East of Eden

The latest in Windows 10, end user devices and services, cyber security, data center & cloud, and all things IT.

Blog Feature

End User Devices and Services | Cyber Security

Your Smartphone Is Your Token: A Cautionary Tale

By: Andy Sherman
August 22nd, 2014

I'm a big fan of using mobile phones, especially smart phones, as security tokens. If the user locks the phone with a passcode, then it's a pretty good bet that your token is in the right hands. And, unlike little hardware tokens, nobody leaves home without their phone anymore. In addition to applications that might send me a token by SMS, I have three token apps on my smartphone: Symantec VIP which I use for Ebay, PayPal, Symantec MSS, remote login to one of my clients, and some others. Google Authenticator for various Google accounts and for WordPress. Duo Security which I use for my own SSH logins. This was cool until I went into a swimming pool with my iPhone in my bathing suit pocket.

Read More

Share

Blog Feature

End User Devices and Services

What Is Your Smart Phone Saying About You?

By: Andy Sherman
July 6th, 2014

Short answer: much more than you think. Recently I heard a fascinating Planet Money podcast on a project called Project Eavesdrop (podcast here) which NPR's Steve Henn conducted jointly with Ars Technica's Sean Gallagher and Dave Porcello, CTO of Pwnie Express, who make penetration testing tools. The point of the project was to determine what you could find out about a person's internet activities by passive monitoring of their Internet traffic. They monitored Henn's smartphone when it was connected to the WiFi in his home as an analogue to a signals intelligence service's (e.g., NSA or GCHQ) monitoring of the internet backbone. The results were astounding. Henn invited Gallagher to install one of Pwnie's devices in his home office so that Porcello could snoop away at his phone's online footprint when connected to the WiFi hotspot. To be clear, the Pwnie device's WiFi was secured with WPA, so this was not an over-the-air snooping test. This was a simulation of what was being disclosed over the backbone.

Read More

Share

Planning for Windows 10 Starts Now

Planning for Windows 10 Starts Now

Develop a transition strategy for a successful Windows 10 upgrade, and make this migration your best.