twitter facebook rss

Key Card Ransomware: News versus FUD

Posted by David Harley on January 30, 2017

David Harley photo

On the 28th January 2017, a news site reported that Hotel ransomed by hackers as guests locked out of rooms. The story initially claimed that a ransomware gang had been able to compromise systems in the Romantik Seehotel Jägerwirt in Austria including the key card registry system, even managing to lock guests into their rooms. The […]

Malicious Photocopier: not the Internet of Things

Posted by David Harley on February 2, 2016

David Harley photo

If your photocopier is sending you Word docs by email, think twice before opening.

Wipro Wipeout? Call Centres and Scams

Posted by David Harley on January 29, 2016

David Harley photo

Arrests of call centre staff and some scam call variations cause TalkTalk to reconsider its relationship with Wipro.

Music, Security, and a Nice Cup of Tea

Posted by David Harley on October 19, 2015

David Harley photo

Music as a tool for improving security? No wonder the security industry has made all those YouTube videos.

OpinionSpy resurgent

Posted by David Harley on February 12, 2015

Some of us were slightly confused back in 2012 when Intego flagged a problem with the alleged spyware/adware program security vendors usually call OSX/Opinionspy. According to Intego, users were required to install the program – claimed to be a market research utility – but reported to have  as part of the installation process for a number […]

Does DOS extortion break the security risk management rule?

Posted by Kevin on June 15, 2014

We are exhorted to bring risk management principles into the infosecurity practice. In classic risk management we can accept, mitigate or transfer risk. In infosec, this roughly translates to doing nothing, using security practices and systems for defence, or employing a third party security services provider (SSP) to provide protection for us. It is in […]

Dropbox waits almost six months to fix a flaw that probably took less than a day

Posted by Kevin on May 7, 2014

Graham Cluley is a much respected security expert – but we don’t always agree. Full disclosure – the early public disclosure of a vulnerability whether or not the vendor has a fix available – is an example. I believe that vendors should be notified when a flaw is discovered, and then given 7 days to […]