Feds love SMS

Today I learned NIST no longer admits cell phone SMS authentication is horribly insecure. NIST SP800-63B Published June 2017 refutes earlier guidance to avoid SMS authentication because security.

Today I learned NIST no longer admits cell phone SMS authentication is horribly insecure.

NIST SP800-63B Published June 2017 refutes earlier guidance to avoid SMS authentication because security.


The Year of Threat

I am officially declaring 2017 the year of threat.

Doing my best to play the part of threat actor.( Defcon Tinfoil-Hat-Contest).

Following years of rhetoric about state-based attacks and who is at fault for what major system compromise the public seems to finally have come to grips with a few indisputable notes us security pros have been screaming at the tops of our lungs for a couple decades.

  1. There is (at least) a threat out there targeting every principal.
  2. The bad things threat actors cause mean more to the average person than the increasing the frequency of plastic rotation in a wallet.
  3. Things are obviously getting worse.

The public hasn’t grokked this one yet but:

Continue reading “The Year of Threat”

Chrome Flat On My Desk

Last week I was lucky to have squeezed an early sample of the Samsung Chromebook Pro out of my distributor for evaluation. This is not a review of the device but of how a device like this one, equipped with the ChromeOS stack might fit into the enterprise. Continue reading “Chrome Flat On My Desk”

LED Lighting Lunacy

I recently put together a co-working space in my rural hometown (post coming) as an alternative from my old work-from-home model.

As part of this exercise in dressing up an ancient tin-ceiling storefront it really drilled home how important effective lighting is in my work space for the entire room (and not just the economical task light).

I was looking for this, but couldnt find it so I crunched it myself. Here’s the history of artificial light in one graph.

lightingstupidity
Note the logarithmic scales for the intended perspective.

Continue reading “LED Lighting Lunacy”

News Flash: World Wide Web is Wild Wild West … still

Okay, so this shouldn’t be news to anyone moderately concerned with the safety of their personal information or corporate resources, but this week reinforced a growing trend in information systems:

The web-browser is the largest attack vector on any platform.

This week saw one disclosure and two separate 0-day attacks which left nowhere to hide on the web.

Continue reading “News Flash: World Wide Web is Wild Wild West … still”