ITsecurity
twitter facebook rss

Of irony and petards

Posted by Kevin on June 18, 2014

Says it all without comment – but I must make one: I think 122 hours to find an unknown vulnerability is pretty good going. Share This:

Spamhilarity

Posted by Kevin on June 18, 2014

It’s good to check your spam folder regularly. Sometimes the filter gets it wrong, and an important or useful message is diverted away from you. It’s sobering to realise how many long-lost relatives you have; it’s worrying to find out how many friends get mugged during a surprise foreign visit; it’s tempting to take advantage […]

Does DOS extortion break the security risk management rule?

Posted by Kevin on June 15, 2014

We are exhorted to bring risk management principles into the infosecurity practice. In classic risk management we can accept, mitigate or transfer risk. In infosec, this roughly translates to doing nothing, using security practices and systems for defence, or employing a third party security services provider (SSP) to provide protection for us. It is in […]

Another example of GCHQ leading the British press by the nose

Posted by Kevin on June 10, 2014

The British spy agencies are masters of disinformation and misinformation — and their ability to maneuver public opinion through manipulating the mainstream press knows no bounds. A little piece in the Telegraph over the weekend is an example. An unnamed source provides unspecified details of non-specific numbers on uncategorised threats. Nevertheless, the Telegraph is able […]

Does the government run the spy agencies, or do the spy agencies run the government?

Posted by Kevin on June 9, 2014

The joke that dare not be taken seriously has always been that MI5 holds files on all major politicians — but now we must take it very seriously. It is the only proposition that fits the facts. It explains why Blair in opposition was on the side of the people in the First Crypto War […]

PROACTIVE use of the internet of things to detect terrorist behaviour in the public

Posted by Kevin on June 8, 2014

The hidden danger in Edward Snowden’s treasure trove of NSA documents is that it has drawn all eyes towards it — we no longer notice potential threats outside of the NSA. Take, for example, PROACTIVE (PRedictive reasOning and multi-source fusion empowering AntiCipation of attacks and Terrorist actions In Urban EnVironmEnts) — a project being funded […]

Why SMBs need to pentest their networks and websites

Posted by Kevin on May 29, 2014

In November 2013 a national bank was notified by a third party that some of its customer data was being circulated on the internet. The bank had strong perimeter defenses, had no knowledge of a breach nor could find any indication that a breach had happened. It called in a forensics team to investigate. After […]

Net neutrality: a FAQ

Posted by Kevin on May 11, 2014

What is net neutrality? Net neutrality (aka the open internet) is the principle that no one internet user should be given preferential treatment over any other internet user. From a finite bandwidth resource, if one user gets more, another user must necessarily get less. Net neutrality holds that this is discrimination that must not be […]

Care.data, pseudonymised data and the ICO

Posted by Kevin on April 29, 2014

I find the ICO’s response to Dr Neil Bhatia’s request for clarification on care.data and the Data Protection Act (DPA) to be very strange. Care.data is the name for NHS England’s program to centralise all GP patient health records together with all hospital visit records in one big data warehouse available to researchers. While originally […]

AV and the NSA: is the anti-virus industry in bed with the NSA – why do CIPAV, FinFisher and DaVinci still defeat AV?

Posted by Kevin on April 29, 2014

September 2013 is the month in which the extent of direct government hacking – as opposed to traffic surveillance – became known. 4 September – WikiLeaks releases Spy Files 3, demonstrating increasing use of third-party hacking tools, such as FinFisher. 6 September – Bruce Schneier writes in the Guardian The NSA also devotes considerable resources […]