Skip to main content

Alpha This is a new website theme. Help me improve it and give your feedback (opens in a new tab).

Security

"Security Scanners" Again

Early this morning I was flying from Aberdeen Airport to Berlin for the Tor Metrics Team meeting. I noticed that they have finally put up some signage before the security area and writing this blog post I really wish I’d taken a picture of it just to show how ridiculous it was.

It didn’t have much information on it, but the information it had was almost laughable. For example: “The scanner is lower than a mobile phone”. As someone who understands radio, I assume they mean field strength, but they don’t specify this so they could mean height or long distance call prices.

SMS Verification

I’ve received an email today from Barclaycard with the following:

“From time to time, to make sure it’s you who’s using your Barclaycard online, we’ll send you a text with a verification code for you to use on the Verified by Visa screen that’ll pop up on your payment page.”

The proprietary nature of mobile phones with the hardware specifications and the software being closed off from inspection or audit and considered to be trade secrets make my phone and my tablet the least trusted devices I own and use.

The Internet of Dangerous Auction Sites

It might be that the internet era of fun and games is over, because the internet is now dangerous. – Bruce Schneier

Ok, I know this is kind of old news now, but Bruce Schneier gave testimony to the House of Representatives’ Energy & Commerce Committee about computer security after the Dyn attack. I’m including this quote because I feel it sets the scene nicely for what follows here.

Last week, I was browsing the popular online auction site eBay and I noticed that there was no TLS. For a moment, I considered that maybe my traffic was being intercepted deliberately, there’s no way that eBay as a global company would be deliberately risking users in this way. I was wrong. There is not and has never been TLS for large swathes of the eBay site. In fact, the only point at which I’ve found TLS is in their help pages and when it comes to entering card details (although it’ll give you back the last 4 digits of your card over a plaintext channel).

Contact