This week saw the internet, Twitterverse and my inbox explode as the full scale of the Heartbleed flaw come to light. It was on Tuesday morning when I first became aware of the issue and since then I have heard a mixed bag of thoughts on it, and had the chance to read varying stories that offer a combination of FUD, decent analysis and advice on changing passwords prematurely. In case you took the week...
Read moreLast week saw Yahoo implement encryption for data in motion between data centres as well as plans to offer a more secure user experience. In the statement, Alex Stamos, chief information security officer at Yahoo said that Yahoo has now fully encrypted traffic moving between Yahoo data centres, as well as adding HTTPS encryption to all search enquiries “and most Yahoo properties”. Stamos, who made the post marking only his fourth week in the job,...
Read moreAs we talk more and more about the skills shortage, we look at how career paths need to be defined and how the security professional needs to be an evangelist. However is one of the problems that computer science university courses have not evolved to meet these needs? This isn’t intended as a dig at universities, but are they preparing students for a career in this industry? I talked with three noted university professors to...
Read moreThis week it was announced that Microsoft was releasing its early versions of MS-DOS and Word for Windows in open source. You may ask why, and some people I told this to did pull the same face. After all, Microsoft has given away anti-virus protection in the past, as well as a pretty good browser, but an entire operating system and word processing software? It turns out that this was made available with...
Read moreJust when you thought you had done reading about NSA hacking stories, it seems that its efforts went overseas and hit one of the most talked about technology companies in the world. Back in 2012, the White House cleared Huawei of any wrongdoing and said it did “not pose a cyber espionage threat to the United States”. The allegations stretched back to 2010, when a group of eight Republican senators warned the Obama administration to...
Read moreThis year sees the second annual European security bloggers meet up and awards. Held on the evening of the 30th April, during the week of Infosecurity Europe and BSides London, it made its debut last year and saw noted bloggers such as Javvad Malik, Sophos Naked Security and Thom Langford awarded. The nominations are now open for the 2014 awards and IT Security Guru asked organiser, and 2013 winner, Brian Honan about the awards....
Read moreWith the turmoil in the region seemingly coming to an end, Russia has seen a number of attacks against it in recent days. Last Friday, Finextra reported that the website of theBank of Russia was taken down, while Reutersreported that hackers knocked out the Russian presidency's website several times. Combine those attacks with reported attacks againstNATO, which according to CNet were down to the hacktivist group “Cyber Berkut”, who hit NATO’s website, NATO's cyber defense center and the site for NATO's...
Read moreAttending a breakout session at last week's CSIT conference, the subject of liability cyber education came up. Hosting the session were Dr Ulf Lindqvist from SRI International and Raj Samani from McAfee. The subject of liability was an interesting one among the dozen-strong roundtable, especially as it touched the case of whether banks should reimburse those users who show a blatant disregard for security. Samani asked that if people don't care about security, why...
Read moreThe Information Commissioner’s Office (ICO) has fined the British Pregnancy Advice Service (BPAS) £200,000 after almost 10,000 personal records were compromised. In 2012, the BPAS suffered an attack by a pro-life hacker who was opposed to the company’s abortion advice. According to the ICO undertaking, the attacker exploited a vulnerability in 2012 which revealed the 9,900 names, dates of birth, addresses and telephone numbers that had been collected via a “call back” feature. The BPAS,...
Read moreA story emerged last week which claimed that power companies were being refused insurance cover for cyber attacks. Specifically because their defences were perceived to be weak, this also came about when underwriters at Lloyd's of London said that they had seen a “huge increase” in demand for cover from energy firms. According to the BBC story, any company that applies for cover has to let underwriters and third parties look over their...
Read more