Opinions & Analysis

This week saw the United States Government issue a charge against five Chinese Government agents, who it claimed were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA), aka the APT1 group.   The indictment alleges that three of the men hacked, or attempted to hack, into US entities, while two others managed the infrastructure. It was also alleged that the stolen information would benefit the Chinese Government and...

It seems the author of a report called “Jackpot! Money Laundering Through Online Gambling” has come out and said the findings of his study have been grossly misinterpreted by the anti-online and pro-online activist groups.   Raj Samani, chief technology officer of leading anti-virus firm McAfee and author of this report has said he felt like he had “kicked a hornets nest” with the amount of responses he has received over his report.   According to Samani,...

The continued use of default credentials, including passwords, was identified as a key security failing by the Information Commissioner’s Office (ICO) report this week.   Correlating with recent research by NCC Group, it seems that there is an expectation of things working out of the box so much that the security functions are not really considered. I put the question to some key industry spokespeople, and asked why people do not check the settings of such crucial things?...

The main news this week has been that the “right to be forgotten” ruling of the EU Data Protection Directive.  It was decreed that an internet search engine operator is responsible for the processing that it carries out of personal data which appears on web pages published by third parties.   The decision by the Court of Justice of the European Union said that if a search is made on the basis of a person’s...

Stop all the clocks, cut off the telephone, prevent the dog from barking with a juicy bone – this week once again the slow death of anti-virus was claimed again.   After Imperva declared it to be dead in 2012 in its own research, a new report emerged this week in the esteemed Wall Street Journal claiming that anti-virus was dead once again.   In an interview, Brian Dye, Symantec's senior vice president for information...

Today is “National Password Day” as the security industry and world continues the battle with the dogged authentication method.   Backed by companies including Microsoft, Intel and LastPass, the initiative follows on from stories where “hackers have leaked millions of passwords from sites like Facebook, Yahoo!, and Google”. The website offers basic advice on password security for consumers, but comes after the Heartbleed bug, which may have affected two-third of global websites and compromised millions of...

One of the key stories of 2014 and one that I anticipate to dominate conference schedules and presentation for months and possibly years to come, is the Target breach.   Thanks to the excellent work done, particularly by security journalist Brian Krebs, we now know how many records were breached, how the infiltration was done and how sophisticated the malware was.   Some time ago, a name of a vendor who Target used was mentioned to...

This week saw the release of the annual Verizon Data Breach Investigation Report (DBIR) and among its 80 pages of data from 50 contributing organisations were some genuine gems of insight.   In our story we focused on the major section around point of sale (POS) breaches, while in our Guru article with author Wade Baker, we looked at the bringing together of the data and its development over the past seven years.   Verizon found...

The Heartbleed flaw may be bugging every online company at the moment, but is it all bad?   In conversation with security manager Thom Langford, he said that users may become wise to phishing attacks, while Canon’s director of information security Quentyn Taylor said on Twitter that “the SSL issue is doing wonders for awareness” as it dominates national news headlines and makes users aware not only of password security, but also of open source...

We recently ran some articles based on interviews with the new board members of (ISC)2, where one of the discussion points was the redefinition of the role of chief information security officer (CISO).   In the first article, it was acknowledged by the new chair Wim Remes and new secretary Dave Lewis that there is a danger that the CISO could be out of touch, or unable to fit in the skills that sit at...