With the recent advice published by AWS around best practice for MFA on AWS Organisations (not a typo :AU: :wink:) management and member accounts, I thought it would be a good chance to write up how I tackled this is a previously and hopefully provide some guidance for others.
It’s interesting how quite a simple process in nature does become quite manual when you need to protect these much like you would master encryption keys, for example.
What was most pleasing to see was that our approach in the most part, tightly aligns with the new recommendations.
The goals of…
PageUp is well prepared for the GDPR. We setup an internal working group over 12 months ago to flesh out exactly what were compliant with, and where there were gaps that we needed to address before GDPR comes into affect.
The aim of this article is to talk though some key terms and the parts of the GDPR that matter to our clients and how we are addressing them. It is worth noting this is purely from a Security side and does not include all GDPR obligations and should not be treated as such.
We also touch on what went…
If you’re not using Single Sign On, you really should and you can bet your IT and Security departments will be all for it.
What’s so good about Single Sign On from a Security perspective?
Good for Security, good for you (no more password resets and account unlocks etc), good for all your staff that use PageUp. Thumbs up!
Check out our Knowledge Portal if you want to know more…
First up, I use and love Parcel Lockers, they are a great free solution to a problem most Mon-Fri, 9–5 workers face with receiving deliveries.
Secondly, this is not a vulnerability disclosure as such, just a write up of what I was able to expose on a public kiosk, of which there are approx 280 Australia wide.
Given I use Parcel Lockers so much, a few weeks back my experience with picking up a parcel lead me to some pretty alarming discoveries.
For those of you that haven’t used them or seen them, basically they are a set of lockers…
PageUp is requiring clients to connect using TLS 1.1 or higher by February 28, 2018 in order to align with industry best practices for security and data integrity. On that date we will begin disabling TLS 1.0. Action is required prior to this date to prevent any disruption to your PageUp instance. This article contains all of the information currently available on PageUp’s disablement of the TLS 1.0 encryption protocol.
TLS Encryption is a mechanism used to secure all communications between web browsers and the PageUp Servers. PageUp is requiring an upgrade to TLS 1.1 or higher by February 28…
Backstory — I got into SRV in about 2008 and since then have been hooked. Gradually, I started collecting more and more, once the regular releases were out of the way, I started collecting bootlegs and so on. In 2011 I got my first record player, naturally plenty of Stevie Ray Vaughan & DT releases began to follow.
If you want to see my entire collection, hit up the below.
Or for only the musical stuff -
Fast forward to 2013, while browsing Discogs I stumble across a title I’ve read about in a few of the SRV books…
After the multiple Yahoo! data breaches and debacle last year, I, along with many decided to delete my Yahoo account. Yahoo! News
This was an ancient email I had setup, had no personal data in it anymore and had a unique password. But it’s a part of my digital footprint that I no longer required and decided, given the horrible security practices going on @ Yahoo (https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached) to vote with my account and have it removed.
Thankfully this was a fairly straight-forward process, just hit up the link below, verify who you are, read the T&C’s, enter the CAPTCHA and…
SPF (Sender Policy Framework) serves a basic function: it tells MTAs who can send an email on my behalf.
Its big advantage is that it’s an easy way to stop those dangerous targeted spoofed emails that appear to come from [email@example.com] being delivered as targeted phishing email to your end users.
We teach end users to always inspect the from address if they’re skeptical of a message. These types of attacks appear to come from your domain, hence the real need to pick them up and drop them as early as possible.
Now for some reason G Suite seems to…