The USA’s Department of Defense has a Defense Industrial Base (DIB) Cybersecurity (CS) Program to safeguard information. Under the DIB CS Program, DoD and DIB participants share cyber threat information. In October, the group released a detailed guide on one of our favourite topics, Agile software development. Agile software development is an approach where ‘requirements and solutions evolve through the collaborative effort of...
Cloud authentication: locked out of your home?
On Wednesday, October 10th, it was reported in the Daily Mail and The Register that the security company Yale had unplanned network maintenance which caused their cloud service to go offline for 24 hours. Please bear with us, we apologise for any inconvenience caused. *Please note this issue affects all of our app-controlled alarm systems, however the arm and disarm function is still active via keypad and key fob* Please watch this space for...
Google Chrome breaks the world-wide-web – www and m subdomain hidden in address bar
Google Chrome has recently made the unpopular move to fundamentally change how URLs are shown in the browser. In almost all browsers (except Safari, below), the full URL is shown in the address bar, https protocol and all. However, with version 69 of the Google Chrome browser, a change has been made to attempt to tidy up how URLs are displayed. The method they’ve chosen is to hide the https/http protocol, as well as any ‘www.’...
Are your S3 buckets private?
Alongside checking your backups are working, updating your systems, checking for viruses, and all the other monthly tasks, it’s easy to overlook simple security areas of your network and storage. Over the past few months, there have been a deluge of exposed Amazon S3 buckets which have been exposed or found. The data of 123 million American voters has been leaked, 20,000 Indian medical records, as well as 48 million social media records,...
Are Cloudflare to start their own Public DNS?
It’s heavily rumoured that Cloudflare will soon be announcing a Public DNS server. Their website, every1dns.com is currently empty, but Google have a cached version of the site available. The two DNS servers, easier to remember than Googles are said to be 1.1.1.1 and 1.0.0.1. According to their website, both support encrypted DNS as well as DNS over HTTPS. They claim they have retained KMPG to audit our systems annually to ensure that...
Word blacklists, censorship, and Google Shopping
As of recently, Google have ‘broken’ Google Shopping. It appears they have set up a blacklist of words which cannot be used in searches. The problem is commonly called the Scunthorpe Problem. This is where certain words or phrases are caught by a spam filter or search engine because the words used contains a string of letters which have been deemed to be unfit to be used. As can be seen with with the words Scunthorpe, Shitake...