This is really scary stuff

Source: The Short Life of a Vulnerable DVR Connected to the Internet – SANS Internet Storm Center

I’ve set up DVRs and the UX/UI on most of them is appalling, along with the entire setup and configuration process. Then to find out the moment you connect them to your network they just become another attack vector, one that cannot be easily closed off.

These are pretty pricey devices that I believe can be replaced with a Raspberry Pi to obtain more flexibility and better recording quality. It’s just the software that’s needed.

Router Security

This site focuses on the security of routers. Period. If you are interested in faster WiFi, look elsewhere. The site covers configuration changes to make a router more secure, and, picking a router that is more secure out of the box.

Failing to choose your new password

So Evernote got cracked into and they’re having everyone reset their passwords. It works well, except when it doesn’t:

Screenshot - 03022013 - 11:40:51 PM

They’re telling me I can use letters and numbers and punctuation characters but then I enter a nice complex passphrase (not password!) and I just get that little error message. No help mouseovers, no links to a FAQ or blog post.

Then I entered a passphrase with all space characters removed soyouendupwithsomethinglikethis and it worked. Got account access back. It could be helpful to tell people they cannot use spaces at all, specially after punctuation characters.

Evernote is doing many things right, but password resetting is not one of them.

Oh, Skype…

For the past two years or thereabouts, every time I’ve attempted to change my password in Skype I’m greeted with the following error:

Skype character error

No matter what OS, browser, or client I use, I still get it.

If memory serves (and I might be mistaken) Skype itself suggested you use special characters like !, @, #, $, %, ^, &, *, (, ), _, etc, to make your passwords more complex and help increase the security of your account. They wanted you to use the sort of password that is bloody hard to remember and easy for a computer to steal or crack or for another human to guess.

My guess is at some point (probably after being acquired by Microsoft), they updated their password code to disallow such characters. Which means I am now screwed as their systems literally don’t know what to do with my current password.

Maybe at some point I’ll be able to change my password, but with the migration from Live Messenger to Skype, it’s unlikely.

Oh, before I forget. If you want to use a password, it’ll have to be less than 20 characters in length. You know, for teh future lulz.

Hacked! – Magazine – The Atlantic

As email, documents, and almost every aspect of our professional and personal lives moves onto the “cloud”—remote servers we rely on to store, guard, and make available all of our data whenever and from wherever we want them, all the time and into eternity—a brush with disaster reminds the author and his wife just how vulnerable those data can be. A trip to the inner fortress of Gmail, where Google developers recovered six years’ worth of hacked and deleted e‑mail, provides specific advice on protecting and backing up data now—and gives a picture both consoling and unsettling of the vulnerabilities we can all expect to face in the future..

Now I’m getting all itchy about changing my passwords.

Security in WordPress

I’m not saying WordPress isn’t secure, but the perception seems to be

“WordPress is not secure”

It’s said in TechCrunch, it’s called out to Matt, JD of Get Rich Slowly had big trouble, and there are a lot of tips and tutorials. The Codex entry on Hardening WordPress is missing some stuff… but the perception keeps turning more and more negative. If it keeps up like this some other platform will come along claiming to everyone to be more secure than everyone else and a lot of people will migrate just because of that.

I feel to avoid this the focus of WordPress 2.7 should be security. We already have a stable and flexible platform to establish and maintain blogs, so now it must become a secure platform.