While application security and payment data compliance are not commonly associated, there are more links than you would expect. Speaking at the OWASP AppSec conference in Cambridge, Geraint Williams, consultant and QSA said that when assessing PCI certification, he will be looking at the protection of cardholder data within web applications, but there are a series of common problems that he comes across and that can be removed. He said: “What I am looking for...
Read moreMicrosoft and Google have announced that they are to introduce a “killswitch” functionality to their smartphones, which will render them completely useless if they are stolen. According to BBC news, the two companies have followed Samsung and Apple in offering the functionality and a hard kill switch would render a stolen device permanently unusable and is favoured by legislators who want to give stolen devices the "value of a paperweight", while a “soft" kill...
Read moreYesterday saw the news breaking across the world that takeaway pizza chain Domino’s was being held to ransom by a hacker who had possession of 600,000 customer records. In the story, the hacker “Rex Mundi” (who has since had his Twitter account suspended) wanted €30,000 (£23,000) or he would release the 600,000 customer details that included customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions, as well as each customer’s favourite...
Read moreAs an Internet populace we are increasingly being tracked, taken through covert redirects and are often at risk of serious fraud and abuse. And the situation only gets creepier as we put more of our lives online, and as corporations and governments get better tracking and analytics technologies. To be sure, most people are still happy to get “free stuff” and some are still relatively comfortable putting up with the ad infrastructure. We love to...
Read moreThis week saw the announcement of the CBEST framework, designed to help the boards of financial firms, infrastructure providers and regulators to improve their understanding of the cyber attacks. Backed by the Bank of England, Her Majesty’s Treasury and the Financial Conduct Authority, it will also focus on the extent to which the UK financial sector is vulnerable to attacks and how effective their detection and recovery processes are. CBEST also puts in place...
Read moreToday marks one year since the first major headlines were published about the NSA’s mass surveillance programme. Published on 6th June 2013, it was revealed by a number of news agencies, including the New York Times and the Guardian, that the NSA monitored user activity on Google, Facebook, Apple and other US internet giants, while 24 hours later it was revealed that the UK was not so innocent, with the UK's GCHQ were cooperating...
Read moreIn an interview published this week, WhiteHat Security founder and CTO Jeremiah Grossman said that ultimately, the problem with security is a lack of decent protection. Grossman said that information security has to change its thinking as there is a problem in a belief that you can put a box in and the problem goes away, and that is most people’s way of doing things and how they are trained. He said: “We need software...
Read moreIf headlines are to be believed, then the cloud could be in danger of becoming localised almost a year on from the Edward Snowden revelations. However this year's security conferences and news have shown a renewed vigour for the cloud in the security sector. Take the acquisition of SaaSID by Intermedia, a cloud-based single sign-on service was proven to be valuable and since then, companies such as Pirean and Okta have emerged also. So with this...
Read moreThis week saw music streaming website Spotify announce that it had experienced unauthorised access to its systems and internal company data. In the wake of the eBay breach, it said that there had been no compromise of user’s financial data, as a warning a portion of its 40 million users will need to re-enter, but not change, their login credentials while users of the Android app would be forced to upgrade. Oskar Stål,...
Read moreIn order to make the general public more aware of internet security, could the box in the corner be the answer? Talking with Professor Alan Woodward, who has embarked on a series of educational ventures with Sophos and SANS Institute’s James Lyne and former Tomorrow’s World presenter Maggie Philbin, he said that the television is a missing part of the way to educate. He said: “Where are the TV programmes? At best there...
Read more