Opinions & Analysis

As we have all begun to live our lives increasingly online, the importance of web security has grown. Passwords were once the best way to protect internet users but have now become only a small part in identity security as fraud and data theft continue to become daily occurrences. It may seem obvious, however, having your employees choose strong passwords is still of paramount importance and is the first step in online protection. When people...

The RSA Conference has grown significantly in size and stature in recent years, fueled by the news of seemingly endless security breaches and the real effects being felt by business leaders across the world. With such a laser-like focus on security issues, events such as RSA have become must-attend affairs for enterprises and public sector organisations alike. The constant wave of high-profile cyber-crime stories in the news and concerns that come along with BYOD have...

The dust has settled upon another RSA Conference and it was a pleasure to attend this industry's largest and best security event. After the debarcle in 2014 where a breakaway event allowed some speakers to withdraw from RSA Conference 2015 had a much more positive vibe with two large expo halls, track sessions in a different centre and keynotes from the industry's finest names, Government and celebrities. I arrived on Saturday 18th and attended BSIdes...

This year will see the introduction of free HTTPS certificates from the Electronic Frontier Foundation (EFF) as part of its drive to get everyone around the world wide web taking up the “HTTPS Everywhere” mantra. Research released at the start of this year by GlobalSign of 6,000 consumers found that 96 per cent of website visitors would not continue with a purchase if they saw an invalid SSL certificate, while 75 per cent would close...

The film Citizen Four, which tells the tale of NSA whistle-blower Edward Snowden from his initial contact with journalist Glenn Greenwald up to his exile in Russia, won an Oscar last month and according to the CEO of F-Secure Christian Frederikson, when he saw it he said he was “not surprised” as he “thought it was mind blowing”. Speaking on a panel this week in London in conjunction with the 44CON Cyber Security conference, Frederikson...

Tesla Motors’ website was “hacked” on Saturday as well as its official Twitter account. The teslamotors.com website was redirected to a server hosted in Amsterdam and within a few minutes, the account began sending tweets promising free Tesla cars. Later that same day it was revealed that Tesla founder Elon Musk’s Twitter account was compromised. According to Dave Smith at Business Insider “though the parties claiming responsibility offer up different names, it appears to be...

IBM recently issued a security bulletin for a newly discovered security vulnerability - a weak cryptography algorithm in the SSL/TLS protocol stack--that could allow hackers to steal data. That vulnerability was discovered by Itsik Mantin, director security research at Imperva. The Bar Mitzvah attack uses "a 13-year-old vulnerability of RC4 that is based on huge classes of RC4 weak keys." Mantin demonstrates how the vulnerability "can be used to mount several partial plaintext recovery attacks on SSL-protected...

A term I have heard a lot about both this week at RSA Conference and in the past few months is that of DevOps, particularly related to security. What is DevOps? According to wikipedia, DevOps is a software development method that stresses communication, collaboration (information sharing and web service usage), integration, automation and measurement of cooperation between software developers and other IT professionals. Emphasis is on the interdependence of software development, quality assurance and IT operations, with...

Is there more demand for forensic technology to be hosted on endpoints, as more breaches occur at the employee’s end?   Stuart Okin, VP EMEA at Cipher, told IT Security Guru that it commonly sees Guidance Software’s Encase solution deployed on every endpoint, as most businesses only wait until something bad occurs to do something about it.   “What we are seeing is a trend in this direction in the US which allows a remote...

This week saw the launch of the annual Verizon Data Breach Investigations Report (DBIR), and among its pages were details on poor defences, enabled attackers and mobile malware was the great research on time to detect.   In particular, 79,690 security incidents with 2,122 events of data loss were surveyed and showed that attackers are able to compromise a victim a matter of days, and while the time to discover has risen, it has not...