ITsecurity
twitter facebook rss

The Global Identity Foundation

Posted by Kevin on May 21, 2015

The basis of all information security is the protection of confidential information from unauthorised access. This requires the ability to differentiate between authorised and unauthorised subjects. For years passwords have done this. A unique password issued to the authorised subject has assured that only that authorised subject is granted access. But passwords are no longer […]

Quis custodiet ipsos custodes?

Posted by Joseph Saviri on May 19, 2015

The GCHQ will now be immune from prosecution from engaging in illegal hacking operations. This state of affairs is now made by possible as a result of amendments made to the Computer Misuse Act 1990. The Computer Misuse Act 1990 (CMA) creates a set of offences for those who engaged in activities interfering with the […]

Researchers play Whack-a-Mole with Google Password Alert

Posted by Kevin on May 3, 2015

Phishing is a huge problem with no indication of any solution (see, for example, Phishing: detection and prevention). Last week Google attempted to alleviate the issue with the release of a Chrome extension: Password Alert. If you end up on a phishing page that asks you to enter your Google password, the extension pops up […]

If this phish works, we’re all doomed

Posted by Kevin on May 2, 2015

If information security depends on a combination of technology and user awareness, we’re all doomed. Firstly, how the hell did this get through the spam filters? (Unless, of course, this quality of grammar is acceptable by today’s educational standards.) And secondly, I’m assuming the criminals wouldn’t bother if it didn’t provide a return. That means real […]

Pass the password, please

Posted by Kevin on April 26, 2015

We are told to use strong passwords – a long and random mix of uppercase, lowercase, numbers, punctuation and special characters. The reason is to make them difficult to crack. Well, that’s only half true. A password is a password is a password. It doesn’t need to be cracked. It’s what it is – it’s […]

FireEye/Mandiant points finger at China – again

Posted by Kevin on April 15, 2015

When I first started commenting on FireEye the company was noticeably reluctant to attribute malware and malware campaigns to specific actors. The accusation market changed when Mandiant published its famous report: APT1 Exposing One of China’s Cyber Espionage Units. And things changed for FireEye when it bought Mandiant. I am somewhat cynical about Mandiant (it is […]

Crimefighters take down Beebone botnet

Posted by Kevin on April 9, 2015

EU and US crimefighters have announced today that, in conjunction with Intel Security, Kaspersky and Shadowserver from the private sector, they have taken down the Beebone botnet (also known as the AAEH botnet). I would normally say that such statements are a bit of an exaggeration. Usually the most that can normally be claimed is […]

FTC demonstrates that the US takes Safe Harbor seriously

Posted by Kevin on April 7, 2015

Hallelujah, I have seen the light! What are we Europeans worrying about? Safe Harbor is safe in the safe hands of that pit-bull defender of privacy, the Federal Trade Commission. Let me explain… The FTC came across 2 out of hundreds of US companies in breech of the EU-US Safe Harbor agreement, and has chastised […]

Encryption in the Cloud

Posted by Kevin on April 4, 2015

The pressure to allow staff to use cloud storage is enormous. Not only are there strong economic arguments and business benefits, they’re going to do it anyway. So just saying No is not really an option — it’s better to have visibility into what is being used than to attempt to prevent it. But here’s […]

The Right-to-be-Forgotten, Sandeep Kumar and the Oxford Mail

Posted by Kevin on March 18, 2015

Following Tara’s article on the right-to-be-forgotten (The Right To Be Forgotten – EU and Elsewhere) there was an interesting comment on Twitter: The headline to this article in the Oxford Mail reads: Google wipes out stories about Asbo yob Sandeep Kumar under Right to be Forgotten ruling. That’s really sad for a newspaper with the […]