I completed a fun project over the holidays – a program that reads a file out loud to Amazon Alexa, byte-for-byte, to upload it to a remote host. Read about it here: https://articles.hotelexistence.ca/posts/voiceassistantfiletransferprotocol/
I created a service that website operators can deploy on AWS to check if their users are using passwords known to be breached, comparing them against Troy Hunt’s ihavebeenpwned database of ~600M breached passwords. Read about it out here: https://articles.hotelexistence.ca/posts/protectuserscredentialstuffing/
I got an email from Amazon today. I’m automatically opted-in to “Amazon Sidewalk”, unless I choose to opt out. Amazon Sidewalk allows devices participating their Sidewalk program to connect to the Internet through Amazon devices, like the Amazon Echo.
Amazon Sidewalk – a mesh network for Amazon devices to connect to the Internet:
Not exactly how I’d envisioned a neighborhood mesh, but their “read the fine print to opt out” strategy will probably work better than my asking neighbors to build a network.
I was listening to the Darknet Diaries Magecart episode before the holidays and was thinking, “Magecart attacks should be pretty easy to detect with web automation”, so I wrote up how I would do it. If you run a web property that processes sensitive data, it might be of interest. Check it out here: https://articles.hotelexistence.ca/posts/browserautomationtodetectwebskimming/
I have been thinking about changing how I host this site, and decided to try it out for this article – more on this later.
Here’s an OLD story about famous scientist Richard Feynman, who had fun cracking the safes of all his fellow scientists working on the Manhattan project in WW2:
http://www.cs.virginia.edu/cs588/safecracker.pdf (this is a long read best left for an evening at home).
What’s interesting is how easily you can draw parallels to the security issues we face today. You could almost swap the word “safe” with “web application”, and “atom bomb design” with “financial data”, and the story almost carries over to today. These safes/filing cabinets contained documents relating to the atomic bomb (ie: something worth protecting).
To break the safes, he used:
- social techniques
- default safe codes
- known design defects
Sound familiar? What’s funny, is the reaction to his activities was not to improve security, but to try keep him out of the rooms, and pretend the problem didn’t exist.