Author: Robby Pedrica

  • Multichoice and some news

    Multichoice and some news

    DSTV has always been a contentious subject amongst South Africans.  Multichoice paved the way for pay-tv with the introduction of Mnet in the mid-80’s; following this, they introduced the digital satellite service DSTV in 1995 effectively becoming a monopoly in South Africa. High costs, many repeats and channel binding seem to show Multichoice as the…

  • South African Security (Fails)

    It’s been a while since my last post but recent events in SA around security have prompted me to write this post. It starts with an open website containing what is now believed to be upwards of 70 million entries for names, ID numbers, income, addresses and other information on South African citizens/residents including possibly…

  • Email anti-spam, authentication and signing solutions

    There are many solutions providing encryption, anti-spam, authentication and others  available on top of the venerable SMTP protocol. Some of these require management overhead, others require end-user input. But the holy grail is to provide all these features with no user input and low management overhead. Basics The most important information needed before starting with…

  • A little bit of ransomware with that Sauerkraut?

    A little bit of ransomware with that Sauerkraut?

    This past weekend’s shenanigans with WannaCry have been painful for many people. But the simple fact is that solutions for this specific issue ( and many others ) have been available for a long time. The initial patch for the MS17-101 issue was released by Microsoft in March 2017. Didn’t update? Many AV vendors have…

  • The NSA and Ransomware. Oh and a bit of HPE on the side.

    The NSA and Ransomware. Oh and a bit of HPE on the side.

    If ever there was a perfect example of stupidity, the new highly virulent strain of WanaCrypt ransomware that is currently spreading like wildfire, is it. And that stupidity is care of the NSA; who in their infinite wisdom, wrote exploits based on 0-day vulnerabilities that should have been reported to the relevant vendors, but was…

  • Symantec, Google and the SSL Monkey

    Symantec, Google and the SSL Monkey

    Some education first PKI or Public Key Infrastructure is a technology that allows website visitors to trust SSL certificates presented by SSL encrypted websites. An example is when you visit your Internet Banking website – you can verify the authenticity of the site by checking the SSL Certificate of the site ( ie. clicking on…

  • Password Managers

    Password Managers

    The current mainstream method of authenticating to applications and systems remains a difficult prospect for most people. Password re-use is not a good idea but remembering a separate password for each system is not feasible. Biometrics and 2-factor-authentication are great solutions but not available in all circumstances, and typically the 1st factor is still a…

  • Your TV is being creepy

    Your TV is being creepy

    Of all the points of electronic insecurity one deals with every day, your TV is probably the last you’d expect. Not so, because Vizio has been caught spying on its customers – through approximately 11 million smart TVs in the US and since 2014. These TVs have automatically tracked consumers’ viewing habits and sent that data…

  • Equality and security

    Equality and security

    Trending on Twitter right now: There are no US ambassadors because Donald Trump just fired them all True or False? I recently wrote a piece on “fake news and false information” in the context of online security. The feedback was interesting because most commenters did not ( immediately ) equate fake news/false information with their own…

  • Fake news and false information

    Fake news and false information

    We live in the information age and information is arguably the most important form of currency now and we’re bombarded with it 24×365. A never ending stream of information, news and data fed through channels like Facebook, YouTube, Twitter and Instagram. And it’s this overload of information that can lead to bad decisions and behaviour.…

  • Windows 10 updates and privacy settings

    Windows 10 updates and privacy settings

    Windows 10 has put a heavy burden on network administrators due to its overhauled update system and numerous privacy settings. The results are a significant increase in network traffic, a slow down in machine operation and information leakage. Here follows a number of suggested settings to help minimise the impact of these changes and safeguard your…

  • DNS Meltdown

    DNS Meltdown

    There have been enough clues over the last few years that the global DNS system as used in its current form, is particularly frail and subject to simple attacks. Yet the main commercial protagonists piggy-backing onto this system, have remained almost spectacularly silent on the issue and there seems to be little impetus to change things. Similar…

  • Office365 Ransomware attack

    Office365 Ransomware attack

    There is a massive ransomware attack targeting Office365 users at the moment. Originating on the 22nd of this month, the attack used phishing emails to distribute the Cerber ransomware, which encrypts users’ files and demands a ransom to decrypt the files. Cerber was widely distributed after its originator was apparently able to easily confirm that…

  • ISP data breach

    For anyone using local ISP CrystalWeb for internet access, you may want to immediately change your details and password on their system as that system has just been fully breached – someone called -hades has posted CrystalWeb’s full client list online including usernames, passwords, emails and other. More importantly, if you reuse this password anywhere else, it’s…

  • Security News – WK4 May 2016

    Security News – WK4 May 2016

    The great Linkedin hack A hacker called “Peace” recently tried to sell a password database of ~ 117 million Linkedin login details that come as a the result of a 2012 breach on the professional relationship social media site. In a blog post published on May 18, LinkedIn CISO Cory Scott wrote, “Yesterday, we became…