security samurai: July 2012

An Apple a day...

7:13 PM

This is probably the most interesting account of an employee sneaking into work after being fired that I've ever heard!

Although it is the exception rather than the rule - so make sure you're removing departed user access and maintaining your physical security controls!

I'm sure Apple now has stricter security....except when it comes to losing prototype iPhones. Speaking of which, isn't it about time for an iPhone 5 to get left in a bar soon?

Get on the Good foot.

1:51 PM

A new twist in multi-factor authentication..Bio-Soles!

The concept is based on research that shows each person has unique feet, and ways of walking. Sensors in the bio-soles check the pressure of feet, monitor gait, and use a microcomputer to compare the patterns to a master file for that person. If the patterns match the bio-soles go to sleep. If they don't, a wireless alarm message can go out.

A good thing my company doesn't use these. I twisted my ankle last week and would still be setting off alarms...

Still, interesting concept. Up there with the Inner Ear Biometrics (pdf here) or the "Butt Biometrics".

Interesting, yes. Practical? Hmmm

More Password Leakage

10:09 AM

There is speculation floating around the net that at least one of the recent disclosures of passwords was a SQL Injection attack (my bet would be several), I this find equally as disturbing as the fact that the passwords weren't even hashed. Seriously people SQL Injection? It's 2012...

Not the end of the world as we know it....

11:18 AM

Justin , Posted in security , security culture , 0 Comments

DNS changer has been big in the news of late. News.com.au even ran a headline featuring a nuclear explosion!

The Australian government has a DNS changer check page - http://dns-ok.gov.au/ - to help you determine if you are affected. With the impending shutdown of the DNS changer servers, some are estimating 30,000 - 40,000 devices will be affected - really a drop in the ocean of the millions and millions (billions?) of devices connected to the internet.

I figure some people will find their internet isn't working, shrug their shoulders as they assume it's another 'computer gremlin' and get someone to help fix it. No Cyber-Armageddon of Internet Doomsday.....

Megaupload recap

7:41 PM

Justin , Posted in forensics , Legal , 0 Comments

I've been quiet on the blog since relocating to Japan, and had started a bunch of posts that I never finished. Rather than finish them all, I'm going to start recapping on the stuff I found interesting over the last few months, and then move on to hopefully a more regular schedule.

The Megaupload fisasco, where the site was shut down for illegal filesharing and owners arrested under US law even though the site was located in Hong Kong and the owners non-US nationals in other countries. All this despite NZ's extradition agreement with the US requires the crime to have been committed in US territory. An interesting article here on the legality of it all and what it may mean in the future.

No one seems to have covered themselves in glory here with the FBI fedex-ing cloned data out of NZ (possibly illegally) and now ordered to return it combined with the recent news that the search warrant used to search Kim Dotcom's home and clone his HDDs was ruled illegal.

And oh, of course, there was an 'Anonymous' response to the whole thing and the question of did the high profile bust and take-down accomplish anything anyway?

It raises all the old questions in regards to 'cyberspace' - who 'owns' the internet? Is it a transmission medium or a place? This case will be one to watch...