Book Review: Privacy is Power – Carissa Véliz

by @edent | # # # # | 1 comment | Read ~116 times.
Book Cover.

Without your permission, or even your awareness, tech companies are harvesting your location, your likes, your habits, your relationships, your fears, your medical issues, and sharing it amongst themselves, as well as with governments and a multitude of data vultures. They’re not just selling your data. They’re selling the power to influence you and decide…

Continue reading →

Review: eufyCam 2C Wireless Home Security Camera System

by @edent | # # # # | 2 comments | Read ~125 times.
Flyer explaining how Eufy is different.

I hate the Internet of Things. It’s a load of overpriced junk, which abuses your privacy and demands a monthly fee in return. That’s why I was pleasantly surprised to see this fall out of the eufyCam 2C box. There’s no monthly fee. The recordings stay in your home. The batteries last for ages. I…

Continue reading →

I have 4% 2FA coverage

by @edent | # # # | 2 comments | Read ~195 times.
A long list of 2FA tokens.

Last year, when doing some digital spring-cleaning, I realised that I had 800 different passwords. I tried going through them, removing long-dead websites, closing old accounts, and deleting anything incriminating. I now have 891 accounts. Arse. I also went through my 31 different 2FA accounts. Getting rid of old employers’ email tokens, failed crypto wallet…

Continue reading →

More Phishers On Twitter

by @edent | # # # # # | 4 comments | Read ~1,071 times.
A Twitter exchange. Virgin ask Dom for his address - which he gives. Then they ask for his full credit card details. He refuses.

My mate Dom was moaning to his ISP on Twitter. They sent him a private message so they could look into his account. Blimey! Thankfully, that was a pretty brazen and inept attempt at phishing. Anyone asking for all your card details like that should set the alarm bells ringing. Of course, phishers often target…

Continue reading →

“file:///C:/users”

by @edent | # # | Read ~435 times.
List of Tweets where people have pasted a link to their local machine.

Once in a while, I’ll see someone Tweet a “link” to file:///C:/users/… – that’s the Microsoft Windows way of representing a location on a filesystem. Usually this means that the user has tried to either drag ‘n’ drop something, or copied a link from their file explorer. There are some (mild) infosec risks you should…

Continue reading →

GDPR and common sense

by @edent | # # # # | 3 comments | Read ~127 times.
Some giant question marks standing in a field.

Every so often, I get a glimpse into the thought processes of someone who has a very different view of the world to me. I don’t deal with people’s personal information often. So I was surprised to receive an email with a multi-megabyte spreadsheet called “Pay and Bonuses 2020”. The email contained this doozy of…

Continue reading →

My 2FA Code was 000 000!

by @edent | # # | 1 comment | Read ~1,025 times.
Facebook's 2FA code page.

I stared at my TOTP generator. Surely this must be a bug? Leap Year related? Or a cold-start error? Or some freaky prank? How could my login code be 000000?!?! A standard TOTP code is normally 6 digits long. There are a million combinations, from 000000 to 999999. A million isn’t a particularly big number.…

Continue reading →

Responsible Disclosure – John Lewis

by @edent | # # # # | 1 comment | Read ~696 times.
John Lewis Website with a big circle drawn on it.

The HTML5 specification is complicated. I’ve been an author on it, and even I couldn’t tell you all the weird little gotchas it contains. Between that and “idiosyncratic” browser engines, it’s a wonder the world wide web works at all. Let’s talk about the humble <meta> element. As its name suggests, it contains metadata about…

Continue reading →

Your webcam cover is messing up your screen brightness

by @edent | # # # | 4 comments | Read ~444 times.
A laptop with the webcam covered - a green LED is visible.

Here’s something I didn’t know – but should have, because it’s obvious… Your screen’s auto-brightness depends on your webcam. If, like me, you have a privacy cover – this happens: The MacBook I’m using doesn’t have any lux sensors that I can see – most phones have a separate sensor which means the camera isn’t…

Continue reading →

Even Google forgets to renew its domains

by @edent | # # # # # | 13 comments | Read ~32,745 times.
Domain showing as available to purchase.

tl;dr Google forgot to renew a domain used in their documentation. It was mildly embarrassing for them. And possibly a minor security concern for some new G-Suite domain administrators Background Choosing a good example domain, to use in documentation, is hard. You want something which is obviously an example, so that users understand they have…

Continue reading →