Weekly Update 215

It was a bit of a slow start this week. "Plan A" was to use the new GoPro with the Media Mod (including light and lapel mic) and do an outdoor session. This should really be much easier than it was with multiple issues ranging from connectivity drops to audio sync to simply not having a GoPro to tripod adaptor. I'll need to get on top of that before my big Xmas holiday trip and none of these are insurmountable problems, but this stuff should be easy! Can't feel too sorry for myself, had a great day on the water before that (exclusive wake park footage right there), but ended up in the office as usual. Enjoy 🙂 ReferencesIt's a slow...

I've Joined the 1Password Board of Advisers

Almost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You Can't Remember. I had come to the realisation that I simply had too many accounts across too many systems to ever have any chance of creating decent unique passwords I could remember. So, I set out to find a password manager and 10 Christmas holidays ago now, I spent the best 50 bucks ever: I chose 1Password way back then and without a shadow of a doubt, it has become one of the most important pieces of software I have ever used. Since that date in 2011, I doubt there's been a single day I...

Humans are Bad at URLs and Fonts Don’t Matter

Been a lot of "victim blaming" going on these last few days. The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. Here's where it all started: This is a great example of how bad people are at reading and understanding even the domain part of the URL then making decisions based on that which affect their security and privacy (see the answer under the poll) https://t.co/Ati2ndKvGI — Troy Hunt (@troyhunt) October 24, 2020 Let me include a screen grab of the poll NordVPN posted in that tweet because for reasons that will become...

Weekly Update 214

It's a very tired weekly update as I struggle a little bit after only a few hours' sleep but hey, at least I've got a nice haircut! In more topical news, I'm pretty happy about the experience installing Ubiquiti's AmpliFi ALIEN gear into a neighbour's house, it's Trump on top of Trump with his password commentary and then his actual password and finally, questions from the audience on AmpliFi versus UniFi which some people might find interesting. Next week, I'm hoping I'll be able to talk about the Ubiquiti doorbell as well so tune back in for that one. ReferencesI put an AmpliFi ALIEN unit into a friend's house (this is some really cool kit!)Trump had some, uh, "interesting"...

Weekly Update 213

The week's update comes on the back of a very long week for me, but it's good to be "out there" speaking at events even if they are just from the comfort of my own home. There's also more adventures in IoT, Chrome's experiment with URL paths in their omnibox and Apple messing around with MAC addresses on my phone and watch. Oh - and I did manage to track down what my favourite Norwegian beer is following a question from the audience: I was asked about my favourite Norwegian beer during my live stream today and couldn’t recall the name. Because it’s my fav, @charlottelyng kindly took a pic for me back in Oslo 😊 Juicy Stuff Klokk...

Customised Ubiquiti Clients and Randomised MAC Addresses on Apple Devices

You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things: That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices. Each one has been meticulously customised by both name and icon so that it's immediately recognisable on the map. For example, the Nanoleaf in my daughter's room has the correct image associated to it and her name alongside it so I can easily differentiate it...

Weekly Update 212

It's a bit of a mega one this week running over the 1-hour mark, but there's been an awful lot happen during the last week that I reckon is of interest. There's a decidedly adult theme running across the topics not by design, but just by pure coincidence between the Grindr incident, a query I got regarding erasing one's adult website browsing history and the IoT male chastity device full of security holes and potential requiring a grinder (not Grindr!) to remove. We live in interesting times... ReferencesIt's NDC Sydney next week! (I won't "be" there this year, but the show is still going on)I'm super impressed with the quality on the new GoPro HERO9 Black (more of that...

Welcoming the Canadian Government to Have I Been Pwned

Following in the footsteps of many other national governments before them, I'm very happy to welcome the Canadian Centre for Cyber Security to Have I Been Pwned. The Canadian Centre for Cyber Security now has full and free access to query all Canadian federal government domains across both past and future breaches. Canada's inclusion in the service brings the total to 11 federal governments across North America, Europe and Australia. I hope to include more parts of the world in the coming months....

Weekly Update 211

This week there's a lot of connected things: connected shoes, connected garage camera and connected GoPro. And then there's Scott's Grindr account. Awkward. Actually, since recording this weekly update the details of the issue have now been released so I'll talk about that in more detail next week. This week there's all the above and, on a more personal note, my relationship with Charlotte. Enjoy. ReferencesMy shoes are connected! (that's the tweet thread of how to update the firmware in them - yep, updating the firmware in my shoes)My Ubiquiti G3 Micro is up and integrated with Home Assistant to raise motion events (this is super simple and I'll use it to trigger external lights once more Shellys go...

Hacking Grindr Accounts with Copy and Paste

Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr is "The World's Largest Social Networking App for Gay, Bi, Trans, and Queer People" which for many people, makes it particularly sensitive. It's sensitive not just because by using the site it implies one's sexual orientation, but because of the sometimes severe ramifications of fitting within Grindr's target demographic. For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. Another demonstration of how valuable...