A while back Microsoft decided to do away with “points” and “point cards” for its Xbox service and converted everything to the user’s local currency. In the small print during that conversion was that your existing points would be expiring on Monday June 1, 2015. You should have also received one or more emails about this.
I’m going to shock and possibly offend you (for certain values of “you”): IT is not a service organization. Wait, the title of the page already says that. Oops. In the olden days, IT may have been “just” a service organization, but that hasn’t been true for a long time (even before I got involved in IT over 10 years ago). What is IT? IT is your company’s secret weapon. IT is the resource everyone overlooks. The IT Department is your strongest Business Partner.
Like so many others, I strongly believe that multi-factor authentication (MFA) should be a requirement for every website. It is a cheap and (fairly) easy way in which we can secure the sites of today, that use the authentication from yesterday (well, a few decades ago), until we have the secure authentication of tomorrow. Companies like Authy and Duo are making it faster and easier than ever before to adopt MFA into your personal workflow for “Everything”.
That is, until you need to share a login with colleagues.
It’s been a few years since we’ve had any wild authors appear, so we figured it was about time. In this edition of “spot the newbie”, I’d like to introduce Josh (aka @snofox) to our ranks. John and I, mostly the “I” have been a bit remiss in content over the last year so we’re hoping Josh’s addition will spice up the ranks a bit. While you’ve already met Josh once or twice before, he does deserve a proper introduction.
As previously mentioned, I work in a “Cloud company” which typically means we claim we’re a “serverless” office. However sometimes I need a server-like machine to make a point. For this particular project we needed a machine that was, for all intents and purposes, a server… except I wanted to build it myself. It wasn’t so much to save money, but so I could customize the machine to get exactly what I wanted out of it (and because it was a fun diversion). The result of that was known as “Project Falcon”.
Gather round kiddies and I’ll tell you a story that is 100% true and happened to myself, my team, and my company. Since all humans make mistakes and those shouldn’t be held against them, I will not be naming the parties involved. The moral of the story is the very title of this post, never ever leave vendors alone. Especially never let them alone in the server room. Sure, there are security implications (they could really be pentesters, or just plain bad guys attacking your network), but mostly it’s not safe for you or your equipment.
I denied it, just because I could. We’ll see if anything breaks.
Between being sick at the start of the month and a three day weekend, I recently had some free time to devote to some personal projects. One of those personal projects was the redesign and relaunch of JonDavis.name. While I pride myself in my work here on Snowulf, I like to keep JonDavis.name as a “portfolio” site. A portfolio site, like a custom email domain, is something everyone in technology should have these days. They are neither very hard build, nor to maintain, yet quickly demonstrate some proficiency with technology.
Recently Gizmodo ran a good, albeit lengthy, article titled “Here’s Why Your Bank Account Is Less Secure Than Your Gmail” on the topic of multi-factor authentication (MFA) and your bank. It also reminded me of another article from 2007 titled “Password Security – Or Lack There Of“. Sadly “bank grade security” used to mean the best of the very best, whereas now any digital security relating to financial institutions tends to be a joke.