What's the risk from fake Yubikeys?


Meme in the style of "You Wouldn't Download A Car" saying "You wouldn't take a free USB stick.

I found this on a security-related Slack (shared with permission). It launched an entertaining discussion about the risks of taking a potentially fake FIDO token. We all know the risks of taking a free USB drive and shoving it in our computer, right? USB sticks can install software, act as a keylogger, transmit data over WiFi, and even physically damage the electronics! So a USB Yubikey could do all those things - but could it do anything malicious as an MFA token? And - at the risk of …

Continue reading →

Gadget Review: X-Sense wireless interlinked smoke alarms


A smoke alarm with a backlit screen and RGB LED.

One of the problems with smoke alarms is that they aren't always easy to hear from a distance. If the alarm in your kitchen goes off, but you're upstairs listening to music - will you hear it? The law in Scotland has recently changed to require interlinked alarms. That means if one goes off, all of them sound the alarm. The good folk at X-Sense have sent me their SC07-W set to review. For about £100 you get three units which have already been set to a unique network. They have a sealed …

Continue reading →

How would you avoid getting "Jobfished"?


A tangled mosaic of video calls.

I've just finished watching the amazing documentary "Jobfished". It tells the story of a group of people who were conned into working for a "fake" company. You can read the news article - it's pretty depressing stuff. In the middle of a pandemic, people were asked to work for what looked like an established media agency, for people who appeared to have a long history in the sector. The pay was commission only, with the promise of decent salaries in a few months. But several members of the…

Continue reading →