Vegard Skjefstad

www.vegard.net

Menu Close

Tag: Internet (page 2 of 15)

The Rebirth of the Personal Website

The personal website didn’t really die. It just went into hibernation while people tried out social media sites that eventually screwed them over.

When the World Wide Web first saw the light of day, it was basically just a collection of information that people couldn’t interact with. This gradually changed as colleges, universities, and ISPs began to allow students and customers to have personal web pages on their servers. Some nerds, like myself, took it a step further, and started self-hosted personal websites, not relying on our place of study or ISP. After a while, users running personal webpages added ways for their readers to interact with them. Many of you probably remember the lovely guestbook.

With the launch of YouTube and Facebook came the creation of the Web 2.0, and a torrent of user-generated content. Instead of hosting content they had made themselves, Web 2.0 companies mainly focused on hosting content generated by their users. They also made it so easy for people to upload content that everyone and their granny could create something and put it online. The internet was no longer a place for nerds only, and the web became social.

Read more

Let’s Hack Car Alarms!

If you have a car, there’s a good chance it has a car alarm. But did you know that a hacker can simply hack car alarms, and take off with your precious vehicle?

We’ve already seen how ridiculously easy it is to hack medical equipment, and so-called “smart” cities. This time we’ll see how simple it is to hack something a little less critical; car alarms.

Researchers at British penetration testing and security services firm Pen Test Partners had a look at the security of two of the largest aftermarket car alarm vendors, Viper and Pandora. Like with the medical equipment and smart cities hacks we’ve discussed earlier, both Viper and Pandora had a basic security flaw in their products. The insecure direct object reference (IDOR) vulnerability allowed an attacker to hijack and take complete control of user accounts. The IDOR is a kind of vulnerability this is typically covered in any Internet Security 101 class.

Now that the hacker has control of your Viper or Pandora car alarm, what can they do?

Read more

Delete Your Instagram Account Today!

So you finally came around and deleted your Facebook account? Congratulations! Now it’s time to delete Instagram as well.

It’s Easter, which means a long weekend here in Norway. Thursday through Monday are holidays, and many people take the entire week off because schools and most kindergartens are closed for Easter vacation.

It’s common for Norwegians to head up into the mountains during Easter. They don’t do it to come closer to God, but to relax in their cozy cabins. Easter also means high tide in social media. People are not shy about sharing their photos of said cabins, snow, skiing, and of course, the evergreen Norwegian tradition of eating oranges and Kvikk Lunsj.

Many of these photos are shared on Instagram. It’s one of the most popular photo sharing services on the internet. In June 2018, Instagram had 1 billion monthly active users. These users have shared a total of 50 billion photos since the photo sharing service was launched in 2010.

On the surface, Instagram is pretty neat. But did you know that Instagram’s parent company is Facebook?

Read more

How To Stop WordPress SPAM

Is your WordPress website being flooded with SPAM? Here how to stop WordPress SPAM.

WordPress now powers a third of the web, so if you’re running a website, there’s a good chance your using WordPress. Since it’s such a popular platform, it’s also a huge bulls eye for spammers looking to promote their bullshit.

There are two types of WordPress SPAM; automated and manual. Automated SPAM is created by computer programs, or bots, that try to post SPAM to every WordPress site they can find. Manual SPAM is created by people who enter SPAM manually on WordPress sites.

CAPTCHA

A common way to stop automated SPAM bots is to use CAPTCHA. This is a type of challenge-response test used to determine whether or not a user is human. The first CAPTCHA implementations were very basic. You just had to recognize a few numbers and letters in a picture, and enter them in a form to prove you were not a pesky SPAM bot. This was a trivial task for humans, but very hard for computers.

But the spammers soon caught up with the early CAPTCHA technology, and taught their bots to solve the simple CAPTCHAs. In the inevitable game of cat-and-mouse, the CAPTCHAs then had to become more advanced to stop the bots. The result was that, more often than not, a CAPTCHA was too hard for humans to solve as well. This made the technology a less desirable way to stop SPAM since they also stopped legitimate users.

Read more

Is WebAuthn the Key to Passwordless Authentication?

Can WebAuthn succeed where Universal 2nd Factor failed?

Back in October, 2015, I wrote about the FIDO Alliance, their U2F standard, and the YubiKey implementation by Yubico. The goal of U2F is was to describe a method for universal two factor authentication (2FA). Today, 2FA is usually done either by text messages, or by using a mobile application that provides one-time codes. U2F is aimed more at physical tokens, with the YubiKey the most well-known implementation.

I thought the idea of a physical token was brilliant so I shelled out for a YubiKey Neo. Since 2015, I’ve used it for anything practical exactly zero (0) times1.

While using a physical token like the YubiKey for 2FA is a killer concept, U2F support was only implemented in Chrome, and only supported by a tiny handful of sites. Because of this, U2F never saw any wide spread adaption, and the YubiKey on my key chain continues to be dead weight. It’s not terribly heavy, but dead weight nonetheless.

Now, a new authentication standard, WebAuthn, is seeing the light of day. And it might succeed where U2F failed.

Read more

Copyright © 2000-2019 www.vegard.net | Privacy Policy | Statement of Audience | Hosted on vbox4.vbox-host.com