ITsecurity
twitter facebook rss

Snapchat settlement shines a light on a potential EU / FTC safe harbour stitch-up

Posted by Kevin on May 11, 2014

When Europe learned about the extent of NSA surveillance on the personal information of European citizens there was immediate concern over the effectiveness of the EU/US safe harbour agreement. Under European data protection laws, personal data cannot be exported to a foreign country that does not have data protection laws considered comparable to EU laws. […]

Dropbox waits almost six months to fix a flaw that probably took less than a day

Posted by Kevin on May 7, 2014

Graham Cluley is a much respected security expert – but we don’t always agree. Full disclosure – the early public disclosure of a vulnerability whether or not the vendor has a fix available – is an example. I believe that vendors should be notified when a flaw is discovered, and then given 7 days to […]

Don’t let them pull the Aircloak over our eyes

Posted by Kevin on May 4, 2014

Big business wants our personal information so it can make even more money. Privacy laws say it cannot have our personal data, but do not define anonymized data as ‘personal’. Business-friendly privacy regulators, such as the UK’s Information Commissioner, specifically declare that anonymized personal data is not regulated by the data protection laws — and […]

MS issues out-of-band patch as IE attacks increase

Posted by Kevin on May 3, 2014

FireEye reported last week (26 Apr 2014) on a newly discovered Internet Explorer vulnerability that is already being exploited in the wild. The vulnerability affects all IE versions from 6 through 11; but was at the time only being exploited in version 9-11 in Win 7 and 8. Two things have since happened. Firstly the […]

The FBI’s war on Anonymous

Posted by Kevin on May 1, 2014

The FBI announced yesterday “additional attempted computer hacking charges and 18 counts of cyberstalking” for Fidel Salinas. That now brings the total charges to 44 – each of which carries a maximum of 10 years in prison. This alleged hacker is now facing 440 years in prison. According to the allegations, between December 23-29, 2011, […]

My willy is bigger than yours

Posted by Kevin on April 30, 2014

I got an email yesterday (29 April 2014). It said: Today the Websense Security Labs found a new vulnerability in Microsoft Internet Explorer which affects Internet Explorer versions 6 through 11. However, current reported attacks are targeting Explorer 9 through 11. The Labs have issued a blog post which outlines solutions for those who have […]

Whitelisting Vs Blacklisting

Posted by Kevin on April 30, 2014

The fundamental principle that underpins all security is the need to stop bad people or processes while allowing good people or processes. So security is about access control; and access control starts with identity. But identity on its own is not enough – we also need to understand purpose. We need to identify the person […]

Care.data, pseudonymised data and the ICO

Posted by Kevin on April 29, 2014

I find the ICO’s response to Dr Neil Bhatia’s request for clarification on care.data and the Data Protection Act (DPA) to be very strange. Care.data is the name for NHS England’s program to centralise all GP patient health records together with all hospital visit records in one big data warehouse available to researchers. While originally […]

AV and the NSA: is the anti-virus industry in bed with the NSA – why do CIPAV, FinFisher and DaVinci still defeat AV?

Posted by Kevin on April 29, 2014

September 2013 is the month in which the extent of direct government hacking – as opposed to traffic surveillance – became known. 4 September – WikiLeaks releases Spy Files 3, demonstrating increasing use of third-party hacking tools, such as FinFisher. 6 September – Bruce Schneier writes in the Guardian The NSA also devotes considerable resources […]

US magistrate makes Schengen internet more likely

Posted by Kevin on April 29, 2014

Microsoft could either see the Schengen Cloud coming or was privy to politicians’ thoughts. In January this year it announced that it would allow European customers to keep their data on servers within Europe. This followed a blog by legal counsel Brad Smith in December 2013 that voiced concern over US surveillance: And we’ll assert available […]