Opinions & Analysis

The Heartbleed flaw may be bugging every online company at the moment, but is it all bad?   In conversation with security manager Thom Langford, he said that users may become wise to phishing attacks, while Canon’s director of information security Quentyn Taylor said on Twitter that “the SSL issue is doing wonders for awareness” as it dominates national news headlines and makes users aware not only of password security, but also of open source...

We recently ran some articles based on interviews with the new board members of (ISC)2, where one of the discussion points was the redefinition of the role of chief information security officer (CISO).   In the first article, it was acknowledged by the new chair Wim Remes and new secretary Dave Lewis that there is a danger that the CISO could be out of touch, or unable to fit in the skills that sit at...

This week saw the internet, Twitterverse and my inbox explode as the full scale of the Heartbleed flaw come to light. It was on Tuesday morning when I first became aware of the issue and since then I have heard a mixed bag of thoughts on it, and had the chance to read varying stories that offer a combination of FUD, decent analysis and advice on changing passwords prematurely. In case you took the week...

Last week saw Yahoo implement encryption for data in motion between data centres as well as plans to offer a more secure user experience.   In the statement, Alex Stamos, chief information security officer at Yahoo said that Yahoo has now fully encrypted traffic moving between Yahoo data centres, as well as adding HTTPS encryption to all search enquiries “and most Yahoo properties”.   Stamos, who made the post marking only his fourth week in the job,...

As we talk more and more about the skills shortage, we look at how career paths need to be defined and how the security professional needs to be an evangelist. However is one of the problems that computer science university courses have not evolved to meet these needs? This isn’t intended as a dig at universities, but are they preparing students for a career in this industry? I talked with three noted university professors to...

This week it was announced that Microsoft was releasing its early versions of MS-DOS and Word for Windows in open source.   You may ask why, and some people I told this to did pull the same face. After all, Microsoft has given away anti-virus protection in the past, as well as a pretty good browser, but an entire operating system and word processing software?   It turns out that this was made available with...

Just when you thought you had done reading about NSA hacking stories, it seems that its efforts went overseas and hit one of the most talked about technology companies in the world.   Back in 2012, the White House cleared Huawei of any wrongdoing and said it did “not pose a cyber espionage threat to the United States”. The allegations stretched back to 2010, when a group of eight Republican senators warned the Obama administration to...

This year sees the second annual European security bloggers meet up and awards.   Held on the evening of the 30th April, during the week of Infosecurity Europe and BSides London, it made its debut last year and saw noted bloggers such as Javvad Malik, Sophos Naked Security and Thom Langford awarded. The nominations are now open for the 2014 awards and IT Security Guru asked organiser, and 2013 winner, Brian Honan about the awards....

With the turmoil in the region seemingly coming to an end, Russia has seen a number of attacks against it in recent days.   Last Friday, Finextra reported that the website of theBank of Russia was taken down, while Reutersreported that hackers knocked out the Russian presidency's website several times.   Combine those attacks with reported attacks againstNATO, which according to CNet were down to the hacktivist group “Cyber Berkut”, who hit NATO’s website, NATO's cyber defense center and the site for NATO's...

Attending a breakout session at last week's CSIT conference, the subject of liability cyber education came up.   Hosting the session were Dr Ulf Lindqvist from SRI International and Raj Samani from McAfee. The subject of liability was an interesting one among the dozen-strong roundtable, especially as it touched the case of whether banks should reimburse those users who show a blatant disregard for security.   Samani asked that if people don't care about security, why...