour" service - which I had to download and install, restarted 1Password on WinOS, started the WiFiSync - and it gave me a magic number and instructions to start the client on the mobile device.
Guess what?!
The Android version doesn't have the WiFi Sync option.
AAARRRRGGGGHHHHH!!!!!
So, Bonjour was quickly uninstalled (and maybe I should wash my computer - it's all dirty now ;)
I will keep the sync running until tomorrow (currently about 190 items out of just over 1100) and see if we can evaluate it running on the mobile. But once again, MacOS coders seem to see other systems as "second class" citizens.
The Open Source solution(s) are more and more appealing - at least I can be confident that it will run on _all_ my systems.
I am still playing with 1Password, and becoming less and less impressed.
The sync via DropBox (which I was not impressed with having to use) is going slowly.
I thought "I'll use the 'WiFi-sync' option!" This uses (I found) Apple's "Bonjour" service - which I had to download and install, restarted 1Password on WinOS, started the WiFiSync - and it gave me a magic number and instructions to start the client on the mobile device.
Guess what?!
The Android version doesn't have the WiFi Sync option.
AAARRRRGGGGHHHHH!!!!!
So, Bonjour was quickly uninstalled (and maybe I should wash my computer - it's all dirty now ;)
I will keep the sync running until tomorrow (currently about 190 items out of just over 1100) and see if we can evaluate it running on the mobile. But once again, MacOS coders seem to see other systems as "second class" citizens.
The Open Source solution(s) are more and more appealing - at least I can be confident that it will run on _all_ my systems.
Saturday 10 October 2015
Password Managers
Over the past couple of years I have been using a Password Manager called "LastPass". I have been extremely happy with the product, and when they bought Xmarks (bookmarks sync tool) I was even happier :) So much so, I signed up for an annual subscription to enable it on my Droid.
Access to my passwords - most of which I can't remember (and have no need to) - wherever I am, and all for a reasonable annual fee.
If you want to know more about Password Manager's, Troy Hunt has a blog post from 2011 covering the whole thing much better than I titled "The only secure password is the one you can’t remember".
So, back to today - as I mentioned, LastPass - very happy camper.
Until today.
Access to my passwords - most of which I can't remember (and have no need to) - wherever I am, and all for a reasonable annual fee.
If you want to know more about Password Manager's, Troy Hunt has a blog post from 2011 covering the whole thing much better than I titled "The only secure password is the one you can’t remember".
So, back to today - as I mentioned, LastPass - very happy camper.
Until today.
Monday 5 October 2015
ch...ch...changes...
Change - a part of life. (and then I hear Marvin saying "Life... don't talk to me about life.")
Currently at work there is a process being called "Change Management". In the past I've been through something called "Transitioning", or "Reorganisation", or "Outsourcing" and several other waffly feel-good phrases for what used to be called in a more honest time "Redundancy". i.e. "we don't need / want you anymore."
I've been through at least 4 of these in my career in Information Systems / Technology, and each time God has provided.
Looking around at the workplace as it now is, some 14 (nearly 15) years after I first signed up, I am wondering if I really want to stay. As a result, I am re-evaluating my career direction over the next couple of decades. Ultimately, I think I would like to be a Counsellor, but the reality is that it won't pay the bills I currently have. A nice "retirement" earner, but not really a "full time paying" job - or at least, not the way I want to do it.
So the near-term plan. Initially, if I survive the "Change Management" process (and I am not sure I want to!) I will be doing more of a "work to rule" to free up some time for my career development.
As those who know me will know my passion (in the technical space) is "Web Application Security". And thus it seems wise to start switching the time, effort and energy I use as unpaid overtime to my current workplace to ramping up my knowledge and skills in WebAppSec.
Currently, I will admit, I am like a kiddie (but not a "script-kiddie", or maybe I am) paddling on the shore of the ocean. It is time I learned to surf - metaphorically.
My plan of attack is:
Something I should also start doing is more tutorial videos. Of course, I am torn between my deep desire to make this available for free, and getting some extra coin to accelerate my ultimate goal ;)
It is going to be an interesting ride whichever way I go :D
Currently at work there is a process being called "Change Management". In the past I've been through something called "Transitioning", or "Reorganisation", or "Outsourcing" and several other waffly feel-good phrases for what used to be called in a more honest time "Redundancy". i.e. "we don't need / want you anymore."
I've been through at least 4 of these in my career in Information Systems / Technology, and each time God has provided.
Looking around at the workplace as it now is, some 14 (nearly 15) years after I first signed up, I am wondering if I really want to stay. As a result, I am re-evaluating my career direction over the next couple of decades. Ultimately, I think I would like to be a Counsellor, but the reality is that it won't pay the bills I currently have. A nice "retirement" earner, but not really a "full time paying" job - or at least, not the way I want to do it.
So the near-term plan. Initially, if I survive the "Change Management" process (and I am not sure I want to!) I will be doing more of a "work to rule" to free up some time for my career development.
As those who know me will know my passion (in the technical space) is "Web Application Security". And thus it seems wise to start switching the time, effort and energy I use as unpaid overtime to my current workplace to ramping up my knowledge and skills in WebAppSec.
Currently, I will admit, I am like a kiddie (but not a "script-kiddie", or maybe I am) paddling on the shore of the ocean. It is time I learned to surf - metaphorically.
My plan of attack is:
- ask someone to be a "mentor" - I know who I would like to be my mentor, I just need to approach them
- work towards some Industry Certifications - specifically the "CompTIA Security+" (which I think I already have enough knowledge to pass) and then something like the "GIAC Web Application Penetration Tester" or some thing similar
- sell my body (and knowledge and skills) to whoever will pay for it :)
Something I should also start doing is more tutorial videos. Of course, I am torn between my deep desire to make this available for free, and getting some extra coin to accelerate my ultimate goal ;)
It is going to be an interesting ride whichever way I go :D
Subscribe to:
Posts (Atom)