Categories
Security

API security from REDHAT

Use tokens. Establish trusted identities and then control access to services and resources by using tokens assigned to those identities. Use encryption and signatures. Encrypt your data using a method like TLS(see above). Require signatures to ensure that the right users are decrypting and modifying your data, and no one else. Identify vulnerabilities. Keep up […]

Categories
Privacy Security

Amazon Alexa

IoT is a huge topic and one that is hugely relevant for all computing students I feel. There is a tremendous number of data points generated and a scary level of security in general – so very many loopholes! ECHO UTILITY “The Gartner Hype Cycle of Emerging Technologies“ was covered in detail yesterday so I […]

Categories
Privacy Security

Snowden & Metadata + “”””””

Here are some random key quotes from Snowden’s new book that are of particular interest. On metadata : metadata is data about data ….. …communication(s) is rarely as revealing as its other elements—the unwritten, unspoken information that can expose the broader context and patterns of behaviour. He means to say the real evil of the […]

Categories
Security

RISK

this weeks musings….. Risk is a factor in absolutely every decision we make. Ultimately, in a business scenario,I feel its the company ethos, the company culture, that has a bigger impact than a mandate from management when considering IT risk. The majority of companies now absolutely depend on their systems. A large fractured struggling company […]

Categories
Security

Attack Ideas

As part of our Information Security week we were asked to create a potential social engineering attack plan. Here’s mine based upon a researched template. What do you think?? ………………………. “WORDPRESS ECOSYSTEM HACK” The WordPress ecosystem is known to have security vunerabilities, (Link: https://www.freecodecamp.org/news/wordpress-vulnerabilities-you-need-to-know-about-and-how-to-fix-them-497a2d8b2c3e/), mainly due to users not updating to the latest version of […]

Categories
Security

Information Security – Crisis

I thought I would mention some of the events I’ve come across in recent times. This isn’t an exhaustive list or timelined resource of the most dramatic events – simply a reference to those that struck a chord with me or those I learned the details on. (All topics relate to digital security or privacy.) […]

Categories
Security

basic experiences in security

Here’s a short summary with some of my very limited exposure to the processes of security in our digital world. Google and Android has a ‘work profile’ function on mobile that is activated when you use G-Suite (for me it was setting up Gmail in a custom domain.) It was more than I needed but […]

Categories
Privacy Security

*panopticon

Naval coincidentally tweeted about the very topic that has now taken over my focus as we began researching and writing about information security at uni this week. I’ve been diving deep on Snowden lately (blog link), all with the angle of – is he paranoid or simply not naiive? So are the security agencies overstepping […]

Categories
Security

Security & crypto

Despite being a lover of technology I must admit to never having taken an interest into security. But recently I started a security section in a ‘coding’ education app, Enki. Learning about whole new concepts of the internet protocols and standard testing practices were very interesting. If I’m really honest the interest in security has […]