Gidley's Gossipings

A blog about not much really

What was more significant for PayTV the Apple TV+ or Google Stadia announcement?

There have been 2 big announcements this week that impact the TV industry - 1) Apple announcing their OTT proposition and 2) Google announcing Stadia and I’d like to argue that of the two the most significant for the TV industry is the Google announcement. If we review what we know about each announcement Apple TV+ A PayTV Service reaching Apple and some non-apple devices (FireTV) A large potential global audience Lots of content - both original and from existing networks Aimed primarily at Apple Ecosystem, with some support for 3rd party devices (Amazon Fire, Samsung, LG, Roku) Google Stadia A Gaming service based on cloud servers and low latency streaming A Game controller offer low latency response Tools to enable games to be ported to the service Targeted at any device - runs on Phones and Browsers These are both big announcements but I’d argue the Apple one is less significant. Read more →

Aston Crews & Surrounds

This is a collection of photo’s of the view from Aston Crews, Ross-On-Wye, Herefordshire, UK during 2018. The view towards Ross in the snow The view towards Ross with a nice sunset in Feb Read more →

manifesto for cybersecurity

The recent ransomware attacks have focused lots of minds onto cyber security, however many of the solutions being proposed are little more than sticking plasters to the larger underlying issue - namely systems are not secure by default. The ‘trend’ in software has been to launch it, then fix it. This is a very attractive proposition for business, as it lets them discover the ideas that work and don’t work, and then iteratively improve them. Read more →

WannaCrypt was it good for the security industry?

This weekend we saw ‘the biggest cyber attack ever’ and a few people (who don’t work in IT) have asked me - will it be good for you (as I work for Irdeto - a Digital Platform Security company). It’s an interesting question to consider - these big attacks make a lot of noise, so you’d expect on Monday morning the business of cyber security will get easier! However I think the reality is a bit more nuanced. Read more →

wanntcryptor 2.0 ransomware and negligence

Yesterday the news rapidly filled up with reports on a ‘massive cyberattack’, as I’m in the UK the press coverage was focused on the NHS and initially was full of comments about ‘smart’ hackers. This reporting is, in my opinion, giving these organizations an excuse for their negligence. The reporting often implies the attack is some kind of ‘act of god’ that they could not avoid, in this case it was trivial to avoid it, simply don’t connect out of date systems to the internet. Read more →

Are you feeling lucky?

How lucky do you feel today? It’s an important question as your IT security is probably mostly down to luck. If we examine most ‘hacks’ we usually see the organisation hit issuing statements about ‘sophisticated hackers’ and the public image of hackers, as lone genius’s wearing hoodies in darkend rooms is re-enforced. In fact most attacks are perpetrated by far less skilled people and succeed by luck. That’s not to say there aren’t some super skilled experts out there, but they are few and far between. Read more →

Computers are complex, so is protecting them

Computer systems are complex, and the complexity has been at the point for quite a few years now it’s impossible for any one person to understand ‘everything’ about any given system. There will often be people with a good understanding the ‘building blocks’ but it’s pretty much impossible to understand all the detail of the code, libaries and platforms it depends on. Complexity has massive implications for the security of computer systems. Read more →

Certs again

Once again a major CA (Symantec) has been ‘caught’ issuing certificates improperly. There is a great write up on Ars Technica. This is really significant as falsly issued CA certificates are one (of many) way to MITM SSL. This underlies the extreme difficulty in securing anything in IT. There are simply too many ‘moving parts’ and people in involved in securing anything. Your computers security depends on thousands of people and companies all doing everything correctly all of the time, and simple law of averages suggests this is unlikely to ever happen! Read more →

N26

There is a really good talk about some vulnerabilities found in the N26 banking app presented at the CCC congress this year. The talk is worth a watch but it does highlight some key points No Certificate Pinning was being used that made it easy for the research to MITM the app that’s not to say Cert Pinning fixes all issues but doing it makes things a lot harder for attackers. Read more →

Kaspersky

Ouch - Kaspersky have been enabling MITM attacks on their customer base. The Register citig a Chrome bug report explains how you can use this to trick consumers in thinking a site is valid/safe when it is not. This underlines the ease of MITM SSL/TLS - see my previous article for all the different ways this can be done! Read more →