twitter facebook rss

Of irony and petards

Posted by Kevin on June 18, 2014

Says it all without comment – but I must make one: I think 122 hours to find an unknown vulnerability is pretty good going. Share This:


Posted by Kevin on June 18, 2014

It’s good to check your spam folder regularly. Sometimes the filter gets it wrong, and an important or useful message is diverted away from you. It’s sobering to realise how many long-lost relatives you have; it’s worrying to find out how many friends get mugged during a surprise foreign visit; it’s tempting to take advantage […]

What is a penetration test?

Posted by Robin Wood on June 16, 2014

Welcome to my first post of what will hopefully be a regular series on topics at least loosely security testing. Seeing as my section will be on testing I thought I’d start by asking the question “what is a penetration test?”. Hopefully if you ask someone in the testing community about vulnerability scans and penetration […]

Does DOS extortion break the security risk management rule?

Posted by Kevin on June 15, 2014

We are exhorted to bring risk management principles into the infosecurity practice. In classic risk management we can accept, mitigate or transfer risk. In infosec, this roughly translates to doing nothing, using security practices and systems for defence, or employing a third party security services provider (SSP) to provide protection for us. It is in […]

JavaScript: New Privacy/Security Threat

Posted by Alexander Hanff on June 13, 2014

  Recently, a developer I know reasonably well contacted me to show me a new JavaScript library he had written which exposes information on all network adapters and connections on a PC. This code was able to detect -all- network adapters along with the IP addresses assigned to them including virtual adapters. This means that […]

Another example of GCHQ leading the British press by the nose

Posted by Kevin on June 10, 2014

The British spy agencies are masters of disinformation and misinformation — and their ability to maneuver public opinion through manipulating the mainstream press knows no bounds. A little piece in the Telegraph over the weekend is an example. An unnamed source provides unspecified details of non-specific numbers on uncategorised threats. Nevertheless, the Telegraph is able […]

Does the government run the spy agencies, or do the spy agencies run the government?

Posted by Kevin on June 9, 2014

The joke that dare not be taken seriously has always been that MI5 holds files on all major politicians — but now we must take it very seriously. It is the only proposition that fits the facts. It explains why Blair in opposition was on the side of the people in the First Crypto War […]

PROACTIVE use of the internet of things to detect terrorist behaviour in the public

Posted by Kevin on June 8, 2014

The hidden danger in Edward Snowden’s treasure trove of NSA documents is that it has drawn all eyes towards it — we no longer notice potential threats outside of the NSA. Take, for example, PROACTIVE (PRedictive reasOning and multi-source fusion empowering AntiCipation of attacks and Terrorist actions In Urban EnVironmEnts) — a project being funded […]

Why SMBs need to pentest their networks and websites

Posted by Kevin on May 29, 2014

In November 2013 a national bank was notified by a third party that some of its customer data was being circulated on the internet. The bank had strong perimeter defenses, had no knowledge of a breach nor could find any indication that a breach had happened. It called in a forensics team to investigate. After […]

Industry Two Faced over Privacy

Posted by Alexander Hanff on May 29, 2014

As an advocate I have spent a great deal of my time over the past six years taking part in roundtables, consultations, forums and conferences and during that time I have witnessed first hand the relentless push by “Big Data” corporations to dilute the fundamental right of privacy in order for those same corporations to […]