Codifyre

The internet browser, which began as a simple visual interpretation of a "markup" language used to create a textual representation of visual elements is now a dangerously functional run-time environment potentially comparable to our host operating system. 

In this episode we talk about known exploits in the browser from how file types have tricked the browser, and the OS, into giving away credentials to hacked browser extensions, to crypto mining to the potential for trusted websites to undermine our confidence and off up malvertising and lead us off the safe path.

In short... it's a quick, learn from the mistakes of the past, cautionary tale about browsing the internet in the modern (2018) world.  I would be worried that I was dating this podcast but, as it's a tech podcast, it'll be dated faster than you can say Betamax.  So go listen now!

Read the notes for Part 1 & 2 at

https://codifyre.com/tech-skills/browser-shopper-shoplifter

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

Let me go back to the beginning. 1990!

Shortly after the earth cooled and life began,  Sir Tim Berners-Lee just decided to invent the world wide web.  This was approximately 1990 give or take any prior research and general acceptance of the idea. He also put together the first browser confusingly and yet inspirationally called "WorldWideWeb".

Well now you know how that all started and why it's called what it is. For those of you who were toddlers or perhaps not even born yet a world without the web sounds like a time when everything was in black and white, lit by open flame, the notion of evolution was exciting and new and tablets were made from stone.

Since then things have evolved. The browser which began as a simple visual interpretation of a "markup" language used to create a textual representation of visual elements is now a dangerously functional run-time environment potentially comparable to our host operating system, more than you might expect. 

Read the show notes at...

https://codifyre.com/tech-skills/browser-shopper-shoplifter/

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

In Part 1 of our article on blockchain security and cryptocurrency, we took a hard look at the core components that make up a successful cryptocurrency like Bitcoin. From the distributed network itself to the individuals who wish to own and use a cryptocurrency wallet to transfer or spend Bitcoin, security is key (pun intended) and very much a consideration at every stage. We ended our last article talking about the types of wallets available for conducting transactions on the network. This is where both choice and the potential for user or developer error come into play, especially when we discuss the types of wallets and, more importantly, the storage each type provides.

"The technology is a deadly combination of high value, high stakes, and low maturity."

Read the whole article for Part 2 here 

https://www.synopsys.com/blogs/software-security/blockchain-security-cryptocurrency-application/

Follow us on...

Twitter: https://www.twitter.com/codifyre

Facebook: https://www.facebook.com/codifyre

Instagram: https://www.instagram.com/codifyre.co.uk

Web: https://www.codifyre.com

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic buddy, blockchain. (I may have written that one as well.)

To some people, Bitcoin is a spoof currency trapped in a speculative bubble. To others, it and its alt-coin brethren are the future of financial exchange. In 2017 we saw a growing frequency of news about Bitcoin millionaires, lost Bitcoin tragedies, Bitcoin scandals, and various Bitcoin exchanges being hacked and shut down.

For the millions who have invested (or are considering investing) in cryptocurrencies such as Bitcoin, Litecoin, Ethereum, and the ever-growing list of alt-coins, little has been mentioned about the software and the infrastructure on which these cryptocurrencies are based. With all early adoption of technology, there is risk, so there’s a natural inclination to question the security of blockchain and the potential for cyber attack against it.

This special edition two part podcast was requested by Synopsys Software Integrity Group so you can read the show notes for it at the link below instead of the standard location at Codifyre.com

Read the whole article for Part 1 here 

https://www.synopsys.com/blogs/software-security/blockchain-security-cryptocurrency-theory/

Passwords are a pain in the a$$.  In fact, in an interview with The Wall Street Journal, Fernando Corbató, now 91 years old and the inventor of the password back in the 60s said that passwords have become “kind of a nightmare”.

The current state of the internet wasn’t quite a consideration when passwords first started. Nowadays the average internet user can have upwards of 100-150 different accounts across multiple services.  You might be thinking… not me!   When was the last time you actually tallied up all your online identities.  You might be surprised.  Each service is now putting sufficient password restrictions specifically force you away from the password top 10 list, but ensuring that you’ll probably forget what your password is… unless… you have a system.  A clever system!

In out last episode we talked about bad passwords (the top bad passwords in fact), what makes a good password and how you can make something up that is easy for you to remember but hard for machines to guess.  

This week we talk about password managers.  We include browsers in that as well.  We discuss the reason behind using password managers and offer suggestions for they can improve your standard of password hell provided you obey a few dos and don'ts.  

Finally we end with two factor authentication and the different options for really ensuring you take your personal security to the next level starting with defining authentication mechanisms as 

Something you know (eg. a password)
Something you have (eg. your phone)
Something you are (eg. your fingerprint)

For more details please check out the blog for this show at 

https://codifyre.com/appsec/passwords-suck/

Our Facebook Page

https://www.facebook.com/codifyre/

Let's twitter as well

https://www.twitter.com/codifyre/

Passwords are a pain in the a$$.  In fact, in an interview with The Wall Street Journal, Fernando Corbató, now 91 years old and the inventor of the password back in the 60s said that passwords have become “kind of a nightmare”.

The current state of the internet wasn’t quite a consideration when passwords first started. Nowadays the average internet user can have upwards of 100-150 different accounts across multiple services.  You might be thinking… not me!   When was the last time you actually tallied up all your online identities.  You might be surprised.  Each service is now putting sufficient password restrictions specifically force you away from the password top 10 list, but ensuring that you’ll probably forget what your password is… unless… you have a system.  A clever system!

Learn more about what makes a good password, a BAD password, why it matters, how they word behind the scenes and what is a good practice.  We'll also talk about single sign on mechnisms like Facebook, Google and Twitter to sign into other online services like Spotify.  Is that dangerous.  Part 1 dives on in.

In two weeks Part 2 will dive into Password Managers and 2 Factor Authentication mechanisms to ensure you are doing your best to keep your online life tight as a drum.

Read the whole blog at https://codifyre.com/appsec/passwords-suck/

No! Thanks for reading (listening).

It could be worth defining what a data breach actually is.

Cyber security people often refer to three essential pillars upon which anyone responsible for data must adhere. They are called the CIA, oddly. Not to be confused with the American super-spy organisation or the FBI, NSA, USPI (US Postal Inspectors of course) or NCIS (whatever the hell that actually is… is it even real?)

The CIA of cybersecurity stands for Confidentiality (can you keep my secret), Integrity (can you make sure my secret cannot be accessed or changed by anyone else), Availability (can anyone else deny me access to it).  If somebody screwed up any of these it’s a problem. A data breach is when a company royally screws up the first one, Confidentiality, and allows data about us, that we trusted them to keep on the down low, available to others.

Two of the most high profile examples which occured in 2017 were of course Equifax and Uber. I could easily spend this whole time ripping into the Equifax breach alone but thankfully, John Oliver and Last Week Tonight have already done a stellar job of that. I highly recommend checking that out.

The Uber breach was also super fun and also had in common with Equifax an attempt to cover it up, or, at least pretend it wasn’t happening for a while.  The Uber/Equifax policy on disclosure is somewhat akin to Homer Simpson, aptly putting it…”I’ll hide under some coats and hope that somehow everything will work out!”

The Uber breach was extra special in that they actually paid the hackers to shut-up and destroy the data they stole so no worries there right? Because hackers have a really rock solid code of ethics. Uber even said they had evidence to suggest data was destroyed. What evidence exactly was that? A screen shot of an empty directory called “Stuff we Stole from Uber” or perhaps they just send them a empty USB stick in the mail with a post-it note saying “See! Gone! We cool?” I’m not totally convinced. Have a quick surf through Dream Market (other Dark Web Marketplaces are available) and see what’s there.

But how do these things happen in the first place? 

Read more in the official show notes

https://codifyre.com/technology/data-breach-is-my-data-safe/

The Internet of Things! Oh! That! The Internet… got it… Of… no problem… Things… nope you lost me.

When I first heard the term IoT I had no f*cking idea what it was and what it meant. Obviously it was made completely clear when I was told what it stood for…

How long did it take, and who came up with that catch phrase?  And why on earth did it stick?  Internet of Stuff would have been IOS and we can’t have Apple breathing down our necks. Internet of Devices? What stopped us there? The Institute of Directors perhaps? Those biz savvy suits play hardball about being top dog on the google search so we couldn’t usurp that acronym. So here we are with IoT.

Regardless of how we got here… IoT is a buzzword/acronym/TLA (three letter acronym)/phrase which only through the atrition of use is starting to become somewhat understood.

Defering to wikipedia (give that guy some money) it’s defined as: “The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to connect and exchange data.”

Teddy “Creepy” Ruxpin

It’s that last bit… the “network connectivity” that is the critical new element that creates IoT.  We’ve had the “physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators”…and of course the machine that goes “ping!” for a while now in the form of TVs, toasters, baby monitors, lawn mowers, ovens, heart monitors and teddy bears. Yes Teddy Bears. I’m thinking of that old scary Teddy Ruxpin thing from the 80s. It haunts me in my nightmares.

Read more on our blog/shownotes page.

https://codifyre.com/culture/iot-internet-things-2017-probably-internet-stuff-acronym-already-taken/

This is one of those subjects that has struck everyone from the techno security guru to the average person who might simply be trying to do their job.  Ransomware brands such as Goldeneye, Petya (and its counterpart NotPetya), Cryptolocker, CryptoWall, Locky, WannaCry and very recently, Bad Rabbit (to name only a few) have been making headlines across the globe.

I’ll start by taking a quick step back and just define Ransomware before I discuss how it tricks us into letting it in the door. I'll then take you through the stages of it's existence and finally what we can do to be better in the face of quickly advancing and mutating Ransomware attacks.

2017 was the year of the Ransomware... or is it?  2018 is just around the corner so only time will tell.

Check out the full blog article based on this podcast on the Codifyre website.

https://codifyre.com/tech-skills/what-is-ransomware/

Follow on twitter http://www.twitter.com/codifyre

Like on Facebook http://www.facebook.com/codifyre

I’m in a taxi with my friend Sascha (names unchanged to torment the guilty) at about 3 in the morning and the taxi driver somehow ends up talking to us about whether he should buy or invest in Bitcoin.  Sascha pipes in first saying it’s a huge waste of time, it isn’t really worth anything and that anyone who buys Bitcoins should be thrown out of the taxi at high speed with their shirt off.   I may be paraphrasing and taking liberties but the message was clear.  He wasn’t pro-Bitcoin.

This podcast explores the debates, the opinion and the history surrounding this technology.  I've intentionally dated it 2017 because it's changing so fast, who knows, there might be a 2018 (and 2019) episode.

Check out the full blog article based on this podcast on the Codifyre website.

https://codifyre.com/culture/wtf-is-a-bitcoin/

Follow on twitter http://www.twitter.com/codifyre

Like on Facebook http://www.facebook.com/codifyre