Editor's News

We need pervasive encryption as the public key infrastructure (PKI) is generally “a bad idea” and something we should move away from.   According to cryptographer Phil Zimmermann, we need a new form of pervasive encryption and we need to create pervasive crypto and cause a legislative environment to push back and make a change. Speaking at the Def Con event in Las Vegas, Zimmermann said that the crypto wars were won in the 1990s...

Lawyers must take steps to protect sensitive paperwork, following a series of cases which have seen files lost or accidentally made public.   According to the Information Commissioner's Office, there have been 15 complaints about solicitors and barristers in the last three months, and commissioner Christopher Graham reminded lawyers of their responsibilities to keep personal information secure under data protection rules.   He told the Telegraph: “The number of breaches reported by barristers and solicitors...

Websites which run on the Wordpress content management system are at risk of being fully controlled by hackers.   According to Sucuri, the vulnerability affects Custom Contacts Form, a plugin with more than 621,000 downloads. The company claimed that this would allow an attacker to take unauthorised control of a victim’s website without requiring any sort of privileges or accounts beforehand.   It said: “Those familiar with WordPress know that all of the table names and...

Microsoft will release nine patches next week, two of which will be rated as critical.   These Updates will be for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows and Internet Explorer. The two critical bulletins and one of the others, rated as important, allow for Remote Code Execution (RCE).   Wolfgang Kandek, CTO of Qualys, said: “The most critical patch is bulletin #1 which affects all versions of Internet Explorer (IE), all the way from...

Cryptolocker is dead, the owners are trying to discover what the authorities know and don't be surprised to find more variants out there.   Speaking at the Black Hat conference in Las Vegas, security consultant John Bambenek praised the global effort in taking down the GameOver Zeus, but said that this followed a distinct lack of communication.   He said that at one point, there were four different working group for Cryptolocker and when they...

Stuxnet is not an example of war, as the USA and Iran were not at war, but it was an act of sabotage by one Government against another.     Speaking at the Black Hat conference in Las Vegas, Mikko Hypponen, chief research officer at F-Secure said that Stuxnet was an example of a capable army using a tool for their benefit. “The number one benefit is deniability, followed by lack of attribution,” he said....

Sharing of threat and viral information has benefited the healthcare industry, so the same can work in cyber security.   Speaking in the opening keynote at the Black Hat conference in Las Vegas, In-Q-Tel CISO Dan Geer said that he believed that cyber security has a dual purpose, for good or evil, but that dual use was inherent in security tools.   Moving on to mandatory reporting, Geer made the analogy between releasing information on...

“Choose two from freedom, convenience and security”   Speaking in the opening keynote at the Black Hat conference in Las Vegas, In-Q-Tel CISO Dan Geer covered a ten point policy to improve online security, including convergence, mandatory breach reporting and the right to be forgotten.   Admitting that everyone wishes this was taken as seriously, but admitted that it is taken usefully or corherently, he said “we never been more at the of forefront of...

Advances in automobile technology are enabling attacks, but that industry is not ready for security and updates.   Speaking in a well-publicised presentation at the Black Hat conference in Las Vegas, Charlie Miller and Chris Valasek claimed that this time they were able to present at this conference after completing more of a study of automotive technology, and identifying common flaws. Last year's proposed talk was rejected and presented at the Def Con conference instead....

Don't be afraid to speak about incidents, and use knowledge and experience to benefit yourself and others.   In his keyote address titled “Beyond good and evil” at BSides Las Vegas, threat modelling author and expert Adam Shostack claimed that there is a danger of security professionals “burning out” due to levels of exhaustion, cynicism and efficacy.   He said: “If we cannot prevent our networks from getting hacked, it seems to me to relate...