twitter facebook rss

A life-long commitment to privacy.

Posted by Alexander Hanff on June 30, 2014

For the past seven years I have been advocating for stronger privacy across the globe, both in my role at Privacy International, where I managed their digital privacy portfolio for three years, and as an independent expert. Much of the first five years were focused on lobbying for changes in global privacy laws to change […]

Support Scams and Developer Data Harvesting: is there a Connection?

Posted by David Harley on June 23, 2014

Richard Hay tells us that a cold-caller ostensibly from the DVLUP programme may actually be hoping to harvest some sensitive personal data. Is this human trojan horse from the same stable as tech support scams?

The Darker Side of Jeff Bezos’ Fire Phone

Posted by Alexander Hanff on June 19, 2014

Amazon’s Jeff Bezos took to the stage this week to talk about Fire Phone – Amazon’s inaugural step into mobile devices. The world’s press and media are buzzing with activity over the device and in particular the Firefly app which can be used to identify objects and images from the camera with the immediate opportunity […]

A glimmer of hope for the automatic removal of PUPs

Posted by Kevin on June 19, 2014

A PUP is a potentially unwanted program. They are usually installed by deceit and are designed to make money for the author. This could be by displaying adverts, redirecting your browser to different web sites, or invoking premium rate phone calls. But whether they are actually illegal is a fine point – although deceit to […]

Of irony and petards

Posted by Kevin on June 18, 2014

Says it all without comment – but I must make one: I think 122 hours to find an unknown vulnerability is pretty good going.


Posted by Kevin on June 18, 2014

It’s good to check your spam folder regularly. Sometimes the filter gets it wrong, and an important or useful message is diverted away from you. It’s sobering to realise how many long-lost relatives you have; it’s worrying to find out how many friends get mugged during a surprise foreign visit; it’s tempting to take advantage […]

What is a penetration test?

Posted by Robin Wood on June 16, 2014

Welcome to my first post of what will hopefully be a regular series on topics at least loosely security testing. Seeing as my section will be on testing I thought I’d start by asking the question “what is a penetration test?”. Hopefully if you ask someone in the testing community about vulnerability scans and penetration […]

Does DOS extortion break the security risk management rule?

Posted by Kevin on June 15, 2014

We are exhorted to bring risk management principles into the infosecurity practice. In classic risk management we can accept, mitigate or transfer risk. In infosec, this roughly translates to doing nothing, using security practices and systems for defence, or employing a third party security services provider (SSP) to provide protection for us. It is in […]

JavaScript: New Privacy/Security Threat

Posted by Alexander Hanff on June 13, 2014

  Recently, a developer I know reasonably well contacted me to show me a new JavaScript library he had written which exposes information on all network adapters and connections on a PC. This code was able to detect -all- network adapters along with the IP addresses assigned to them including virtual adapters. This means that […]

Another example of GCHQ leading the British press by the nose

Posted by Kevin on June 10, 2014

The British spy agencies are masters of disinformation and misinformation — and their ability to maneuver public opinion through manipulating the mainstream press knows no bounds. A little piece in the Telegraph over the weekend is an example. An unnamed source provides unspecified details of non-specific numbers on uncategorised threats. Nevertheless, the Telegraph is able […]