Opinions & Analysis

The Information Commissioner’s Office (ICO) has fined the British Pregnancy Advice Service (BPAS) £200,000 after almost 10,000 personal records were compromised. In 2012, the BPAS suffered an attack by a pro-life hacker who was opposed to the company’s abortion advice. According to the ICO undertaking, the attacker exploited a vulnerability in 2012 which revealed the 9,900 names, dates of birth, addresses and telephone numbers that had been collected via a “call back” feature. The BPAS,...

A story emerged last week which claimed that power companies were being refused insurance cover for cyber attacks.   Specifically because their defences were perceived to be weak, this also came about when underwriters at Lloyd's of London said that they had seen a “huge increase” in demand for cover from energy firms.   According to the BBC story, any company that applies for cover has to let underwriters and third parties look over their...

Several statistics gathering engines on the web reveal an interesting picture. Content management systems (CMS) have become far more popular in the last couple of years. A trend graph over at builtwith.com shows that over 20% of the top 10,000 websites rely on CMS. And it’s fair to assume that the number is higher for companies that use a CMS as a middleware between their content and their front end website. But like all software,...

Here we are on day two of RSA and the news has been rolling in. We have rounded up a selection of announcements for the IT Security Guru. Check Point has introduced Software-defined Protection (SDP), a three-layer security architecture that protects against new and emerging threats through a design that is modular, agile and secure. SDP converts threat intelligence into immediate protections and is managed by a modular and open management structure. There are a...

After US retailer Target was the victim of a massive breach at the start of this year, UK retailers would not have been breathing a sigh of relief at the news in case the same thing befalls them.   As it turns out, one of the UK’s premier retailers has suffered a data breach with 2,239 loyalty card holders’ details published. Being in the headlines of the security press is nothing new for Tesco, after...

Water Water Everywhere, and not a Byte to Eat Professor John Walker, BCS Some years ago, we as a young family were unfortunate enough to suffer flooding on no less than two occasions, and until it has happened to you, you really can’t appreciate the suffering, devastation, and mental anguish caused by seeing your home, belongings, and lifestyle trashed by the uninvited incursion of water. However, that is just the start of it, with the...

Last week saw Vince Cable deliver a speech where he highlighted the risks against critical national infrastructure (CNI) by cyber attacks. To those of us in the industry, this was not news. The Stuxnet virus of 2010 demonstrated to a high level how an online attack can destroy a physical being, in that case an Iranian nuclear centrifuge which was designed to be overworked to a point that it was useless. Now that was a...

Since the news of the Target breach broke and it was revealed that there was malware on the point of sale (PoS) system, I have been increasingly interested not only in how the malware got there in the first place, but the story as it has rolled on. According to research from McAfee, Target was compromised via undisclosed methods in November and the attackers planted point-of-sale malware and intercepted approximately tens of millions of records...

There were no Friday night beers for Google last week as it battled with major outage of its Gmail email service.   According to Techcrunch, the outage affected users in Europe, the US, Canada and India, for around 50 minutes. It said that the error being seen by most users was a (500) code problem, indicating that it was a temporary problem.   Google called it a “disruption” in its Gmail service, according to the...

In a recent conversation, I asked a company spokesperson if open source could ever be secure as so many people are able to change the code.   This led me to ask those companies both involved in open source development and the wider industry, is there such a thing as secure open source? Mike Janke, CEO of Silent Circle said that the most important tool is to have your stuff reviewed around the world.  ...