The Vault Regulars

Friday, March 24, 2017

Bergan's Women's Super Lett Overtrousers - FOR SALE

A pair of quality over trousers for sale. Bergan's of Norway, Women's Super Lett. Size 10.
These are Sheila's which she bought in November 2016 from The Cotswold Shop.
They are currently on sale for £110 because they are more than likely down to their last stock.
Sheila paid £130.

Reason for sale is that they are too long in the leg for her, they are "regular" length whereas Sheila is short leg. (Don't ask me why she bought the wrong leg length).

Anyway she has worn them on 2 weekends only. They are made from 3 layer Dermizax material from the Japanese company Toray.
Dermizax is not overly common in the UK although it is used by top brands.
  They have side zips up to the knee, a waist belt a zip fly and press stud closure.

There is absolutely nothing wrong with them.
They are now hanging in the wardrobe and will not be used again as she has bought a short leg pair.

So if anyone is interested in a bargain she will let them go for £55,  reduced now £45, which includes P and P to anywhere in the UK.
Any questions, don't hesitate to ask.


Saturday, March 18, 2017

Cyber attacks Pt2.- an Answer.

My last post which was a general question about cyber attacks after the ABTA hack, from somebody who knows nothing about the subject.
It created a lot of blog hits but not much in the way of comments. I can only assume from this that i am not alone in lacking any sort of competence to the subject.

However, i have received an email from a person in the know. A person involved in the good side of all things shrouded in grey matter.
I have asked if the person minded if i posted the email on the blog because it explains not only the pitfalls of my initial question but also makes it clear that it is imperative to have the best security on your systems and your devices that you can have.

So i thank the person for taking the time to initially read my first post and to put such a comprehensive answer together. It makes things clearer if still a bit scary.
Here is the email in full.
----------------

It's good to be questioning everything when it comes to security*.

The short, glib, response to this query is that there is no such thing as an absolutely secure device if it is connected to the outside world. Perhaps not even then (as suggested by leaks and rumours about the NSA's capabilities.)


The ABTA attack appears to be relatively minor (I can say that, I'm not one of the 43,000 customers!) and on the face of it their website *might* have an increased "attack surface" due to the number of plugins and modules that are used to provide different bits of functionality on the site.  I say might because it would take a detailed analysis to say for certain.  The developers of the ABTA site probably considered themselves to be better placed than many websites because they aren't (well, don't appear to be) using one of the more popular website systems.  


The popular systems are popular because they are easy to use, thus lowering the barrier to entry for anyone to have a good looking site.  "It's simple.  I'll just grab this plugin for this function from here, that plugin from over there lets me have fancy emojis, and everything will be fine." Security can be a problem in these systems because of that popularity as most people do not put any thought into security (including some plugin developers) and users and administrators often choose weak or default passwords.  I have not looked into the cause of the ABTA breach so I am not suggesting that these particular attack vectors were used in this instance.  Website security is an ongoing process of adapting to known weaknesses and attack vectors.


Turning to the query in focus here, I am not sure what you mean by:


I got to thinking that if the software company provides "parcels of encrypted data" that can be given to individual customers when they decide to sign up with the organisation, the customer can then add data into specified blank areas which will then make that parcel a unique gateway.

So, if the main organisation is hacked then the amount of gateways opened would be minor in comparison to 43,000.


It sounds like you are suggesting the use of public key cryptography. This is a very useful and powerful way to secure personal data. 

Essentially every customer would create (or already possess) a pair of encryption keys.  These are known as the private key (which is retained and never published by the "customer") and the public key (the public keys are generally published somewhere).  

When Trump wants to send a message to Putin that he wants to ensure only Putin can read, he encrypts his message with the PUBLIC key of Putin. Putin then uses his PRIVATE key to decrypt the data or message.  Similarly when Putin replies he will encrypt his response using Trump's PUBLIC key. (This is of course a fanciful and probably theoretical example.)

This page explains it well: https://www.comodo.com/resources/small-business/digital-certtrmrificates2.php

It's an excellent system but the overheads in training people how to use it properly, and the time it takes to encrypt/decrypt data, means that Mr Joe Citizen probably won't understand it or will very quickly decide that it's simply not worth the effort.

This is particularly so if such a system were to be implemented on a website - the computational power required for encrypting and decrypting is relatively large and the cost of doing something like this can be very significant. By way of example, law enforcement and intelligence agencies, and even data recovery companies, sometimes use hundreds of computers linked together to help crack document passwords which are significantly easier to crack than public key encryption.  The larger agencies utilise supercomputers and purpose-built systems for this purpose. 

Implementing public key encryption on a "normal" business website is not practical with current technology unfortunately.  The risks in an increasingly online and interconnected world are significant but so are the benefits.  From the end-users perspective, the best security advice is to try to only deal with reputable websites that implement *appropriate* security,  to use strong and unique passwords for each website (yes, easier said than done) and to ensure their own device and network are protected.  Administrators and developers have an obligation (in my opinion) to keep abreast of security developments.

*If you're in a corporate environment be mindful that you have likely agreed to not test security!  

Suggested reading:

Troy Hunt's excellent website: https://haveibeenpwned.com/ 
Public key encryption: https://www.comodo.com/resources/small-business/digital-certtrmrificates2.php
Top ten website application risks: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Thursday, March 16, 2017

Cyber attacks- general question.

I would not normally put this sort of post on my blog as it is more to do with outdoors, but sometimes i need to know a little more and there are far smarter people out there than i when it comes to IT and programming.

The recent cyber attacks on ABTA organisation had me thinking.
Now i guess ABTA have bought expensive anti attack software from a company which will defend its data in a certain way. So if someone has managed to hack into that software it then has access to 43,000 personal files. (TV news).

I got to thinking that if the software company provides "parcels of encrypted data" that can be given to individual customers when they decide to sign up with the organisation, the customer can then add data into specified blank areas which will then make that parcel a unique gateway.

So, if the main organisation is hacked then the amount of gateways opened would be minor in comparison to 43,000.

Does this make sense to anyone? Or am i being stupid.(You don't need to answer the last bit.)

Sunday, March 5, 2017

Spring arrives, but just for one day.

What a difference a week makes. Today it was tee shirt weather. Forecast for rest of the week is poor.
But it was so good to feel some heat from the sun.



Photos taken with iphone 6.





Find it Here

About Me

My other blog. beneathwhosefeet.wordpress.com