This Week's Gurus

“Last Friday, on my way home from 31c3, a funny thing happened on my way through Charles de Gaulle airport in Paris: I was required by a security agent to not only power up, but also type in my password to unlock my laptop in order to board my flight.”   Katie Moussouris, chief policy officer at HackerOne and former lead of Microsoft’s security community outreach and strategy team and its Blue Hat prize, published an...

A simple look at the last Anti-Phishing Working Group (APWG) report, covering the first half of 2014, revealed that there were at least 123,741 unique phishing attacks worldwide, the most since 2009.   Also, the attacks occurred on 87,901 unique domain names, up from the 82,163 domains used in the second half of 2013. In the APWG report, it contains the key phrase “phishers are criminal, but they do make rational decisions about how to...

How many times have we said in the last 14 months “this is really unprecedented”?   Ahead of this week's webcast, where we will talk about the top five stories of the year, one story has crashed in with massive media coverage about security failings. Microsoft MVP and security researcher Troy Hunt told me that the Sony Pictures story is “like something out of a movie script”, as it combines all of the factors needed for...

At last week's (ISC)2 EMEA Congress, two comments stood out on the securing of the ever emerging wearable and “Internet of Things” (IoT) market.   On an early panel, CERN's Stefan Luders claimed that dealing with the IoT is about patching, rather than anti-virus and standard security controls, while he said that this was the biggest challenge he had seen for control systems. “We are much too rigid in patching and attack vectors are enabled...

The “linear” nature of security and access has worked, but it is not representative of human behaviour and how we work. In conversation with Jamie Bodley-Scott, global product manager for secure access at Cryptzone, he said that the current model does work, but is set up for failure. He said: “The model today is very disconnected and linear, as you deal with identity up front and once done that there is permission and rights and...

Through robust research and commercial engagements covering eight years, Cytelligence are able to attest that the element of Open Source Intelligence is not only a major source of exposure and a potential point of exploitation, but it can also be key in the majority of successful cyber attacks against random, and/or selected targets. It is in this area where one piece of work which was produced on this journey to prove the exposure and went...

The film industry may have had its fair share of hits this week with the news surrounding Sony Pictures, but security is nothing new to Hollywood.   In conversation with Ryan Kalember, chief product officer at Watchdox, I asked him how their technology, which adds a digital watermark to a document to enable control of it, could be adapted to the film industry. He said it already is, pointing out customers including studios making superhero...

It seems that it was only yesterday that patch/update Tuesday came and went, yet the next one is looming already. As an IT guy I actually look forward to seeing the types of vulnerabilities that have been discovered in Microsoft’s products. Some are obviously more interesting than others, such as the vulnerability in Schannel, but what they all have in common is that they actually do pose a threat to your business. We all know...

The talk of cyber insurance has seen major steps forward in 2014.   With Cabinet Office Minister and Paymaster General Francis Maude MP recently working with the Association of British Insurers to create a comprehensive cyber security insurance model to Target’s successful claim, this is undoubtedly a topic being well discussed. At the recent Cyber Security Summit, Mark Brown executive director of cyber security and resilience at EY said that while there is currently $1BN of...

Take any movie where robots rise up against their human makers, and you’ll see fear and panic set in.   This happens in films such as The Terminator (1984), Screamers (1995), and I, Robot (2004). Why? Because robots operate on autopilot and are not constrained by human limitations: the need for food, water, or sleep. Similar can be said for certain types of malware.   Malware is neither exclusively driven by machines nor humans. From studying different types of malware we...