All articles tagged as: security

Security Theatre and the Airport

I've previously ranted about "security theatre" that we all suffer every time we fly anywhere so imagine my surprise that I write this airside at a major airport holding a bag that's not been X-rayed... how did I get here? That this is even possible, even as an exception, would seem to support that the hassle we go through at the airport is largely pointless. How did I get here? At security I followed the usual requirements like a good sheep (remove my laptop, iPad, don’t have any liquids etc etc) and yet my bag still ends up in the queue to be searched manually. Due to understaffing…

Read more »

HP Ink DRM

I am never buying an @HP product ever again. This “Ink DRM” is a joke, I don’t even want a colour print but I can’t use this paperweight! — Ross McKillop (@rsmck) October 7, 2017 HP X451dw I love this printer, when it works... It's a fraction of the cost of a laser, instantly ready (no warm-up time) and stupidly fast (I believe, at the time, it was the fastest available although I'm sure it's been surpassed by now) at almost a page per second. I also actually don't print much. I bought the printer in 2014 for £249 and, other than the black, it was still running on the original (reduced…

Read more »

SaaS... Access Control?

There's in increasing tend towards SaaS, and indeed at work we use it extensively with services like Zendesk, Xero, Statuspage.io etc.. I've done a lot (including custom development, and quick hacks like access control notifications in slack) with Paxton's Net2 access control and was recently looking at other options for a new application. What I basically want is Paxton Net2, but with an API (ideally HTTP/JSON) to receive notifications of events and to be able to perform basic control operations This doesn't exist. Doorkeys in the Cloud More frustratingly several companies pushed me towards t…

Read more »

Bizzby Privacy

Update 21st August Having spoken with Bizzby, I'm confident this is an isolated incident and that my concerns about how jobs are allocated to their service provider partners are unfounded. I expect a formal statement from Bizzby to be issued in due course. I received this eMail today (obviously, with some redaction to protect the individual's privacy) from the online "Handyman App" _Bizzby_ which exists to match service providers with jobs that need done. There is just one (well, several) issues here. I am not registered on the Bizzby platform I'm not a plumber or electrician I live about 300…

Read more »

When is withheld, not withheld?

I love Three's new WiFi Calling feature (well, it's an Apple feature, but Three finally decided to support it!) – ultimately it lets me use my phone (most of the time) at home for calls and SMS (think 2FA!) where there is no signal on Three. However, I recently discovered a big issue. With "Show My Caller ID" turned off calls I make are not withheld. That is the called party can see my, supposedly private, Caller ID. The Law Ofcom wrote to all UK CPs a number of years ago reminding them of their responsibilities, part of this eMail included; CPs must respect the privacy rights of con…

Read more »

SMS 2FA and the Modern Smartphone

SMS has been around for over 20 years now and yet this basic 160 character instant messaging service is still widely used for marketing, transactional messages and two-factor authentication ("2FA") This was just a random thought when trying to log into something for the third time today that requires an SMS OTP. When I'm staring at a form input box and my phone receives a message at that exact moment the chances are it's to fill that box in, it'd be nice if this was more streamlined! Imagine if, for example, an HTML form could listen for the message.. perhaps with something like the…

Read more »

Alarm Monitoring (With Raspberry Pi)

I'm responsible for a commercial buildings that, as you would expect, have monitored alarms, access control and such like. However, commercial alarm monitoring is horrendously expensive, and most of them are stuck in the dark ages; I want to be able to monitor the condition of my alarm remotely, and get notifications in a useful way. Piece of cake pi My usual solution to these sorts of problems - Raspberry Pi. I've found use for this £30 mini Linux box in lighting control, information displays, presentations, video servers, phone systems and more... Connecting to the alarm Most alarms have a c…

Read more »

iMessage Preview

So, iMessage has a handy new feature - both on iOS and MacOS - where if you send someone a URL it will extract some metadata from this URL and display it as a clickable link; You'll be used to this behaviour if you use Facebook or Slack, as it provides useful meaningful content for a link. However, there's a big difference between their implementation and iMessage. When you use Facebook or Slack, the website you've linked to will see a request from Facebook or Slack's servers. Information Leakage iMessage makes a request from the device itself which reveals some significant information; The ta…

Read more »

Phishing at LLoyds

Today I received a phishing eMail, nothing unusual there... I get loads of them, but this is a little more convincing than most for one reason, it contained my postal address (ok, one from many years ago, but nonetheless it proves that it was a lot more targeted than some) The eMail As usual the grammar and formatting are both terrible, so you'd be unlikely to believe this is from Lloyds bank, but many people do it seems. The usual fake urgency is a bit of a giveaway as well - Please respond within the next hour to avoid a permanent block. - why ? So, let's respond ... The website This is actu…

Read more »

Reverse Lookup ("CNAM") in the UK

For many years the USA has had a 'CNAM' service (or Caller ID Name), allowing telecoms operators to show the name of the caller rather than a number. There are obvious advantages to this, having "BT" show when they phone rather than 0800 800 150 would be much more useful, but is also open to abuse. After all, would you trust a call appearing to be from your bank if the name appeared? The method of powering this is known as a Reverse Lookup. OpenCNAM Today I stumbled upon a service called OpenCNAM which claims to offer this across the globe and, surprisingly, matched my mobile number…

Read more »