Source: The Short Life of a Vulnerable DVR Connected to the Internet – SANS Internet Storm Center
I’ve set up DVRs and the UX/UI on most of them is appalling, along with the entire setup and configuration process. Then to find out the moment you connect them to your network they just become another attack vector, one that cannot be easily closed off.
These are pretty pricey devices that I believe can be replaced with a Raspberry Pi to obtain more flexibility and better recording quality. It’s just the software that’s needed.
Source: Multiple Linux Distributions Affected By Crippling Bug In Systemd – Slashdot
Surprisingly, no one in the /. thread mentioned any of them. They were more interested in lighting systemd’s creator ass on fire.
This site focuses on the security of routers. Period. If you are interested in faster WiFi, look elsewhere. The site covers configuration changes to make a router more secure, and, picking a router that is more secure out of the box.
Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder | Naked Security.
I read a few things about this on twitter, and the one that most stuck with me went something like this:
Out of the whole Adobe hack, the only people coming out looking good are the people who pirated Photoshop.
I, for one, will stick to The GIMP.
How the Bible and YouTube are fueling the next frontier of password cracking | Ars Technica.
It seems you’ll have to use *random* passphrases now… and even then you’re not fully safe.
So Evernote got cracked into and they’re having everyone reset their passwords. It works well, except when it doesn’t:
They’re telling me I can use letters and numbers and punctuation characters but then I enter a nice complex passphrase (not password!) and I just get that little error message. No help mouseovers, no links to a FAQ or blog post.
Then I entered a passphrase with all space characters removed soyouendupwithsomethinglikethis and it worked. Got account access back. It could be helpful to tell people they cannot use spaces at all, specially after punctuation characters.
Evernote is doing many things right, but password resetting is not one of them.
For the past two years or thereabouts, every time I’ve attempted to change my password in Skype I’m greeted with the following error:
No matter what OS, browser, or client I use, I still get it.
If memory serves (and I might be mistaken) Skype itself suggested you use special characters like
_, etc, to make your passwords more complex and help increase the security of your account. They wanted you to use the sort of password that is bloody hard to remember and easy for a computer to steal or crack or for another human to guess.
My guess is at some point (probably after being acquired by Microsoft), they updated their password code to disallow such characters. Which means I am now screwed as their systems literally don’t know what to do with my current password.
Maybe at some point I’ll be able to change my password, but with the migration from Live Messenger to Skype, it’s unlikely.
Oh, before I forget. If you want to use a password, it’ll have to be less than 20 characters in length. You know, for teh future lulz.
Oracle, thou art too slow, and we shall pay for thine mistakes.
I’m not saying WordPress isn’t secure, but the perception seems to be
“WordPress is not secure”
It’s said in TechCrunch, it’s called out to Matt, JD of Get Rich Slowly had big trouble, and there are a lot of tips and tutorials. The Codex entry on Hardening WordPress is missing some stuff… but the perception keeps turning more and more negative. If it keeps up like this some other platform will come along claiming to everyone to be more secure than everyone else and a lot of people will migrate just because of that.
I feel to avoid this the focus of WordPress 2.7 should be security. We already have a stable and flexible platform to establish and maintain blogs, so now it must become a secure platform.