Blog‎ > ‎

To-Do, Security Solutions, VDSL2, Network Security, Found Documents and Backpack, Outlook Email

posted Oct 29, 2016, 6:25 AM by Sami Lehtinen   [ updated Oct 29, 2016, 6:26 AM ]
  • I'm looking for task manager / to-do / task list application. Should be nice, light, simple, fast, private, work on Windows, Linux, Android + Web. I've been looking such for a few years. But haven't found perfect one? Got any suggestions?
  • Discussed with a friend their security solutions. Their systems are so secure (in overkill sense) that nobody gets anything done anymore. Repeated session authentications with short interval timeouts, physical security tokens, pin-codes, biometric identification. Very restricted white list based access to data, applications and Internet. Mantraps with multi-factor identification to enter the office and other fun stuff. - But as far as I know, that's the only way. Restricting things to extreme basics, will limit number of attack vectors and flaws. As said, any computer using email client or standard web-browser is vulnerable in so many ways and on multiple layers, that it's impossible to even start guessing how many ways there are. Some customers require security, but most of customers immediately drop the 'dreams about security' when they start to realize how much trouble and cost the actual security is going to require. If there's any way to circumvent the security, users will do it. On purpose or just because the guidelines are annoying. Yes, that's going to happen sooner or later, even if they're strictly instructed not to do so. Therefore it's much better not to leave them an option.
  • One VDSL2 has been clearly losing speed over time. I guess it's because more VDSL2 connections are being run over same set of cables the cross talk problem is getting worse. Attenuation is really low, but SNR gets worse and worse and actual data rates drop with it too. Wrote a long Finnish discussion opening about this topic. I'll write follow up blog posts if there's some unexpected development.
  • One friend found interesting network cabinet. He's hobby is to trying to enter everywhere and look around what he can find freely accessible. In this case, it's network cabinet which allows accessing buildings basement networking cabinet, allowing access to several company Intranets, because inter floor / networking cabinets routing passes via this cabinet. It's not locked, business as usual and major security flaw. Passive snooping of traffic revealed quickly bunch of servers and other interesting things. But can't tell more. This is the state of normal net security. Actually that's more common than you would think. We've seen such cases over and over again. Stealing all the GBIC 10Gbit fiber modules would have been a quick fix for a junkie. Yet those aren't really that valuable. Why not stealing the whole switch when you start doing it.
  • Checked paper waste basked for fun. Found out list of people under "home care" with address, door codes, location of medication, what medication they've got. Visiting times (for care takers) etc. If I would be doing a bad thing, or interested to rob certain type of medication from these people, this would make it ridiculously easy to target them. Knowing their full time, visiting times etc, would make it actually quite easy to to go and steal stuff, so they don't even realize that anything was taken. If they try to resit, that's no problem too. You'll already know they're in no condition to resist because they're under home care. If you're fit and in good condition, there's no reason for such services. - Fail. Reported it to the national data protection authority. Let's see if they care. From 'movie perspective' it would interesting to see how long it takes them to figure out the 'profile' and 'pattern', what's combining all of these persons getting targeted. Probably not long in this case, it would be too obvious. - How this ended? Well, they asked me to return the documents to them and delete any possible electronic copies. No body knows if any further actions were taken. - Nothing new, when things are wiped under the rug, everything is good and we don't really need to care about that.
  • Also found one backpack containing keys and stuff. Yet I had no interest to explore it further so I left it where I found it, if someone's going to look for it. - I heard from the guys in the park, that the backpack and keys found it's owner so everything went well and as assumed.
  • Microsoft - Outlook - Not fun enough? I've just got a bounce when sending email from Outlook to Outlook. Come on, how crappy this stuff can be. Hopeless. I guess I'll have to setup my own email server again. These cloud services simply suck and hard. - After checking the details, it seems that email from Outlook to Outlook was rejected because "Part of their network is on our block list". Actually this wasn't the first time this has happened. Come on, Microsoft give some kind of try even. Please hire even one competent person to take care of your lame systems. Reporting server and destination server are both Microsoft's own servers.
  • Funny week, so many security fails on multiple levels to report. - Actually I've written about three or for of the latest posts during this week, so it's not only issues I've posted in this post. It's probable that I'm not going to publish all of these post at the same time, so it's just good to know.