Managing large ActiveDirectory estates can often be a challenge, especially when you have a large group of AD administrators controlling group access.. This nifty little VBScript can be used to enumerate all the members of an AD Group. Handy for regular maintenance tasks.
This VBScript could easily be adapted to out put the list to a file, or even embedded inside a larger application which performs automated maintenance tasks.
This morning Android users around the world are waking to an announcement potentially putting their privacy at risk. In an announcement that seems all too common around the Android OS yet another security flaw has been discovered. This particular issue is based around potential to acquire unrestricted access to any Android devices camera.
Szymon Sidor recently posted a blog post exposing the latest threat to Android users. The vulnerability could potentially allow malicious applications access to get access to and use the camera for both video and photos.
Although the SDK doesn’t allow use of the camera without a preview window on the device’s screen, its seemingly possible to make this window 1 pixel wide by 1 pixel high.. Thus making it almost impossible for the end-user to see. Whats more, with the pixel on the screen – even when the device is powered off the app is still capable of capturing photo and video footage! Once the footage has been captured, the Android SDK allows quick and easy upload to websites or services, so the malicious app developer could immediately start capturing and uploading photos and video without your knowledge.
However this would should up in the data usage charts on your Android device.
It seems like everything wants a password these days. You’ve got a password for work, a password for online shopping, a password for your bank account…the list goes on and on. The number of services requiring a password makes it tempting to use the same one everywhere – but that’s a really bad idea. Using the same password across every site means that if just one of them is hacked, then the hacker has the details for everything you use.
So what’s the answer? One approach is to use a password management tool to randomly generate and store all your passwords. There are many software solutions available that will do this for you, two of the best being LastPass and Keepass. Programs like these are great, but have their drawbacks. For a start many charge for at least some of their features, and they all require you to trust your passwords to one single source. While they take all kinds of measures to secure your data, it still introduces an element of risk. The other downside is that the tools encourage you to forget your passwords. There is a school of thinking that says this is a good thing, because good passwords are too difficult to remember. But what happens when you need a password and don’t have access to your password store? Even worse, what happens if you forget the password required to access your passwords? For these reasons I still find it useful to create passwords that I can carry around in my head – but that doesn’t mean you have to resort to weak keys.
One method is to come up with a memorable base password that you can then build on and make unique for each service. Avoiding words found in the dictionary and names will help make your password harder to crack, so consider using a short phrase or perhaps the first initials of favourite song lyric or quotation. For example, if you were an Oasis fan (and who isn’t?) you could take a line from Wonderwall:
I don’t believe that anybody feels the way I do
We can turn that into memorable but random looking password by using each first letter, giving you idbtaftwid. That’s a pretty good start – a ten character none dictionary password that you won’t forget!
It’s good practice to use complex passwords that use a mixed case, numbers and symbols, and in fact many sites will require it. To bring our password up to scratch lets change it slightly, but in a way that still makes sense to us. If we capitalise the I’s like we would if we were writing the original lyric, and then add the year of release to the beginning we get:
Now, I know what you’re thinking, it looks like a nightmare. It’s long and looks like gibberish. The beauty of it is though that although it looks like gibberish, it means something to you. You don’t have to remember the password as it appears – as long as you can remember that lyric you’ll be able to remember your password.
Finally, we can take our password and make it unique for every site we use it on. Let’s say we want to use it as a base for our Amazon password. Take the last three characters from the name of the service and add it into your password. Insert it at any point you want, but make it consistent across all the versions you create. For this password, I think after our year of release might be the easiest place to remember and least obvious to anyone looking at it. This gives us:
A password to be proud of! Using our new method we can quickly create a whole raft of passwords:
95ttoIdbtaftwId – Lotto
95ookIdbtaftwId – Facebook
95terIdbtaftwId – Twitter
If you use this method yourself, mix it up to make it truly individual to yourself. Try placing that meaningful number mid-way through the rest of the characters, and adding special characters like ? ! * @. As long as you’re consistent and make it meaningful, you won’t forget it.
So there we have it – with a little bit of thought you can create a password scheme that is easy for you to remember but produces terrifying looking passwords! Do you have a different system that works well for you? If so why not tell us about it in the comments below.
Seemingly everywhere you turn just recently everyone is implementing 2 factor/2 step verification, this is essentially a second step required to enable you to access normally password secured sites and services. Everything from your bank account to your web based email will shortly be secured using these new methods.
Each service has it’s own way of providing this second layer of security, your work VPN may have a code generating tokenkeychain, your bank may have provided you with a calculator and Google are now providing codes to your mobile device which you can use.
Each of the major services will hopefully contact you to set up your 2nd layer. For your Google accounts, you should be able to enable it now by visiting this link
It’s a good idea to enable this as soon as possible to prevent unauthorised access to your account.
In the interests of security it’s best to lock your machine as soon as you leave it. Perhaps more relevant to an iMac over a MacBook (as im sure you would never leave your MacBook unattended) but still important either way.
There are a few options for locking your machine, i recently blogged about one of the more geeky methods ‘AirLock‘ which uses a bluetooth proximity system to lock you’re machine when you are more then a specified distance away. However, as we all know bluetooth sucks power faster then a Dyson vacuum cleaner sucks sand in a desert. So for a less ‘power hungry’ method you can use the ‘Automator‘ to build a shortcut which locks the screen at the click of your mouse.
Which uses the ‘fast users’ switching method to secure your mac. Not only is this click and simple, but it’s also quite cool as the Mac screen will rotate round in a ‘cube’ like motion.
To turn this line of code into a shortcut you can run, start the Automator application using you’re favourite app launcher or click the icon in the Applications folder.
Once launched you will be presented with a choice of templates for your Automator project. For this particular project select the ‘Application’ template. Once the template has done loading type ‘Run’ into the search panel on the left. You should see the list filtering away to leave a collection of options. Double click on the ‘Run shell script’ option. Once done amend the code in the Shell script window so it looks like the following screen shot:
Once done, you can either test it using the ‘Run’ button, or save it to a location of your choice.
Now all you need to do is click the .App file to lock your machine.
If you’re feeling a bit more adventurous you can use the ‘Automator’ application to expand the project and add user prompts or logging etc.