Friday, October 21, 2011

Adgangskort og PIN koder

[PINs på Post-it. Er det noe problem?]
Denne bloggposten skrives etter veldig mange års frustrasjon med fysisk adgangskontroll. Bildet over bør være god nok forklaring på min frustrasjon, det er Post-it lapper jeg har fått utlevert sammen med ulike typer adgangskort, både magnetstripe og RFID baserte kort. Med et ønske om å bidra med "enkle sikkerhetstips i hverdagen", så har jeg noen spørsmål og tips rundt slike løsninger for adgangskontroll.

Tuesday, October 18, 2011

More STARTTLS support!


RFC 3207:
SMTP Service Extension for
Secure SMTP over Transport Layer Security

In a previous blog post entitled "STARTTLS support in Hotmail/Gmail", I requested these services to implement support for RFC 3207, in order to use automatic and transparent security at the "back side" of their services, when available. I doubt I'm the reason here, but Google now has support in place! (Hooray!)

Friday, October 14, 2011

Facebook password history...


"Unfortunately you have provided an old password. Your password was last changed yesterday at 07:52. If you don't remember making this change, please click here".

First thought: WTF does Facebook tell me this????

Second thought: Good, they seem to have some password history going on. Got to test that later on, by trying to change back to my old password. I guess they don't block that quite yet.

Third thought: This is good from a usability perspective. They've got quite a few users (...), this will make it easier for them to actually change their passwords whenever they feel the need to do so, and handle it afterwards.

Fourth thought: A bruteforce attack against known logins will eventually succeed, but it may also reveal one or more previously used passwords, enabling several methods of pattern-based password analysis to improve the chances of an attacker figuring out the correct password faster and with less attempts then from a blind start.


Not good.


Any opinions?

Tuesday, October 11, 2011

En ROSA bloggpost!

[Bilde fra WahWah brosjyre]
Jeg er gammeldags. Jeg har passert 40. Jeg har en tåpelig tendens til å ta i mot utfordringer fra jenter. Kristin er en av dem. Utfordringen kom for noen måneder siden; hun utfordret meg til å skrive et blogginnlegg om mote & skjønnhet og sånn. Jeg svarte at det var liksom ikke helt min greie, men dersom jeg gjorde det så måtte hun kvittere med en bloggpost om sikkerhet & sånn. Jeg gleder meg allerede! ;-)