Opinions & Analysis

This week saw music streaming website Spotify announce that it had experienced unauthorised access to its systems and internal company data.   In the wake of the eBay breach, it said that there had been no compromise of user’s financial data, as a warning a portion of its 40 million users will need to re-enter, but not change, their login credentials while users of the Android app would be forced to upgrade.   Oskar Stål,...

In order to make the general public more aware of internet security, could the box in the corner be the answer?   Talking with Professor Alan Woodward, who has embarked on a series of educational ventures with Sophos and SANS Institute’s James Lyne and former Tomorrow’s World presenter Maggie Philbin, he said that the television is a missing part of the way to educate.   He said: “Where are the TV programmes? At best there...

This week saw the United States Government issue a charge against five Chinese Government agents, who it claimed were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA), aka the APT1 group.   The indictment alleges that three of the men hacked, or attempted to hack, into US entities, while two others managed the infrastructure. It was also alleged that the stolen information would benefit the Chinese Government and...

It seems the author of a report called “Jackpot! Money Laundering Through Online Gambling” has come out and said the findings of his study have been grossly misinterpreted by the anti-online and pro-online activist groups.   Raj Samani, chief technology officer of leading anti-virus firm McAfee and author of this report has said he felt like he had “kicked a hornets nest” with the amount of responses he has received over his report.   According to Samani,...

The continued use of default credentials, including passwords, was identified as a key security failing by the Information Commissioner’s Office (ICO) report this week.   Correlating with recent research by NCC Group, it seems that there is an expectation of things working out of the box so much that the security functions are not really considered. I put the question to some key industry spokespeople, and asked why people do not check the settings of such crucial things?...

The main news this week has been that the “right to be forgotten” ruling of the EU Data Protection Directive.  It was decreed that an internet search engine operator is responsible for the processing that it carries out of personal data which appears on web pages published by third parties.   The decision by the Court of Justice of the European Union said that if a search is made on the basis of a person’s...

Stop all the clocks, cut off the telephone, prevent the dog from barking with a juicy bone – this week once again the slow death of anti-virus was claimed again.   After Imperva declared it to be dead in 2012 in its own research, a new report emerged this week in the esteemed Wall Street Journal claiming that anti-virus was dead once again.   In an interview, Brian Dye, Symantec's senior vice president for information...

Today is “National Password Day” as the security industry and world continues the battle with the dogged authentication method.   Backed by companies including Microsoft, Intel and LastPass, the initiative follows on from stories where “hackers have leaked millions of passwords from sites like Facebook, Yahoo!, and Google”. The website offers basic advice on password security for consumers, but comes after the Heartbleed bug, which may have affected two-third of global websites and compromised millions of...

One of the key stories of 2014 and one that I anticipate to dominate conference schedules and presentation for months and possibly years to come, is the Target breach.   Thanks to the excellent work done, particularly by security journalist Brian Krebs, we now know how many records were breached, how the infiltration was done and how sophisticated the malware was.   Some time ago, a name of a vendor who Target used was mentioned to...

This week saw the release of the annual Verizon Data Breach Investigation Report (DBIR) and among its 80 pages of data from 50 contributing organisations were some genuine gems of insight.   In our story we focused on the major section around point of sale (POS) breaches, while in our Guru article with author Wade Baker, we looked at the bringing together of the data and its development over the past seven years.   Verizon found...