Wednesday, September 29, 2010

STARTTLS support in Hotmail/Gmail

(Response from Gmail / Hotmail when issuing the starttls command for SMTP)
Google improves security in their Google Mail (Gmail) service, adding OAuth and other security features. Microsoft with their Live Hotmail service is hot on heels, announcing new security features as well. However I do have a feature request for security, still not mentioned anywhere by neither one of them.

Monday, September 27, 2010

Playing passwords with Facebook

I've written about Facebook and their password policy back in january 2010, which got a good response from Matt Weir, whom I really respect and appreciate having discussions with. Looking over my older posts, i decided to have a new look to see if anything had changed, or if I missed something the first time. Obviously I've found something more to write about. :-)

Thanks to ISACA (still room for improvement though)

(Survey received from ISACA, also showing certain SMTP details)

On tuesday March 2, 2010, I published a blog post regarding a non-secure survey from ISACA. On tuesday September 21st, I received a new survey from ISACA, as the image above shows (slightly censored by me). To me it's important to both give and receive constructive feedback, good or bad. So here's to ISACA and Gary Bannister, THANK YOU!

Monday, September 20, 2010

Hvor er du?

(Her er jeg, rimelig nøyaktig, i det jeg skriver denne bloggposten)
Et spørsmål vi stiller stadig oftere. Hvor er du (akkurat nå)?
Jeg husker da jeg var noe yngre enn jeg er i dag - altså før mobiltelefonen fantes. Ja, jeg husker faktisk den dagen det kom en mann på døren fra Televerket (han så virkelig ut som en telemontør også!), han skulle koble til telefonlinje hjemme hos oss. Fem-sifret nummer og greier. Den gang var spørsmålet Hvor skal du? Gjerne fulgt opp med Du må være hjemme til åtte! eller noe slikt. Men det var den gang - før vi ble så utrolig opptatt av å vite hvor alle er til enhver tid.

Saturday, September 04, 2010

Password lenghts as told by the media

At the end of August researchers at Georgia Tech Research Institute (GTRI) released a case study that received a lot of attention in international media. Their own header was perhaps a little tough:

It's a cool case study. It's a good thing that the insecurity of short/bad passwords gets attention in the press. Still I can't see anything here that has already been said, presented and written by others already. Not that it  matters in this case.