ITsecurity
twitter facebook rss

#panamapapers and Mossack Fonseca’s Reckless, Feckless IT Security: Was That Breach a Privacy Curse or a Transparency Blessing?

Posted by Richard Smith on April 9, 2016

…the tight-lipped Mossack Fonseca (believed to be an industry leader) The Economist, 2012 Readers will doubtless have noticed that someone has recently loosened Mossack Fonseca’s lips, quite a lot, by way of an utterly monumental hack. 2.6TB of business emails and documents, covering the affairs of Panamanian law firm Mossack Fonseca’s sometimes rich and politically exposed, sometimes […]

iPhone and the FBI backdoor

Posted by Kevin on February 17, 2016

Much is being written about the FBI’s court order instructing Apple to provide a backdoor into a terrorist’s iPhone. And much praise is being heaped upon Apple for its disinclination to do so. This disinclination is described by Tim Cook in a letter to Apple users: A Message to Our Customers. I think, however, it […]

TalkTalk’s Failure over Incident Response

Posted by Kevin on October 29, 2015

TalkTalk’s incident response has been an unmitigated disaster. Let’s look at some of the facts… CEO Dido Harding told the Sunday Times (after earlier admitting that she did not know if the stolen data had been encrypted), “[Our data] wasn’t encrypted, nor are you legally required to encrypt it.” That is incredibly crass. It implies […]

Lauri Love to face extradition hearing

Posted by Kevin on July 17, 2015

Here we go again. Lauri Love, who was first arrested (but not charged) under the Computer Misuse Act almost two years ago has been rearrested on the original US charges and now faces an extradition hearing on 1 September. And yet, just two months ago, the UK police returned some confiscated items dating from the […]

Finally: phished in a foreign language!

Posted by Kevin on July 6, 2015

I tell myself it’s because I’ve finally made it to the international stage – getting phished in a foreign language: But, no, it’s just a foreign contact got hacked by a foreign hacker. And I don’t really care what’s on that video of me. It wasn’t me anyway. I was somewhere else. I grant you […]

Hacking Team Hacked

Posted by Kevin on July 6, 2015

If you enjoy irony, this is one of your better days: Hacking Team, purveyors of spyware (DaVinci) beloved by repressive regimes around the world, has been hacked. And its dirty laundry is being hung out to dry. Don’t you just love the comments from Christian Pozzi, Senior System and Security Engineer: More seriously, the hackers’ […]

Morgan Stanley — latest victim of the nightmare scenario

Posted by Kevin on January 6, 2015

Morgan Stanley

The nightmare scenario is so scary and so difficult to contain that it is best ignored. That nightmare is the rogue insider who knows your network and already has authorized access. You cannot function without such people, you can only hope they don’t go bad. The Sony incident, explains Jonathan Sanders, strategy & research officer for […]

North Korea did not attack Sony; & the US did not attack North Korea

Posted by Kevin on December 23, 2014

The official line from the US is that North Korea attacked Sony; and the official line from the British custodian of truth, the BBC Radio 4 news, is that the US probably attacked North Korea (which the US has declined to deny). Both are almost certainly false. While the US, from Obama down, insists it […]

Is hacktivism a valid form of political dissent?

Posted by Kevin on November 16, 2014

RedHack, a Turkish left-leaning hacker collective, has posted a video on Vimeo demonstrating what it claims to be the deletion of Türkiye Elektrik İletim A.Ş. (electricity supply) customer accounts to the tune of TRY 1.5 trillion (or more than £400 billion!). This is not an example of Robin Hood. No money has been stolen from […]

HSBC Turkey loses 2.7m card details; but won’t reissue

Posted by Kevin on November 15, 2014

HSBC Turkey revealed last week that 2.7 million customer card details had been compromised. In a statement HSBC claimed to have detected the compromise itself via its own internal controls within a few days of it occurring. Trey Ford, global security strategist at Rapid7 comments, “This is impressive given that the vast majority of breaches […]