All articles tagged as: security

SMS 2FA and the Modern Smartphone

SMS has been around for over 20 years now and yet this basic 160 character instant messaging service is still widely used for marketing, transactional messages and two-factor authentication ("2FA") This was just a random thought when trying to log into something for the third time today that requires an SMS OTP. When I'm staring at a form input box and my phone receives a message at that exact moment the chances are it's to fill that box in, it'd be nice if this was more streamlined! Imagine if, for example, an HTML form could listen for the message.. perhaps with something like the following…

Read more »

Alarm Monitoring (With Raspberry Pi)

I'm responsible for a commercial buildings that, as you would expect, have monitored alarms, access control and such like. However, commercial alarm monitoring is horrendously expensive, and most of them are stuck in the dark ages; I want to be able to monitor the condition of my alarm remotely, and get notifications in a useful way. Piece of cake pi My usual solution to these sorts of problems - Raspberry Pi. I've found use for this £30 mini Linux box in lighting control, information displays, presentations, video servers, phone systems and more... Connecting to the alarm Most alarms have a c…

Read more »

iMessage Preview

So, iMessage has a handy new feature - both on iOS and MacOS - where if you send someone a URL it will extract some metadata from this URL and display it as a clickable link; You'll be used to this behaviour if you use Facebook or Slack, as it provides useful meaningful content for a link. However, there's a big difference between their implementation and iMessage. When you use Facebook or Slack, the website you've linked to will see a request from Facebook or Slack's servers. Information Leakage iMessage makes a request from the device itself which reveals some significant information; The ta…

Read more »

Phishing at LLoyds

Today I received a phishing eMail, nothing unusual there... I get loads of them, but this is a little more convincing than most for one reason, it contained my postal address (ok, one from many years ago, but nonetheless it proves that it was a lot more targeted than some) The eMail As usual the grammar and formatting are both terrible, so you'd be unlikely to believe this is from Lloyds bank, but many people do it seems. The usual fake urgency is a bit of a giveaway as well - Please respond within the next hour to avoid a permanent block. - why ? So, let's respond ... The website This is act…

Read more »

Reverse Lookup ("CNAM") in the UK

For many years the USA has had a 'CNAM' service (or Caller ID Name), allowing telecoms operators to show the name of the caller rather than a number. There are obvious advantages to this, having "BT" show when they phone rather than 0800 800 150 would be much more useful, but is also open to abuse. After all, would you trust a call appearing to be from your bank if the name appeared? The method of powering this is known as a Reverse Lookup. OpenCNAM Today I stumbled upon a service called OpenCNAM which claims to offer this across the globe and, surprisingly, matched my mobile number to my na…

Read more »