This Week's Gurus

Last week’s announcement that hacktivists Anonymous were clashing with the Ku Klux Klan saw a “return to action” for the group.   In the incident, Anonymous took over Twitter accounts and websites related to the white supremacist group after altercations relating to the situation in Ferguson, Missouri. In conversation with TK Keanini, CTO of Lancope, he said that one thing that you can count on with Anonymous is that, once they come to the microphone, they...

In 2011, just after the first BSides London, I gave a talk at the local DC4420 chapter on evading detection. There I made the point that there are four main technical areas that give an attacker's existence away: network communications, disk communications, logs and memory. From an attacker's point of view, their ability to stay undetected depends on balancing all of these things against their adversaries capabilities just as defenders must do the same. So...

Since the FIDO Alliance launched 18 months ago, its achievements have not been boasted about too much, while it has quietly gone about its business attracting participating partners. While the likes of PayPal’s security manager was there at the start, it has since attracted the likes of Alibaba and Winfrasoft and the industry has talked more and more about passwords and better authentication. Research by Intercede of 2,000 UK consumers found 60 per cent of...

Previous to mid 2014, a company dominated the hosted data loss prevention (DLP) space and I had the opportunity to deal with them several times. That company was Verdasys and they were run by CEO Jim Ricotta. Fast forward to late 2014 though, and the times changed at the company. I met with the new EMEA vice president Eric Driehuis, at a company now calling itself “Digital Guardian”. It takes a lot of courage to...

Yesterday saw the launch of Cloud Defender, a hosted security intelligence technology from Alert Logic.   I recently had the opportunity to meet the company’s founder and current vice president of strategy and emerging products, Misha Govshteyn, to discuss what the company is offering to the UK, just a few weeks after opening its first security operations centre in the UK.   He said the company has been in operation since 2002 and was one of the first software...

The controversial anonabox anonymity hardware router project returned today amidst a scathing reaction from the wider security and anonymity communities.   Previously, the project was suspended from Kickstarter after claims that the project used entirely custom hardware were debunked by industry experts and laymen alike. The project has resurfaced on crowdfunding site Indiegogo, where so far it has raised over $11,000.   Claims made by the previous incarnation of the project, that turned out to be false, included:...

The past few weeks has seen plenty of conversation about a $45 router that was barely half the size of your hand.   Named Anonabox, it achieved early success due to an appearance in Wired and the promise of up to $600,000 in crowd-sourced funding via Kickstarter, 82 times its original $7,500 goal. However the wheels soon fell off the hype, as flaws were discovered in the box and its promise of anonymity and security...

Herbert “Hugh” Thompson has become well known in the industry, mainly for his work as the programme committee chairman at RSA Conference, but I recently had the opportunity to talk to him with his Blue Coat hat on, about the move to protect against evolving and sophisticated threats.   Blue Coat announced the launch of an advanced threat protection suite earlier this year, tapping into technology acquired from Norman Shark last year. I asked Thompson...

It's around six months since the initial guidelines for the third version of the PCI data security standard were published. What caught my eye were the introduction of penetration testing factors and requirement 12 to “ensure that the security policy and procedures clearly define information security responsibilities for all personnel”. An interesting study appeared afterwards from Verizon, who ahead of their data breach investigations report, released some interesting statistics around PCI DSS compliance. Report author...

Cyber security woes continue to burden the minds of organisations of all sizes. This has been further exemplified by the announcement from C5 Capital to launch the first cyber security-focused venture capital fund in Europe, as concerns about leaks and digital technology securities grow. The London-based firm is looking to raise $125 million to invest in security and data companies in Europe, and highlights that the cyber security threat has certainly become a boardroom issue....