Opinions & Analysis

This week saw the launch of a report which claimed that 1.2 billion unique credentials had been captured by a Russian cyber crime gang.   Altogether, the haul of details amount to more than four billion, and were collected by the gang from sites with a common SQL vulnerability. As John McAfee said in his closing keynote at this week's BSides Las Vegas event, this is unlikely as there are only five billion people on...

After Australian retailer Catch of the Day revealed that it had suffered a security incident in 2011 and only informed users three years on, a business closer to home has done something similar.   In a statement, Paddy Power's CEO said that it also suffered an incident in 2010 which did not compromise any financial information or customer passwords, and that no user accounts were adversely impacted. The incident has become public when Paddy Power...

If Mike Weatherly, MP for Hove and Portslade, has his way then cyber criminals could faces charges of going equipped to steal in virtual worlds, and could face real world jail time if convicted of stealing virtual items such as swords and gold within massively multiplayer online role-playing games (MMORPG). Weatherly is currently Intellectual Property Adviser to the Prime Minister as well as a player of highly the successful MMORPG World of Warcraft. He raised the issue...

If you think you are struggling as a business to keep up with technology, and are suffering from doses of “Shadow IT” and “consumerisation” as a result, well spare a thought for US Federal law enforcement and intelligence authorities.   Well if you can that is. According to an article by the Washington Post, FBI officials are “increasingly struggling” to conduct court-ordered wiretaps on suspects because of the sophistication of communication methods.  Because of the technical...

News broke today that the European Central Bank (ECB) had been hacked, and sensitive information had been stolen and was available for “purchase”.   A source told IT Security Guru that some personal data was unencrypted and stored in plain text, while other news sources claimed that the attacker was prepared to sell the data for the right fee. The affected database held about 20,000 email addresses and a smaller number of postal addresses and...

Security manager James Gosnold was at the recent ISSA Chapter event, held at the HMS President, and he reports back for IT Security Guru.   The opening keynote was given by Tony Neate, the CEO of Get Safe Online (GSO) who gave out real and pragmatic advice for a better more secure online experience for the general public, I thought in particular the resource looked very useful for protecting children from the pitfalls and threats...

If we were to label 2014 in security terms, at this point where we are over halfway, then the year of “massive data breaches” may not be too far from the truth.   Following the announcement of the breach at Australian retailers Catch of the Day in 2011, Target, eBay, Office and this week, Goodwill, we have seen them over and over again. Yes we get the same message – “we apologise for this”, “we...

Aside from the news of a mysterious security incident, the Information Commissioner’s Office (ICO) this week launched its annual report calling for more power, funding and independence.   Yes an independent regulator is needed, and wouldn’t we all love more power and money? I asked some of the industry’s key minds on legal and data protection issues on what they thought of the “request”.   Stewart Room, solicitor and president of the National Association of...

A war of words has emerged between BlackBerry and the manufacturers behind the Blackphone. In a blog, Joe McGarvey, enterprise mobility strategist at BlackBerry, said he welcomes the attention the Blackphone brings to secure communications and digital privacy, but as a consumer device “the Blackphone appears to be designed to operate outside the realm of IT oversight”. He said: “It’s currently unclear if the Blackphone will support the logging and archiving of business communications conducted on...

The key to national cyber security is that all public authorities, businesses and individual computer users must be alert and aware about security.   According to the 2013 Estonian Internal Security Service review, businesses and individuals “must be careful to take all the necessary security measures” after it “detected a number of attempted attacks run from other countries, which tried to access information illegally”.   Asked if this was a sign of success that an...