Friday, 31 August 2018

Oh-Air Canada


Air Canada are in the midst of dealing with a data breach with sensitive data that could lead to identify fraud.

The data that has been lost includes the usual, name, address, email address and telephone numbers. In addition, passport information, country of residence, nationality and dates of birth have been lost.

Although the investigation is on going about how this has happened, it has been highlighted that there is a poor password policy on the Air Canada site, only allowing passwords of 6 to 10 characters, with only letters and numbers allowed.  It makes it all too easy to use use simple passwords on the site, and complex passwords would not be accepted.

Not great news as government issued documents like passports and driving licences are used as a form of ID typically in the safe keeping of the owner.  So use advice, keep tabs on financial activities on your accounts, and consider regularly checking your credit score for anomalies.

Wednesday, 22 August 2018

Superdrug, but not super security

Another day and we see another high profile data breach in the news. This time Superdrug are believed to have had a data breach with a loss of the personal details of 20,000 individuals.
These are the initial figures reported, so could change, if it's anything like the Dixons Carphone reports.

"Only" personal details have been lost and not banking or payment card information. The usual advice applies, change passwords, especially if you use the same password in multiple places on the same email address.


Wednesday, 15 August 2018

When you read "Putting Stickers On Your Laptop Is Probably a Bad Security Idea"...

https://motherboard.vice.com/en_us/article/pawvnk/stickers-on-laptop-operational-security-bad-idea

There is a quote from the article that says: “Conferences, border crossing[s], airports, public places—stickers will/can get you targeted for opposition research, industrial espionage, legal or investigative scrutiny,”

It looks like I may need a travel laptop!


Wednesday, 8 August 2018

Blogging overhaul

I bought this domain over 18 years ago on a whim.  Since then little has been done with it, except host this blog, and use the web page to redirect here.

After all the changes to Chrome and the recommendation for HTTPS sites, that needed fixing for both my website and this blog.  It would be strange to got to a secure blog that was hosted on HTTP!

After digging out old passwords, I've transferred my host name from China (I have no idea how it ended up there) and brought it LCN.  I've opted to create a simple website to mimic the sort of information I have on LinkedIn, and enabled HTTPS on Blogger.

I realise I've left this blog alone for around a year, around the same time I took on a new role at work.  As I've got into the swing of things, I'll get this blog back on track with a focus on cyber security.

I may back fill the last year's worth of blogs about major breaches and incidents, but we'll see as the focus will be new articles and comments going forward.  As a sign of things to come, and giving it a name and logo makes it "a thing", I've created a simple logo to use with this blog.

Enjoy the new content going forward!

 blog.andytang.com