Codifyre
#15 - Our Devices Listening?

#15 - Our Devices Listening?

March 6, 2019

...or is it "are devices listening" to you?

Well yes. There's always a simple answer to these questions and it's yes. Breaking it down to the basics, pretty much all of our devices are listening because we've enabled Siri or Google or Alexa or… to respond to a keyword command like "Hey Siri" such that they can present us, in the case of Siri, with a spooky HAL 9000ish blob to indicate it's listening (because it wasn't before honest) and ready to perform our bidding.

Sometimes things can go amiss...

Read the full blog

Follow us on...
#14 - Mobile Security: The Inside Job

#14 - Mobile Security: The Inside Job

January 2, 2019

This was going to be a comparison of major phones, breaking down some of the exploits and weaknesses.  I was potentially going to compare IOS to Android and throw fuel onto an already raging fire amongst smart phone enthusiasts which is, if you’re listening to a podcast, all of us.   Maybe you’re not a geek or a gadget nut but you’re probably far more dependent on that device that you may realise.  You’ve probably never really put a great deal of thought into how much of YOU is locked up in that phone.  You might even have a Kanye-West style pin code like 000000 to unlock it (if you didn’t see the article I posted on the Codifyre Facebook page about the worst passwords and pin-codes of 2018, it’s worth a read.  Kanye tops the bill.

Let’s start with what’s in your phone.

 
 
Follow us on...
#11 - Hacking Hackers and their Hacks

#11 - Hacking Hackers and their Hacks

May 23, 2018

Is it cast aside teenage wunderkinds who can seemingly dissect all things computer with the crack of a laptop to create designer chaos?  They are portrayed smoking cigarettes, roller blading and always have media savvy branding!  Too cool!

Any time a major breach is announced, the media conjures up their classic image of this hooded jedi-like figure in a dimly lit room with 0s and 1s swirling about. Film and TV has done a superb job of portraying our favourite computer hacker as the stereotyped quirky yet heavily crafted indie kid who wields the required dexterity to power-type at a moments notice, anywhere on the planet and inject themselves straight into anything from corporate servers, to traffic light control systems to Dinosaur based fun parks. It usually involves some superb visualisations of neon landscapes and swirling equations.

In the episode I unpack hacking and what it really is, with a few notable examples from the past few years.   

Warning! I may debunk Hollywood's sexy portrayal and expose hacking for what it really is... good ol' fashioned elbow grease.

The shownotes for the episode are here.

https://codifyre.com/coding/hacking-hackers-and-their-hacks-2018/

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

#7 - Part 2 - Browse This! (Browser Security)

#7 - Part 2 - Browse This! (Browser Security)

March 21, 2018

The internet browser, which began as a simple visual interpretation of a "markup" language used to create a textual representation of visual elements is now a dangerously functional run-time environment potentially comparable to our host operating system. 

In this episode we talk about known exploits in the browser from how file types have tricked the browser, and the OS, into giving away credentials to hacked browser extensions, to crypto mining to the potential for trusted websites to undermine our confidence and off up malvertising and lead us off the safe path.

In short... it's a quick, learn from the mistakes of the past, cautionary tale about browsing the internet in the modern (2018) world.  I would be worried that I was dating this podcast but, as it's a tech podcast, it'll be dated faster than you can say Betamax.  So go listen now!

Read the notes for Part 1 & 2 at

https://codifyre.com/tech-skills/browser-shopper-shoplifter

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

 

#7 - Part 1 - Browse This!  (Browser Security)

#7 - Part 1 - Browse This! (Browser Security)

March 7, 2018

Let me go back to the beginning. 1990!

Shortly after the earth cooled and life began,  Sir Tim Berners-Lee just decided to invent the world wide web.  This was approximately 1990 give or take any prior research and general acceptance of the idea. He also put together the first browser confusingly and yet inspirationally called "WorldWideWeb".

Well now you know how that all started and why it's called what it is. For those of you who were toddlers or perhaps not even born yet a world without the web sounds like a time when everything was in black and white, lit by open flame, the notion of evolution was exciting and new and tablets were made from stone.

Since then things have evolved. The browser which began as a simple visual interpretation of a "markup" language used to create a textual representation of visual elements is now a dangerously functional run-time environment potentially comparable to our host operating system, more than you might expect. 

Read the show notes at...

https://codifyre.com/tech-skills/browser-shopper-shoplifter/

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

 

#6 - Part 2 - Blockchain Security & The Bitcoin Boom

#6 - Part 2 - Blockchain Security & The Bitcoin Boom

February 21, 2018

In Part 1 of our article on blockchain security and cryptocurrency, we took a hard look at the core components that make up a successful cryptocurrency like Bitcoin. From the distributed network itself to the individuals who wish to own and use a cryptocurrency wallet to transfer or spend Bitcoin, security is key (pun intended) and very much a consideration at every stage. We ended our last article talking about the types of wallets available for conducting transactions on the network. This is where both choice and the potential for user or developer error come into play, especially when we discuss the types of wallets and, more importantly, the storage each type provides.

"The technology is a deadly combination of high value, high stakes, and low maturity."

Read the whole article for Part 2 here 

https://www.synopsys.com/blogs/software-security/blockchain-security-cryptocurrency-application/

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

 

#6 - Part 1 - Blockchain Security & The Bitcoin Boom

#6 - Part 1 - Blockchain Security & The Bitcoin Boom

February 7, 2018

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic buddy, blockchain. (I may have written that one as well.)

To some people, Bitcoin is a spoof currency trapped in a speculative bubble. To others, it and its alt-coin brethren are the future of financial exchange. In 2017 we saw a growing frequency of news about Bitcoin millionaires, lost Bitcoin tragedies, Bitcoin scandals, and various Bitcoin exchanges being hacked and shut down.

For the millions who have invested (or are considering investing) in cryptocurrencies such as Bitcoin, Litecoin, Ethereum, and the ever-growing list of alt-coins, little has been mentioned about the software and the infrastructure on which these cryptocurrencies are based. With all early adoption of technology, there is risk, so there’s a natural inclination to question the security of blockchain and the potential for cyber attack against it.

This special edition two part podcast was requested by Synopsys Software Integrity Group so you can read the show notes for it at the link below instead of the standard location at Codifyre.com

Read the whole article for Part 1 here 

https://www.synopsys.com/blogs/software-security/blockchain-security-cryptocurrency-theory/

 

#5 Part 1 - P@$$w0rd5! (Passwords suck)

#5 Part 1 - P@$$w0rd5! (Passwords suck)

January 9, 2018

Passwords are a pain in the a$$.  In fact, in an interview with The Wall Street Journal, Fernando Corbató, now 91 years old and the inventor of the password back in the 60s said that passwords have become “kind of a nightmare”.

The current state of the internet wasn’t quite a consideration when passwords first started. Nowadays the average internet user can have upwards of 100-150 different accounts across multiple services.  You might be thinking… not me!   When was the last time you actually tallied up all your online identities.  You might be surprised.  Each service is now putting sufficient password restrictions specifically force you away from the password top 10 list, but ensuring that you’ll probably forget what your password is… unless… you have a system.  A clever system!

Learn more about what makes a good password, a BAD password, why it matters, how they word behind the scenes and what is a good practice.  We'll also talk about single sign on mechnisms like Facebook, Google and Twitter to sign into other online services like Spotify.  Is that dangerous.  Part 1 dives on in.

In two weeks Part 2 will dive into Password Managers and 2 Factor Authentication mechanisms to ensure you are doing your best to keep your online life tight as a drum.

Read the whole blog at https://codifyre.com/appsec/passwords-suck/

#4 - Life’s a Breach - Is My Data Safe?

#4 - Life’s a Breach - Is My Data Safe?

December 12, 2017

No! Thanks for reading (listening).

It could be worth defining what a data breach actually is.

Cyber security people often refer to three essential pillars upon which anyone responsible for data must adhere. They are called the CIA, oddly. Not to be confused with the American super-spy organisation or the FBI, NSA, USPI (US Postal Inspectors of course) or NCIS (whatever the hell that actually is… is it even real?)

The CIA of cybersecurity stands for Confidentiality (can you keep my secret), Integrity (can you make sure my secret cannot be accessed or changed by anyone else), Availability (can anyone else deny me access to it).  If somebody screwed up any of these it’s a problem. A data breach is when a company royally screws up the first one, Confidentiality, and allows data about us, that we trusted them to keep on the down low, available to others.

Two of the most high profile examples which occured in 2017 were of course Equifax and Uber. I could easily spend this whole time ripping into the Equifax breach alone but thankfully, John Oliver and Last Week Tonight have already done a stellar job of that. I highly recommend checking that out.

The Uber breach was also super fun and also had in common with Equifax an attempt to cover it up, or, at least pretend it wasn’t happening for a while.  The Uber/Equifax policy on disclosure is somewhat akin to Homer Simpson, aptly putting it…”I’ll hide under some coats and hope that somehow everything will work out!”

The Uber breach was extra special in that they actually paid the hackers to shut-up and destroy the data they stole so no worries there right? Because hackers have a really rock solid code of ethics. Uber even said they had evidence to suggest data was destroyed. What evidence exactly was that? A screen shot of an empty directory called “Stuff we Stole from Uber” or perhaps they just send them a empty USB stick in the mail with a post-it note saying “See! Gone! We cool?” I’m not totally convinced. Have a quick surf through Dream Market (other Dark Web Marketplaces are available) and see what’s there.

But how do these things happen in the first place? 

Read more in the official show notes

https://codifyre.com/technology/data-breach-is-my-data-safe/