Recent announcements by Google that they would begin to de-emphasize search results to sites that aren’t protected by SSL/TLS encryption (that green lock you see to the left of your browser URL bar) weren’t surprising, but it was a eye opener.

This site (tralfaz.com), its sister site (tralfaz.org), and the Greytbros, as well as Barbara’s wordsbybarbara were all at risk of going essentially invisible. Continue reading →

Props to Microsoft

It almost pains me to admit it, but Microsoft has gone a long way to restoring my trust in them as a brand and a company to do business with. From the bullshit around Internet Explorer 6 (that I still have to deal with on my websites), to the piss poor security model of pre SP2 Windows XP, they had a pretty big deficit to overcome. How did they do it (in my case at least?)

Yesterday, I got a message that someone suspicious had control of my live.com account. I happen to have a couple, so it took me a while to realize that it was the one that is my Xbox Live account (and uses my gmail address). I haven’t actually logged into the account in a couple of years, and it was really just used to coordinate my activities on my xbox. No email, no other “goodies“, so low risk. Or so I thought.

Sigh, so I go “reclaim” my account. Not too hard as the asshat who scammed the credentials hadn’t done anything to change the main security features. Phew. Fortunately, I have a pretty long history with Microsoft commercially, and I will admit that their business/billing systems are pretty good to work with. No real complaints, clearly they have a good grasp on dealing with the masses (unlike Google, cough. cough) when there are issues.

As has become the custom, I turned on 2 factor authentication. Really annoying to do this for a lightweight use, but c’est la vie. There is an “app” that you can setup to provide the code (or you can just go with the SMS message to your phone”.

Yep, Microsoft uses the Google Authenticator application. Kick ass.

Who would have thought that MSFT would use the Google tool?

Oh, and they acknowledge that a few people do want to use iPhones for their services, so there are really good setup instructions for Apple gear.

Trust not completely restored, but well on the path. Credit where credit is due.

Woo hoo! I am a security Risk!

A post I entered earlier got flagged by a friend’s work internet filter.

I have been blocked! How awesome is that.

He gets this when he tries to surf to this site:

Clicked the link to read your post… while here at KT. Here’s what I got:

Your requested URL has been blocked by the Global Threat Intelligence Reputation System. The URL is listed with a reputation that is not allowed by your administrator at this time.

I guess you’re a security threat, Geoff.


How awesome is that!

Things that make you go hmmmmm

My wife has a touch of OCD.  When we are traveling, she will close the hotel door.  Then check to see it is locked. Then invariably, she will go back 5 seconds later to check it again.

When shopping, after using the remote to lock the doors of the car, she will walk about 40 feet away, and then return to check the doors again (all the doors, not just one).

Weird, compulsive and annoying.

But in the online world, she uses weak passwords (about 4 of them) and repeats them everywhere.  Can’t remember anything really difficult, so they are rediculously predictable.

I bought her 1Password, and have tried to teach her how to use it.  Can’t get it.  She must have 50 saved logins for her online banking site.  Sigh.