Search
  • Dave Kennedy

 

To trust or not to trust

 

Tech news abounds right now with information about NordVPN being compromised.

TechCrunch Article

* https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

Register Article

* https://www.theregister.co.uk/2019/10/21/nordvpn_security_issue/

NordVPN Official Response

* https://nordvpn.com/blog/official-response-datacenter-breach/

 

Lets start with the some critical points.

  • This incident occurred in March 2018

  • Impacted systems were compromised for around 2 months

  • Breach is now closed

  • It is unlikely specific personal information for users was accessed.

  • Network Snooping and content that could have facilitated man in the middle attacks could have been taken.

 

The point of compromise in this incident was a poorly secured server management interfaces. These common hardware interfaces (Such as iDRAC & iLO) are built in to most major brands of servers today.

 

My concern is not so much about the breach itself but more the way in which NordVPN have addressed the situation.

  • The speed of response concerns me. It should not take months to secure the internet connections used by these servers or the servers themselves. To me it suggests a weakness in their infrastructure planning for resilience and security.

  • It does not feel like they would have had the transparency to self-report this issue had they not been forced to.

  • Rather than taking ownership of a lapse or failure their comments feel like they are pushing blame onto the server hosting company.

  • If these were new servers which had this security hole it indicates little proactive penetration testing, for a security product / service doesn't sit well with me.

From my perception the failures of Customer Service, PR, Planning, Incident Management, and Testing are greater than that of the compromise itself. I won't be recommending NordVPN until I feel they have shown a proactive effort to be ready to address such situations in the future.

 

 

 

 

 

 

 

  • Dave Kennedy

 

 

"Day 1 "Interesting" morning so far, a quick surgery and now 7 days of no speaking .... So yeah... There's that 🤐 - Also rumors started by my wife that I'm having my first round of gender reassignment surgery are not true!"

 

 

"Day 2 of not speaking: Yesterday I learned I suck at miming, it is important to keep a writing method with me at all times and that I can scribble faster than I can thumb type on a phone keyboard. Today my goals are my first solid food in 36 hours and to master the emphatic eye role. #recovery"

 

 

"Day 3 of not speaking: Yesterday I got a real idea of involuntary noises we all make to acknowledge other people and general day to day activities. These sounds sting and are to be avoided! Today I realize giving up caffeine was a mistake and I'm back to work with no speech but aiming to productively typing to communicate"

 

 

"Day 4 of no voice. Yesterday I got to practice the universal language of point for our children with reasonable success. Today's lofty goal is finding good ways of attracting their attention from a distance."

 

 

"Day 5 of no voice: Slip ups and accidentally making vocal sounds have been kept to a minimum. My mime skills are not improving but my ability to flail my arms wildly is first class. #TheStruggleIsReal"

 

 

"Day 6 of no voice. Our children are a constant test. Popping involuntary questions on all topics and opinions relentlessly and sometimes just to see if I will try and answer! Also I'm beginning to suspect my wife is purposefully mistranslating some of my communications"

 

"Day 7 of no voice. Consider this. How do you attract the attention of someone who is not facing you when you can't use your voice and apparently throwing objects is likely to offend. Also writing emphatically is not the same as shouting no matter how emphatic you are!"

 

 

  • Dave Kennedy

Updated: Nov 16, 2019

Usually I'd leave a conclusion or summary of my post to the end, but a couple of import points need to be made clear from the outset. The YogaBook C930 is FANASTIC! I hope as many of these devices sell as is possible. I really want this device to have more generations and for this to become a hugely popular device type. The YogaBook fits the needs for which I purchased it perfectly and it encompasses even more than I had anticipated. Its beautifully built, well thought out, innovative and brings a smile to my face every time I pick it up. PLEASE TRY ONE if ever the opportunity presents itself!

Note: Although I am a Lenovo Insider ( #LenovoIN ), this is not a sponsored or loan device. This is my own purchase. I bought it because aside from being fascinated by the YogaBook C930 I felt like it would fill an opening space in my devices perfectly.

What is is?:

The YogaBook C930 is a 2 in 1 laptop (a laptop convertible into a tablet) which has no conventional keyboard. Where you would normally find the 84 to 90 keys of a laptop keyboard, there is an e-ink display. That display aside from displaying a keyboard can be used for both reading e-ink content (such as books and PDFs) but also creating content with supported pens.

Specs:

10.8" 2560x1600 IPS Display

Intel Core m3-7Y30 Processor

4GB RAM

128GB SSD

Micro SD Card Slot

2x USB-C ports

Under 10mm thick when closed

Under 800g in weight.

How do I use it?:

Conventional work: Documentation, emails, spreadsheets are all things I've worked on with the YogaBook. The smaller screen does restrict the amount of content one can comfortably display at a time. If you are working on something very large its resolution does help mitigate that. Its not a workspace to spend your entire day, especially if like me you work with three or more screens normally. However it is very practical for snatching a few minutes here or an hour there to finish things off or get thing started.

Note taking: I am a prolific note taker. I produce copious quantities of scribbled notes in OneNote daily for both work and personal projects. Until recently I had been using a ThinkPad 10 tablet and the YogaBook has assumed that role beautifully as its tablet mode form factor is very similar. The e-ink display has been an immense boon. If I had been using the ThinkPad 10 to consume content and wanted to take notes I would have had to switch applications, work in much reduced screen space or grabbed pen and paper. With the YogaBook C930 I can flip it open to display the e-ink screen and switch it to pen input and start taking notes which are stored on the internally.

Photo Reviews and Editing: I review a lot more photographs than I edit and the 2650x1600 resolution and color and light quality of the YogaBook serves me excellently when clicking through my weekends hike and dog walk photographs. While the resources of my YogaBook are on the slighter side they are more than sufficient for me to tweak color or touch up my photographs. This is not a photo editing work horse but it certainly gets my jobs done.

Oncall Device: I occasionally work 24x7 oncall for IT Support services for some of our customers. That means potentially getting a call any time day or night. I now simply keep the YogaBook close to hand and its super light and fully functional and lets me get anything I need done in a pinch.

If you have questions or queries on the YogaBook please drop me a line or post them on the

 

 

Lenovo Support Forums

for answers.