In addition to being Waitangi Day, yesterday was Safer Internet Day. This blog marks the occasion, with James reporting from a security-focused event, and a roundup of Safer Internet activity online.
A safer web with OWASP
On Monday, I joined around 700 people at the OWASP New Zealand day, to hear and think from people who test and build the websites we use and trust. "OWASP" is not a poem about an insect - it stands for "Online Web App Security Project". Through the talks and conversations I joined, a key theme was making it easier for people to understand the issues, and to take steps to protect themselves.
From fear to fantastic
In one of the opening talks, Laura Bell from SafeStack spoke about the problem with fear. Talking about risks and security problems makes people afraid. But when people are afraid, they're not motivated to do things better. The challenge she laid out is to talk about these issues in an exciting and encouraging way. Doing security better is part of building exciting services, that make the world a better place.
We're keen to take up that challenge at InternetNZ! We want to keep people informed, but also offer usable, exciting, and motivating ways to help people do the things they care about while staying safe online.
CERTNZ: helping ordinary New Zealanders online
CERTNZ are New Zealand's experts on computer security, and the first place to report problems. Declan from CERT NZ spoke about three common problems for New Zealanders running websites:
- Dodgy hosting
- Missing domain-name renewals
- Poor password choices
A domain name is a bit like a street sign that helps people find your website. Besides a domain name, every website also needs a computer somewhere in the world to host it. To follow our analogy, this is like the building where your shop, office, or factory operates. From Declan's talk, it was clear that lots of websites operate in the equivalent of leaky, overcrowded buildings, to save money.
The second issue was people missing out on domain name renewals. Unlike a street sign, domain names have a limited life, often one year. Normally an email will go out to remind people of this, but it might be missed for a range of reasons. It might be flagged as spam, or go to an old email address.
The third issue was poor password choices. The past few years have seen huge leaks of passwords. In 2016, over 2 billion passwords were leaked online. That's a problem because people commonly use the same passwords for different accounts. A leaked password, or a default one, can't protect your account. That's why the advice below is really important!
Safer Internet Day
February 6 was Safer Internet Day. We saw lots of safety messages from around the world, but being Waitangi Day in New Zealand made it a bit quiet locally. Despite the holiday, our friends at NetSafe and CERTNZ put together a guide for Safer Internet Day 2018. We think this is a great overview of things you can do to be safer online. We particularly support advice to:
- Choose strong, unique passwords
- Keep your device software updated
- Use 2-factor security for your online accounts
We think it's getting really hard for people to use passwords alone to protect themselves. Instead, using 2-factor authentication is an easy, effective step most people can take to be safer. Watch this blog and our website for more soon!
Cool: Cars in Spaaaaace
And now for something exciting! This morning, our remote team gathered around our respective devices to catch the Falcon Heavy launch from SpaceX. We can pretend this is work-related, because cheaper satellite launches look like a great way to deliver better Internet to the world.
But really, this is just cool. The challenge with something like this is how to test it. A real satellite payload would be an expensive thing to blow up. So today, SpaceX put Tesla Roadster in orbit around the Earth, complete with "Don't Panic" dashboard and Major Tom soundtrack. In a few hours, it'll fire another burst to set a course for Mars. Here's a live view:
Links for this week: