Cfgmgmtcamp.eu 

Conferences can be entertaining, informative and sometimes mega fun. 

I have attended quite a few in the past, but most of the time I lacked one important thing to really enjoy them: having a deep understanding of the topic (Ok, most of the time this was not the issue) and being a part of the community and know people. 

This year I have the great opportunity to attend the Config Management Camp in Gent, and meet with a lot of known and new people interested in the topic. 

The mostly excited thing is always to hear the stories and about the problems that you don’t find in Google, either because one lacks the time to write about them, or one has a strict corporate policy about social media usage and publishing internal topics. 

There are of course evening events where stories are being told, that happened with a friend of a friend, but the essence stays the same. 

See you there. 

 

Decent android security 

Chances are that you have either an Apple or an Android-based smartphone. Smaller chances include a windows phone. However, most of the people don’t care about anything more than knowing how to call, send SMS and install Facebook after Candy Crush…

This post is telling about things you should pay attention to if you are an Android user.

You will probably use your phone more than anything else to connect to the world: online banking (even if just  receiving SMS TAN codes to authorize payments), chatting about your love life with your partner(s), taking personal and sometimes highly private pictures, and putting that all on some kind of Social Media – we do all that daily, almost contantly.

Check the phone’s specs before buying it

Sometimes you can get cheap phones from China or Christmas sales. These are sometimes older models (couple of years old). Those will probably be end of the possible life from a software point. Unfortunately this is not always the fault of the phone vendor…

Your smartphones run on a SoC (one chip that contains cpu, graphics, memory, phone modem, GPS etc), and they have proprietary driver, dedicated to an Android version’s kernel. No newer driver means no updates to a fresh Android version.

Would you buy a car you cannot buy new winter tires for?…

You can have bad luck and getting something with Android Kitkat 4.4.x, which still had 75%+ market share as of mid of last year, and is like a Swiss cheese.

Well, at least you can choose from a lot of methods how to root the phone easily if you want…

Secure the access

I see a lot of people just using swipe unlock. Your phone can be stolen or lost. Happens some. Just think about it, when I would borrow you’re phone, would you like me to check out all your emails, browsing history, personal contacts, SMS, Facebook? Probably not.

Use a secure unlock code or pattern.

I use the subway a lot. Most people use their phones to kill time. I have whitenessed countless L or I shaped unlock codes. Yeah… Or 1234, 2570 etc. It works as long I don’t see you use it once. I might be your colleague during you grabbing a coffee.

I could recommend using a password over keyboard, but seriously, nobody is going to type that in 20x a day. Best is to disable visual display of the input, some Android versions have that feature available hidden in the settings…

Sometimes you can also make the 3×3 pattern matrix to a 4×4 or 5×5. Helps to confuse the remote eye a bit, and you can still get used to it.

Encryption: on!

If you have switched off the phone, there are still good chances to get all your data-at-rest from the SD card dumped…

Newer Android versions come with default FDE (full disk encryption), but use a default well-known password if you don’t use a numeric pin or password or pattern to unlock the device.

Keep your updates installed

Even having the latest version of Android means you are everything month more and more vulnerable to the almost weekly found issues in the Android OS.

Depending what device you own, you can have either a caring provider, who keeps up with the recent monthly security patches from Google, or at least quarterly/yearly is highly recommended.

For those concerned about Internet security, I will write a next post on how to secure communication between actors and their devices.

(Android icon from official website)

So here we are

so?

We are producing a lot of content day by day, so here we are, here I collect and dump my thoughts and experiences, share my ideas. You and give some feedback or try to influence it by commenting on things if you care enough

but why?

My colleagues think sometimes I am a magician, but I am truly not one. I know the tools I have, how to use them, and how they work together. Here I share some insights, but you should have some knowledge of IT (and cyber if you prefer the current hype-word).

work.

My work related topics will not discussed here in great details. They are too specific and also regulated by a lot of policies, so just not writing is easier for me than paying attention to all the details. sorry folks.

personally.

If I don’t know about something, I read about it, get excited, buy things, test them, make them work, and sometimes break it in ways the manufacturer never thought that was possible. You might find detailed reports of my home-projects with some technical insights.