The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,351 other followers

Archive for the ‘Security’ Category

Certified Secure – XS4ALL Challenge

Posted by jpluimers on 2021/04/23

This was a cool one a few years back: [WayBack] Certified Secure – XS4ALL Challenge

–jeroen

Posted in Fun, History, Power User, Security | Leave a Comment »

<3 "Minimum Defendable Product": it is part of "Minimum Viable Product".

Posted by jpluimers on 2021/04/21

An important concept in [Archive.is] Kristian Köhntopp on Twitter: “<3 “Minimum Defendable Product”. Das ist ein wichtiges Konzept, das übernehme ich in meinen Sprachgebrauch.… “ quoting

[Archive.is] Mario Hachemer on Twitter: “Ich hab einen Vortrag gehalten zu dem Thema IT Security in Start-ups. Einen Begriff den ich zu dem Zweck definiert hab war das “Minimum Defendable Product” im Kontrast zum MVP. Es bietet sich an als Startup kritisch zu ermitteln welche Assetklassen man sichern kann. Das spart.… “

It is from this thread (also a threat) [Archive.is] Kristian Köhntopp on Twitter: “Operational excellence… “:

Operational excellence

Secrets gehören nicht in Source. Keine SSL Keys, keine Datenbank Passworte, und auch sonst nichts.

In Source gehört Code, der Secrets aus einem Secrets Service (Vault et al) holt, oder, wenn man einige Jahre hinterher ist, aus Files, die von hierasecrets gebaut werden.
Auch zum Testen gehören keine Secrets in den Code. auch hier können Testkeys wie in Production provisioniert werden und nach dem Test verworfen werden (wenn man will)

Die Option, Secrets im Code zu haben muss im Code Review angemeckert werden.
Willkommen in 2021, willkommen zu Operational Excellence.

[Wayback] docs.aws.amazon.com/config/latest/…
Hier die passende AWS OE Security Pillar

The first tweet quoted a surprise about the Luca App (which is highly controversial in Germany: it is a Corona contact tracing app which has some [Wayback] severe security issues):

Read the rest of this entry »

Posted in Conference Topics, Conferences, Development, Event, Security, Software Development | Leave a Comment »

Some links with notes on WoonVeilig/Egardia security system communications, protocols and support by 3rd party home automation apps

Posted by jpluimers on 2021/03/23

Security issues for older models (mainly GATE01 and WV-1716 systems; which used a lot of Climax components):

A more recent security review:

Physical security is important too; ensure the system is in an enclosed closet, powered by a UPS and your communication lines are secured as well: [WayBack] Manipulationen an Alarmanlagen verhindern – Smarthomewiki

Dutch links on the hardware connections and protocols used:

More recent information:

API usage:

More subdomains (in 2019) via:

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, Power User, Security, Software Development | Leave a Comment »

Manage two WoonVeilig or egardia systems from one smartphone / Twee WoonVeilig systemen beheren vanaf 1 telefoon

Posted by jpluimers on 2021/03/19

A while ago, I suggested to WoonVeilig that it would be really great if you could manage multiple of their alarm systems from one smartphone without the need to re-logon.

Use cases for managing two security systems are like:

  • managing home and office security systems
  • managing your own security system, and that of a family member in need
  • managing the systems of both your permanent and vacation home

Right now, this is not possible from the WoonVeilig app, but there is a little trick to manage 2 systems from one phone.

This tricks works because the WoonVeilig system is developed by Egardia and both [WayBack] WoonVeilig and [WayBack] Egardia use the same back-end, despite their management sites being slightly different:

This also means that if you want to fiddle with the systems, searching for egardia will get you far more results than for woonveilig.

So the trick is to install two apps, and use different credentials for each app. This allows you to manage two security systems at once:

Notes:

  • in both apps, you can use userid and password woonveiligdemo , or egardia7 to get into a demo environment
  • the WoonVeilig app is only in Dutch
  • the Egardia app allows you to switch languages (English/Dutch/German/French)
  • there are no apps supporting just English, German or French

–jeroen

Posted in Power User, Security | Leave a Comment »

Enable Block at First Sight to detect malware in seconds | Microsoft Docs

Posted by jpluimers on 2021/03/12

On my reading list, because I saw it suddenly enabled on a domain based Windows network:

[WayBackEnable Block at First Sight to detect malware in seconds | Microsoft Docs

Enable the Block at First sight feature to detect and block malware within seconds, and validate that it is configured correctly.

It seems to have been introduced early 2018: Windows Defender – Wikipedia: Advanced Features

Windows 10’s Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed.[5] It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.[21]

There is a BAFS – Windows Defender Testground for which you need a Microsoft account.

–jeroen

Posted in Power User, Security, Windows, Windows 10 | Leave a Comment »

 
%d bloggers like this: