Taking a quick power consumption numbers dump of the Raspberry Pi 3 Model B Plus Rev 1.3 (4 Core, 1GB RAM). Powered by block-powered 12V USB, double-ended for separate power/data , back-protection.
Category: Security Technical
Siri Reporting into Google Ads?
For the 3rd memorable and most significant event in my life - I have had a run-in with "impossible to guess" advertising. I can simply not believe that I'm not being eavesdropped on by my iPhone.
Small Office Printer – Secure it Now!
All small businesses have them, home users love them. A $500 colour laser printer sure comes with a lot of options, but it's important to configure them to least privilege and highest security. A 5 minute guide on the common features and how to secure them.
Keystrokes – Still the best way to get your password
There's a lot of tools in the attacker's arsenal for getting your most sensitive passwords, but it's a hacker's delight when they simply don't have to because you've typed it out for them.
A bit of simple advice regarding securing home networks for employees.
Many of our clients now support the BYOD and Remote Worker Model. Some of them might be thinking about ways they can secure their mobile workforce.
Another Day another Docker Vulnerability
On the heels of the recent docker hub breach, we've got another Docker issue. Null Root Password. Folks, if you're going to rely on public images and builds for overall system architecture, please please PLEASE consider baking your own hub or scrutinise and sanitise what you're using.
Fingerprinting Apple Device Types by Sensors
The dark truth about fingerprinting hardware is that it can be used to specifically target particular weaknesses of mobile devices. Using embedded magnetometer, gyroscope, and accelerometer, any web page can determine your device type by serving up some script. What this also means is that a mobile web site tab can pretty much follow you around town all day, even without GPS.
Royal Bank – Thumbs Up for Web Security Basics. CIBC and BMO, not so.
A very basic way of protecting your banking clients, even when done visiting your site - idle time logouts. It seems that the Royal Bank was the only bank to "make the grade" when it comes to this one basic security configuration. Logging out idle users should be done actively, not passively.
A New Apple Supply Chain Compromise #gatekeeper
Hackers are leaving no stone unturned when it comes to scouring systems and software for an attack vector. Usually, an adversary is looking for one-off anomolies at the low-end of computer programming, the 1's and 0's. A buffer overflow, a protocol fuzzing, some kind of byte-level trickery. Nothing so brazen as a supply chain attack. These attacks are swift, trusted, often skipped during antivirus and malware scanning. Last week I read about a terrible new Apple supply chain compromise.
Video Image Detection and #surveillancecapitalism
Open source tools and computational power have progressed, but there's a world wide race out there to weave the latest theories and algorithms with cheap small batch hardware. May the most accurate win.