Archive for the ‘Security’ tag
Net Neutrality and cookie limitations by Law in Netherlands
As the second country in the world (Chile beat us to it) the Dutch have amended the Telecom Law to enforce Internet Net Neutrality.
This means that ISP’s are not/no longer allowed to, for instance:
- slow down or limit certain types of traffic (think p2p traffic)
block – or charge for certain types of traffic (think Skype, SIP, WhatsApp, etc)
There is currently one exception mentioned in the law, and that says that ISP’s can block certain types of traffic on ideological grounds, if the user specifically asks for it. This one exception is expected to be removed in yet antoher amendement, to be voted on next week.
Apart from the neutrality, the Teleocom law now also says that web site owners must specifically ask users’ permission to store non-session tracking cookies. This is thought to promote privacy.
Web site owners don’t have to do this each time a user visits, they may do so once a year.
Permissions for .ssh autorized_keys file & directory
It’s one of those thing you don’t do often enough to remember how to, so when I ran into it again this morning, I decided to write it down 
To get asymmetric (public/private) key authentication working with sshd, you need to be the only one who has access to your ~/.ssh directory, so you need to do a
chmod 700 ~/.ssh
The ~/.ssh/authorized_keys file may be world readable ( “chmod 644 ~/.ssh/authorized_keys”).
Windows Phone 7 Guides for IT Professionals
Microsoft has released a series of guides for IT people explaining different topics concerning Windows Phone 7.
The documents included are:
Windows Internet Explorer Mobile on Windows Phone 7_FINAL_122010.pdf
Windows Phone 7 and Certificates_FINAL_121610.pdf
Windows Phone 7 and Exchange Server_FINAL_122010.pdf
Windows Phone 7 Device Update_FINAL_122010.pdf
Windows Phone 7 Mobile Email_FINAL_121610.pdf
Windows Phone 7 Root Certificates_FINAL_121610.pdf
Windows Phone 7 Security and Management_FINAL_122010.pdf
Windows Phone 7 Security Model_FINAL_122010.pdf
You can find the documents here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=dfad6c2f-988a-4b09-9e3b-58bfc9ac0447
Future of passports and money movement in the Underground Economy
Team Cymru, a non profit internet security research firm, has created a white paper on what is changing in the moving and availability of “digital identities” – scans of passports – and virtual money.
It’s a good paper that gives some insight in to the changing world of identity theft and money movement.
You can find it here:
http://www.team-cymru.org/ReadingRoom/Whitepapers/2010/FakeID_in_the_Underground_Economy.pdf
How to easily defeat hotel door key chains
Finally you’re in a hotel that has the good old fashioned key chains on the inside of the door. Hooray! So you lock the door, put the chain on and go to sleep knowing that noone can get in.
I’m sorry to burst your bubble, but all it takes is a rubber band…
Why security guards at many locations are window dressing
Just read this essay about why security guards are so many times just window dressing and had a good laugh while reading it. Very well done, mr. Clarkson!
http://www.timesonline.co.uk/tol/comment/columnists/jeremy_clarkson/article7060873.ece
Security analysis on Electronic Health Records (EPD)
I came across a story that describes how a security report on the Canadian Electronic Health Records system was pulled from publication because of the many flaws found.
Reading the story, you can see that roughly same applies to the Dutch ” Electronisch Patientendossier – EPD”. Isn’t it time for the Ducth government to do as the Canadians did and order an independent security review, rather than continuously repeating that “everything will be all right”? We’ve heard that one before…
http://www.vancouversun.com/health/health+security+report+withheld/2590803/story.html
Anti-theft lunch bags
O, I love this one.
I’d almost start taking lunch with me again just to have a reason to use one of these security devices
Security through obscurity
OK, I’ll be the last one to say that security through obscurity is a good thing. But it does have its uses.
In that light, I found this device funny and smart. It’s a 2 GB USB flash drive disguised as a piece of frayed cable. You’ll still want to encrypt it, I guess, but it will probably be missed if your bags are searched at customs, the police or thieves raid your house, or you lose it.
MS Security Intelligence Report volume 5 available
From January 2006 on, Microsoft has created a bi-annual Security Intelligence Report.
The report provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The fifth volume (and previous volumes) of the report is now available:
SIR Volume 5 (January through June 2008) and Key Findings Summary
Though of course focused on Microsoft security products, it does provide an insight that is broader and gives a good basis as an input for discussion on malware protection.
