Opinions & Analysis

High profile security breaches are constantly in the news, due to the world’s biggest companies facing new and emerging threats on a daily basis. Brands like Apple and Starbucks are struggling to protect their customers as they build an online profile of their lives. According to Ofcom, 70% of UK internet users are happy to give away their details* which is drip feeding hackers with the power to make seismic security breaches. Knowledge is power...

In today’s digital age, identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy.  Prolific media coverage about cyber security is keeping us on our toes. Data breaches at well-known retailers have created more general awareness around threats like malware and phishing scams, but just as we begin...

As we have all begun to live our lives increasingly online, the importance of web security has grown. Passwords were once the best way to protect internet users but have now become only a small part in identity security as fraud and data theft continue to become daily occurrences. It may seem obvious, however, having your employees choose strong passwords is still of paramount importance and is the first step in online protection. When people...

The RSA Conference has grown significantly in size and stature in recent years, fueled by the news of seemingly endless security breaches and the real effects being felt by business leaders across the world. With such a laser-like focus on security issues, events such as RSA have become must-attend affairs for enterprises and public sector organisations alike. The constant wave of high-profile cyber-crime stories in the news and concerns that come along with BYOD have...

The dust has settled upon another RSA Conference and it was a pleasure to attend this industry's largest and best security event. After the debarcle in 2014 where a breakaway event allowed some speakers to withdraw from RSA Conference 2015 had a much more positive vibe with two large expo halls, track sessions in a different centre and keynotes from the industry's finest names, Government and celebrities. I arrived on Saturday 18th and attended BSIdes...

This year will see the introduction of free HTTPS certificates from the Electronic Frontier Foundation (EFF) as part of its drive to get everyone around the world wide web taking up the “HTTPS Everywhere” mantra. Research released at the start of this year by GlobalSign of 6,000 consumers found that 96 per cent of website visitors would not continue with a purchase if they saw an invalid SSL certificate, while 75 per cent would close...

The film Citizen Four, which tells the tale of NSA whistle-blower Edward Snowden from his initial contact with journalist Glenn Greenwald up to his exile in Russia, won an Oscar last month and according to the CEO of F-Secure Christian Frederikson, when he saw it he said he was “not surprised” as he “thought it was mind blowing”. Speaking on a panel this week in London in conjunction with the 44CON Cyber Security conference, Frederikson...

Tesla Motors’ website was “hacked” on Saturday as well as its official Twitter account. The teslamotors.com website was redirected to a server hosted in Amsterdam and within a few minutes, the account began sending tweets promising free Tesla cars. Later that same day it was revealed that Tesla founder Elon Musk’s Twitter account was compromised. According to Dave Smith at Business Insider “though the parties claiming responsibility offer up different names, it appears to be...

IBM recently issued a security bulletin for a newly discovered security vulnerability - a weak cryptography algorithm in the SSL/TLS protocol stack--that could allow hackers to steal data. That vulnerability was discovered by Itsik Mantin, director security research at Imperva. The Bar Mitzvah attack uses "a 13-year-old vulnerability of RC4 that is based on huge classes of RC4 weak keys." Mantin demonstrates how the vulnerability "can be used to mount several partial plaintext recovery attacks on SSL-protected...

A term I have heard a lot about both this week at RSA Conference and in the past few months is that of DevOps, particularly related to security. What is DevOps? According to wikipedia, DevOps is a software development method that stresses communication, collaboration (information sharing and web service usage), integration, automation and measurement of cooperation between software developers and other IT professionals. Emphasis is on the interdependence of software development, quality assurance and IT operations, with...