Opinions & Analysis

Following the major Adobe breach in October, both Facebook and Evernote have sent notices to users warning about passwords.   In the case of Facebook, it asked those it identified to answer some security questions before granting them access, according to BBC News. Security blogger Brian Krebs reported that a Facebook spokesman said that it “actively look for situations where the accounts of people who use Facebook could be at risk—even if the threat is external...

When Time magazine announces its “person of the year” for 2013, it could do worse than to follow its two “objects” of 1982’s computer and 1988’s planet earth with the BitCoin.   With stories of hyperinflation to Silk Road, the internet-based currency, the humble BitCoin has had plenty of headlines in 2013 and in the past few days, this has not abated. For example, the Register reported that the soaring price of BitCoin has prompted...

The term “Computer Emergency Response Team”, or CERT as it is better known, has been bandied around recently. Not only with the announcement of Chris Gibson as the head of the UK-CERT, which is expected to be fully functional in the New Year, but also after ENISA called on CERTs to work together and called them the “fire brigade” of security. Earlier this year, a BBC story said that each country would have to appoint...

All the talk of collaboration has led to some questioning whether the UK has the talent, skills and most importantly people who will be tasked with protecting our national assets. To quote my Dad: “If a job is worth doing, it is worth doing properly”, and to prove that point, CESG this week announcedthat those responsible for responding to and cleaning up some of the UK's most serious cyber attacks will be five private firms -...

After their companies dropped secure email products in the face of government intervention, security vendors Lavabit and Silent Circle have launched the Dark Mail Alliance. The companies said that the concept is to launch a secure back-end that will allow secure emails to be sent and received. The collective behind Dark Mail Alliance, said that its concept is not a “business venture, but a moral and technological journey”. Speaking to IT Security Guru, Mike Janke,...

The certificate authority (CA) industry may have had a bad year back in 2011 but, according to one of its survivors, 2013 finds it in a better place. Speaking to IT Security Guru, Henry Krumins, a senior director at GlobalSign, said that 2011 was a bad year for the industry, but said that “it defines who you are”. “It was a bad year for the certificate authority industry, but SSL is far from broken and...

The anticipated changes to the payment card industry data security standard (PCI DSS) was published today. Overall there is better clarification of the 12 steps of the standard as well as to remain current with attack vectors and to address the need for physical security of payment terminals and address requests for more stringent scoping and testing. Altogether there are 11 main changes to requirements 5 (use and regularly update anti-virus software on all systems commonly affected...

Pre-requisite requirements for hiring by Human Resources may cause the best people not being considered for jobs in security. Speaking to IT Security Guru, Cyber Security Challenge CEO Stephanie Daman said that there is often an issue where a company will have a hiring policy and if a person doesn’t fit with a qualifications minimum but has the right skill set, they may not be seen. “The problem is two-fold: there are people with the...

As well as backdoors being used by governments to monitor web traffic and user activity, they are put in by attackers of retrieving data. In a recent story, it was revealed that software which is used to manage equipment in power plants, military environments and ships contained an undocumented backdoor that could allow malicious hackers to access sensitive systems without authorisation. I spoke to Adrian Davis, principal research analyst at the Information Security Forum, who confirmed...

This week saw the announcement of the draft Data Protection Directive and among the significant changes was the wording from “right to be forgotten” to “right of erasure”. 1980s pop jokes aside, but perhaps the EU Parliament made this change to get a little respect from the EC Council who will now review it ahead of potentially passing it in April 2014. While the wording differences between forgotten and erasure are pretty significant, I asked the industry...