Who would have thought that printers would be a practical threat vector? I didn’t until it was pointed out to me, at which point palm meets forehead because it is unbelievably obvious!! Every single office I’ve ever worked in has MFPs, Multi Function Printers, which allow you to scan, email, fax, photocopy and even print. [embed]https://www.youtube.com/watch?v=njVv7J2azY8[/embed] What’s the hype? There were lots of silly quotes in the news on this vulnerability, which had been specifically linked to HP printers:
I find adverts on websites annoying, really, really annoying (which is why they’re not on this site). I use IE exclusively in the office and I thought it made sense to block it, so that when I’m reading Ars Technica or El Reg my eyes stop bleeding. I found a great article that explains how to do this at “Learn with Nirab”. I’m rewriting what he says to make it a little easier to follow:
Distrust and caution are the parents of security. -Benjamin Franklin I was just browsing the interwebs, as I am want to do, and I came across a few interesting articles about consumer safety online. I thought I’d summarise the advice: Do NOT click on things you don’t understand Do NOT install things unless you’re really sure Update your computer daily* Update your AV daily Ooooh a new Christmas PC!
A lot of hacking is playing with other people, you know, getting them to do strange things. -Steve Wozniak Voicemail hacking is a problem, one that is now widely popularised in the media, and I’m not going to discuss the political ramifications but it does present an interesting security question. The issue is that voicemail systems haven’t fundamentally changed in 20+ years since their creation with analogue mobile phones, a subscriber number and a 4 digit PIN are all that are required to reach messages.
Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. Clifford Stoll Passwords are always a thorny topic in IT departments, and everyone (including their Aunty) has an opinion. I’ve seen loads of different policies, rules of thumb and fudges trying to get users to keep your estate safe. Here are a couple of lesser known ones: CVC, Consonant-Vowel-Consonant, is a way of grouping random letters in arrangements that are phonemes and are almost always ‘sayable’.
Now normally this kind of “Hello World!” message would be a fairly basic, and ultimately pointless, entry just letting you know that your website was up and running. (And I have no wish to disappoint, so this post will be pretty pointless :) ) I’ve spent a few years working in IT as both an architect and technologist but I have a particular interest in security technologies and this blog will collect some of my opinions, reviews, thoughts etc.