Monday, January 31, 2011

Høyre og #DLD


I anledning Nasjonal Sikkerhetsdag 2010 lanserte min arbeidsgiver en rapport om hvordan taushetsbelagt informasjon sendes ukryptert via e-post i Norge. Rapporten var utarbeidet av meg sammen med min kollega Jan Fredrik Leversund, og fikk tydelig oppmerksomhet i media. Nå er snart ett år gått, og spørsmålet kommer naturlig: Har det skjedd noe siden sist?


Tuesday, January 11, 2011

Now Recruiting: Password Mules!


The above announcement originates from a web forum where users submit password hashes for cracking. Other users reply with recovered passwords. Recovering your own? well, why not. Recovering 100 million? A reasonable question would be: Where did you get those? It's about time to talk about ethics.

Sunday, January 09, 2011

No good security @StepStone Solutions!

ERRATA:
I've received a reply to this blog post by private e-mail (Thx Pål!), and I will update it to reflect the difference between the two separate companies StepStone and StepStone Solutions. Erroneous text/links has been changed to strikethrough italics, while new text is written in blue.

I got an e-mail just before the new year from noreply@easycruit.com, a service from StepStone StepStone Solutions. It reminded me that I hadn't changed or updated my CV in their database for 6 months. They recommended that I updated it, otherwise they would delete it in two weeks. The e-mail also gave me my current username and password - in cleartext:

(Forgive me for my censorship here :-) Click for full size. Text in Norwegian.)

Thursday, January 06, 2011

Facebook places - ny runde med sikkerhet


I går, det vil si onsdag 5. januar, ble endelig Facebook "Places" tjenesten også tilgjengelig for bruk i Norge. Personverninnstillingene relatert til denne funksjonen har vært tilgjengelig lenge, men dagens lille test (skjermbildet over) viser at ihvertfall mange av mine kontakter enda ikke har endret på dette. Det må vi få gjort noe med.