Thursday, January 31, 2013

Kjære BankID

Vi er nok ikke verdens beste venner, jeg er smertelig klar over det. Bruken av Java, sentrallagret PKI som strider mot etablerte prinsipper, BankID på mobil som bare fungerer med noen operatører & modeller, samt diverse andre problemer... jeg nevner i fleng.

Likevel er jeg frekk nok til å komme med et veldig enkelt endringsforslag som kan gjøre brukeropplevelsen *litt* bedre ved innlogging i nettbank fra PC.

Thursday, January 24, 2013

Skryt til blogg.no

[Logo elegant kopiert rett fra blogg.no...]
Updated post - english summary at the bottom.

"Jeg er streng, men rettferdig."

Ordene sitter fortsatt spikret, over 20 år etter rekruttskolen. Fantastisk troppsjef, og jeg forsøker å leve opp til de ordene. Nå skal jeg gjøre noe jeg ikke har gjort før: jeg skal skryte av en rosablogg, nemlig blogg.no. For å være helt korrekt; jeg skal skryte av firmaet Bootstrap AS som står bak tjenesten.

De har på svært kort tid fikset det jeg anså som svært alvorlige sikkerhetssvakheter, etter at jeg sendte dem mail om det. Her er historien:

Friday, January 18, 2013

Tees. With comments.

It's Friday, and I'm kind lazy today, so I thought I would put up pictures of the T-shirts I made for myself for Passwords^12, and a short explanation for each of them. (Media archives right here, videos also available on youtube).


Monday, January 07, 2013

Security issues with MSXML


This is a quick & dirty blog post, partially to help a friend reach out to the world, and partially because I'm affected as well. Correction: was affected. Now removed & patched at the same time.

At my previous job one of my tasks was to manage & improve the security patch management process across all platforms, from operating systems and databases to browsers & plugins. Sometimes even down to firmware & driver updates, because of bugs and vulnerabilities. My primary focus was - no surprise - Windows installations and pretty much everything that can be installed on Windows. I did that for more than 5 years. 10-15K servers, 100-150K clients. I did well. Very well in fact, and I'm still proud of it.

Many surprises have appeared along the way, the most recent has to do with MSXML, which comes to light in this blog post.

Thursday, January 03, 2013

Facebook Poke vs Snapchat - Security Comparison

Facebook Poke vs Snapchat - on security.
@adamcaudill got me started with his tweet + blog post about some of the lack of security in Snapchat, and I just had to take a look. After hammering Snapchat for a while, I thought I could do a security comparison to Facebook Poke, their own app that does pretty much the same thing as Snapchat. If you want to see a feature comparison, take a look here at techcrunch.

While Adam does the crypto + API stuff - the inner workings of the Snapchat app - I'm more interested in the visible password stuff. And before we start talking about financial muscles, size of organisation etc between Facebook & Snapchat.... It doesn't take a giant to make good security. (Rather on the contrary I would say.)

Tuesday, January 01, 2013

Måling av reell verdi fra sosiale medier

Min Klout score Jan 1, 2013. Twitring er hovedårsaken til min score.

Jeg ble veldig nysgjerrig da +Hans-Petter Nygård-Hansen postet denne bloggposten: "Slik kan du måle din innflytelse i sosiale medier". Faktisk så nysgjerrig at jeg måtte sjekke meg selv. Jada, innrømmer glatt at jeg har et ego jeg også. :-)