Image for post
Image for post

With the recent advice published by AWS around best practice for MFA on AWS Organisations (not a typo :AU: :wink:) management and member accounts, I thought it would be a good chance to write up how I tackled this is a previously and hopefully provide some guidance for others.

It’s interesting how quite a simple process in nature does become quite manual when you need to protect these much like you would master encryption keys, for example.

What was most pleasing to see was that our approach in the most part, tightly aligns with the new recommendations.

Goals

The goals of the process are to securely setup root accounts on all AWS Organisation Member Accounts with…


Image for post
Image for post

Overview

PageUp is well prepared for the GDPR. We setup an internal working group over 12 months ago to flesh out exactly what were compliant with, and where there were gaps that we needed to address before GDPR comes into affect.

The aim of this article is to talk though some key terms and the parts of the GDPR that matter to our clients and how we are addressing them. It is worth noting this is purely from a Security side and does not include all GDPR obligations and should not be treated as such.

We also touch on what went well, what didn’t and advice for other companies going through a similar process. Let’s address that first, in case you want the high level TL:DR version. …


Image for post
Image for post

SSO (Single Sign On)

If you’re not using Single Sign On, you really should and you can bet your IT and Security departments will be all for it.

What’s so good about Single Sign On from a Security perspective?

  • No new password to create
  • No new password to remember
  • Just use your work login to authenticate to PageUp automatically!
  • All your work password policies are automatically compliant for PageUp

Good for Security, good for you (no more password resets and account unlocks etc), good for all your staff that use PageUp. Thumbs up!

Check out our Knowledge Portal if you want to know more, or as always, speak to your Technical Account Manager about it. …


First up, I use and love Parcel Lockers, they are a great free solution to a problem most Mon-Fri, 9–5 workers face with receiving deliveries.

Image for post
Image for post

Secondly, this is not a vulnerability disclosure as such, just a write up of what I was able to expose on a public kiosk, of which there are approx 280 Australia wide.

Given I use Parcel Lockers so much, a few weeks back my experience with picking up a parcel lead me to some pretty alarming discoveries.

For those of you that haven’t used them or seen them, basically they are a set of lockers, with a touch screen and keypad. Punch in your mobile #/unique code and your locker pops open, you grab your parcel, lock the door and you’re on your way. …


Image for post
Image for post

PageUp is requiring clients to connect using TLS 1.1 or higher by February 28, 2018 in order to align with industry best practices for security and data integrity. On that date we will begin disabling TLS 1.0. Action is required prior to this date to prevent any disruption to your PageUp instance. This article contains all of the information currently available on PageUp’s disablement of the TLS 1.0 encryption protocol.

WHAT IS THE CHANGE?

TLS Encryption is a mechanism used to secure all communications between web browsers and the PageUp Servers. PageUp is requiring an upgrade to TLS 1.1 or higher by February 28, 2018. On that date we will begin disabling the TLS 1.0 …


For vinyl collectors, there is always that “Holy Grail” that, one day, maybe, if I get really lucky, I’ll own it, this is my story about my search, location and ownership of such a record!

Backstory — I got into SRV in about 2008 and since then have been hooked. Gradually, I started collecting more and more, once the regular releases were out of the way, I started collecting bootlegs and so on. In 2011 I got my first record player, naturally plenty of Stevie Ray Vaughan & DT releases began to follow.

If you want to see my entire collection, hit up the below.

https://au.pinterest.com/davidclarkeau/stevie-ray-vaughan-collection/

Or for only the musical stuff -

Fast forward to 2013, while browsing Discogs I stumble across a title I’ve read about in a few of the SRV books I own, Dallas — A New Hi. …


Image for post
Image for post
Deleted your Yahoo! Account? Check again…

After the multiple Yahoo! data breaches and debacle last year, I, along with many decided to delete my Yahoo account. Yahoo! News

This was an ancient email I had setup, had no personal data in it anymore and had a unique password. But it’s a part of my digital footprint that I no longer required and decided, given the horrible security practices going on @ Yahoo (https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached) to vote with my account and have it removed.

Thankfully this was a fairly straight-forward process, just hit up the link below, verify who you are, read the T&C’s, enter the CAPTCHA and you’re done. …


SPF (Sender Policy Framework) serves a basic function: it tells MTAs who can send an email on my behalf.

Image for post
Image for post
G Suite + SPF, why bother?

Its big advantage is that it’s an easy way to stop those dangerous targeted spoofed emails that appear to come from [first.last@yourdomain.com] being delivered as targeted phishing email to your end users.

We teach end users to always inspect the from address if they’re skeptical of a message. These types of attacks appear to come from your domain, hence the real need to pick them up and drop them as early as possible.

Now for some reason G Suite seems to acknowledge a SPF Hard Fail but delivers it straight to my users inbox anyway! …

About

David Clarke

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store