Author Archives: mike

University Passes Cybersecurity Re-assessment

After a great deal of work from a number of people, the University has successfully renewed our CyberEssentials Plus certification. This means :- We are assured that we have met a level of IT security. Not that it means we … Continue reading

Posted in General, News | Tagged | Leave a comment

Yes, We’re Now Encrypted

If you have been paying attention, you will have noticed that our “security blog” was up until now only available via plain text; we now have a TLS certificate so the traffic to this site is encrypted. With the exception … Continue reading

Posted in News | Tagged , | Comments Off on Yes, We’re Now Encrypted

Passwords: Long and Strong

Yes, this is another blog posting about password strength, which we do keep going on about. That is because :- The password audit still shows that people are not getting the message (although for active staff we’re doing a great … Continue reading

Posted in Passwords | Comments Off on Passwords: Long and Strong

Do You Like Justin Bieber?

On of the stories I was reading this morning mentioned that some of those with Nest security cameras have been subjected to hack attacks. One of the attacks they were subjected to were hackers asking Alexa to play Justin Bieber … Continue reading

Posted in Active Attacks, Passwords | Comments Off on Do You Like Justin Bieber?

There Is No Such Thing As A Secure Web Site

On the left-hand side of the location bar, your browser will show you something like :- Which is entirely correct and incorrect at the same time. To be precise, what that little label (and the alternative green one) means is … Continue reading

Posted in General | Tagged , | Comments Off on There Is No Such Thing As A Secure Web Site

The Latest Phishing Attack

I have just been alerted to yet another phishing attack that works by sending web links via email to a “secure message” (or in the example no words at all). The link of course takes you to a malicious site … Continue reading

Posted in Email, Passwords | Tagged | Comments Off on The Latest Phishing Attack

The New GlobalProtect VPN Client

The new GlobalProtect VPN client will be made live in the coming weeks. This version has a number of usability enhancements (it looks prettier), so it is worth documenting those visibility changes. The task bar icon has changed and shows … Continue reading

Posted in General, VPN | Comments Off on The New GlobalProtect VPN Client

Using The VPN For General Internet Protection

Using the VPN is generally seen as a way of using UoP services remotely in a relatively safe way, but it does actually offer another advantage for using generic Internet services – because the VPN goes through the UoP firewall, … Continue reading

Posted in Firewall, General | Tagged , | Comments Off on Using The VPN For General Internet Protection

Checking The Safety of Websites

With all the different dodgy web sites out there, and all the emails trying to encourage us to visit them, it is perhaps time to look at some web sites that can be used to check the trustworthiness of web … Continue reading

Posted in General | Comments Off on Checking The Safety of Websites

Apache: Reducing Information Leaked Through The Headers

Apache by default announces all sorts of information about itself when you make a connection to it :- $ lynx -head http://some-server-fqdn/ HTTP/1.1 302 Found Date: Thu, 31 May 2018 12:18:22 GMT Server: Apache/2.2.15 (CentOS) Location: https://t-oala-idp-01.iso.port.ac.uk/ Connection: close Content-Type: … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Reducing Information Leaked Through The Headers