Tuesday, September 25, 2012

Ny runde: Anonyme Spørreundersøkelser

[Spam eller på ekte? Faktisk vanskelig finne ut av...]
Kjære Eurocard. Jeg benytter meg av deres tjenester. Dere har noen glimrende sikkerhetsløsninger som jeg har brukt som "skoleeksempler" i flere foredrag, hvor brukervennlig sikkerhet har vært et viktig punkt. Der scorer dere høyt. Dessverre faller dere fullstendig igjennom når dere (?) sender ut undersøkelser som den jeg har mottatt, avbildet over.

Friday, September 21, 2012

Java patching i Norge

Venner lar ikke venner kjøre Java.
[Java. Du trenger ikke å like det, men du må dessverre ha det i Norge.]

Marie Moe i NorCERT er overrasket når Digi.no forteller henne at tall fra sikkerhetsselskapet Mnemonic viser at 78% har enda ikke oppgradert Java programvaren sin til nyeste versjon. Nyeste versjon anses sikker pr dags dato, i betydningen "Ingen offentlig kjente sårbarheter pr dags dato".

Hun burde ikke være overrasket.

Saturday, September 15, 2012

Elcomsoft, UPEK & more


[That was one *awesome* passphrase! :-)]

Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a 'scrambled' format in registry. This allows an attacker through different entry points to get easy access to a users Windows password. I have no reason not to believe Elcomsoft in their claims, but UPEK/Autentec seriously disagrees. In the middle of this I happen to have some questions, and an opinion regarding biometric software today.

Sunday, September 09, 2012

Spying on ex-employees & others using Computrace

[Hi, and welcome to 1984!]
The Norwegian Data Protection Authority (Datatilsynet) has strict guidelines on the use of tracking software & hardware enabling position tracking of people. Easily summarized: A user has to agree on being tracked (in writing), and can recall his/her consent at any given time. Consequences of not agreeing on being tracked may of course be denied access to the service in question, etc.

In Norway it has become pretty common that employees get to keep their laptop & smartphone when leaving a company due to downsizing. Enter the problematic world of asset tracking & inventory software hardcoded into your system BIOS.