Monday, August 27, 2012

Katee Sackhoff takes possession of a cycle fit for Starbuck

As if I wasn't in love with her before... She's a biker too. You are pure awesomeness Katee!

Posted via email from ninjahippie's (pre) posterous

Monday, August 20, 2012

Looks like I'm done with OpenDNS

Here's why:

For some reason they feel it's necessary to proxy/decrypt SSL sessions.  Really dislike it ALLOT when I go to login to my bank or PayPal account and get a warning about the SSL cert belonging not to PayPal but OpenDNS.  Hey OpenDNS - WTF?  What possible rationale do you have for doing this?

If I'm a customer that wants you to scan my outbound traffic for data leaks and authorize this then fine.  Doing it to folks that just want fast reliable DNS is shady at best.  Like a mailbox rental place that opens everyone's letters and packages before sending them.  

Second, I use a certain anonymizing proxy for some things.  Suddenly OpenDNS has decided to just not resolve that FQDN. They aren't openly blocking it. They just refuse to resolve it.  They will tell you the DNS servers responsible for that domain but just refuse to return the actual records - substituting them with one of their own (I suspect another OpenDNS man in the middle attack).  The servers are working, the DNS servers for that domain are working, and looking up that FQDN on any other DNS server that behaves rationally returns the actual address records.  Not OpenDNS - the passive aggressive filtering DNS company...

Annoying.  I had held them out and even recommended them as a respectable, fast and trustworthy company.  Hate it when I get proven wrong.

Air Conditioning the Military Costs More Than NASA's Entire Budget

Wednesday, August 08, 2012

Smug IT Security Guy Fail

I write (gripe) about IT security failures all the time on this blog.  Sometimes pointing fingers and laughing.  Well I had one of my own and it points out a couple of really great points.  1. Even IT security pros make dumb mistakes 2. Always follow your own advice.

Here's what happened.  In my home, my sons and I have this little game where we try to grab each other's devices and make a post Facebook - Twitter - G+ etc.  After being owned a few times I locked down my phone.  Turns out this is a PIA.  When I grab my mobile I want instant gratification not a password challenge.  Also on Android you miss out on some pretty nifty lock screen features if you use a passcode/pattern/face.

So I got a cool app (Perfect App Lock) and setup access for the apps that posed a danger.  Done and done.  You'd think.

What I failed to do however was #1 on the list of developing any security policy.  I didn't do a threat assessment before starting.

I installed and configured the app and setup my "forgot pass code" security question.  I selected a question that was not in any way public information and was quite personal.  Pretty normal for me in my day to day security.  This would have prevented any stranger from being able to use my apps.  Someone that knows me intimately - like say, my sons - however, well, not so much.  My brilliant 13 yr old circumvented the app in seconds.

Facepalm.  I fell into my normal security mode and totally failed to consider the "threat" I was trying to protect against.

Do. Your. Threat. Assessment.

Posted via email from ninjahippie's (pre) posterous