Friday, 9 February 2018

Backups: My "uh oh" moment and what I do now for prevention and recovery

End users generally think, "I've saved the document, I'm all good". They put it into the computer and it'll always be there, ready for when they need it.

My "uh oh" wake up moment with regards to data integrity and backups was a long time ago now. It all started with an Athlon 1.4 system I built for myself. I also built a similarly equipped unit for my parents. Both from parts I purchased at a computer "swap meet" (very rarely these days involving any actual swapping). They both consisted of an MSI motherboard, the AMD CPU, RAM, Sony CD Burner, an ASmart Nvidia based AGP4x card, Creative SoundBlaster Live (which would later fail and make everything sound like cartoon chipmunks), a cheap PSU that came with the case ("Hairong"??), Microsoft Windows 2000 Professional and an IBM hard disk - a 40GB DeskDeathstar (I can sense some of you out there groaning now).

Previously to this, I'd used several machines with several types of hard disk (Maxtor, Seagate, WD, Fujitsu etc.) and never had a problem. I hadn't yet suffered a drive failure and so never really considered it would be a problem.

Well, I copped the Deathstar curse.. bad!

Why integrated smarts in televisions isn't always that good.

Device manufacturers love to add bells and whistles to things to try and stand out from the pack. Promoting the idea that you can do it all with their device and do away with the other stuff you'd usually connect in.. but how does this fare over the long term? I don't think "smart" appliances are necessarily that smart.

Online advertising.. The continuing cat and mouse game..

The online advertising industry needs to tackle security, and tackle it fast!

Wednesday, 27 December 2017

Adding an IP alias to OVH dedicated server

So, as you may have guessed, recently I've moved hosting from a dedicated server at Lunarpages, to a dedicated server at OVH. Lunarpages kept the system I was on going reliably for years (indeed, I'm slowly still migrating services from it), but just couldn't match what I got included by OVH.

Anyway, to keep some things separate, I like to use separate public IPs for them. In the past, you'd just add a stanza to /etc/network/interfaces, and your work was done... but I opted for Ubuntu Server 17.10, and well - it does things differently!

Thursday, 21 December 2017

Adding a public SSH key to OVH control panel

A quick post this one.

You bring up your SSH key, you go to paste it into the OVH interface, and then it refuses to show you the button to submit, what gives?

Thursday, 24 November 2016

Trying to identify a cheap security DVR's real manufacturer

So, someone I know has a cheap security DVR from Aldi. Distributed by "WinPlus Australia", it's been designated the brand and model "Cocoon Digital Video Security System IT115008".

With the latest hype around the Mirai botnet commandering things exactly like such a security DVR, I decided to get in touch with the local distributor and ask them if any issues had been reported, advisories released, or updates made available.

Saturday, 15 October 2016

Possible overlay skimmer security feature?

There's been a lot of talk on various websites about overlay skimmers on POS devices. Talk about technological solutions etc..

You know, I reckon there's a low tech solution.

If the POS device manufacturers supply their own overlays, that are designed to physically probe points that must be altered to capture data such as PIN pad presses, line of sight with PIN pad presses, and/or access to a card's magstripe.

At randomised intervals within a maximum timeframe, a shopkeeper could fit this overlay over each PIN pad in the store in turn, and if the overlay didn't fit, then the PIN pad or whatever other component of the POS device would be known to be outside of physical spec.

Couple this with screening for Bluetooth and other common wireless comms methods using a cheap Android or other cheap wireless enabled device, and it should be possible to pick up when stuff's happening.