Opinions & Analysis

The term “Computer Emergency Response Team”, or CERT as it is better known, has been bandied around recently. Not only with the announcement of Chris Gibson as the head of the UK-CERT, which is expected to be fully functional in the New Year, but also after ENISA called on CERTs to work together and called them the “fire brigade” of security. Earlier this year, a BBC story said that each country would have to appoint...

All the talk of collaboration has led to some questioning whether the UK has the talent, skills and most importantly people who will be tasked with protecting our national assets. To quote my Dad: “If a job is worth doing, it is worth doing properly”, and to prove that point, CESG this week announcedthat those responsible for responding to and cleaning up some of the UK's most serious cyber attacks will be five private firms -...

After their companies dropped secure email products in the face of government intervention, security vendors Lavabit and Silent Circle have launched the Dark Mail Alliance. The companies said that the concept is to launch a secure back-end that will allow secure emails to be sent and received. The collective behind Dark Mail Alliance, said that its concept is not a “business venture, but a moral and technological journey”. Speaking to IT Security Guru, Mike Janke,...

The certificate authority (CA) industry may have had a bad year back in 2011 but, according to one of its survivors, 2013 finds it in a better place. Speaking to IT Security Guru, Henry Krumins, a senior director at GlobalSign, said that 2011 was a bad year for the industry, but said that “it defines who you are”. “It was a bad year for the certificate authority industry, but SSL is far from broken and...

The anticipated changes to the payment card industry data security standard (PCI DSS) was published today. Overall there is better clarification of the 12 steps of the standard as well as to remain current with attack vectors and to address the need for physical security of payment terminals and address requests for more stringent scoping and testing. Altogether there are 11 main changes to requirements 5 (use and regularly update anti-virus software on all systems commonly affected...

Pre-requisite requirements for hiring by Human Resources may cause the best people not being considered for jobs in security. Speaking to IT Security Guru, Cyber Security Challenge CEO Stephanie Daman said that there is often an issue where a company will have a hiring policy and if a person doesn’t fit with a qualifications minimum but has the right skill set, they may not be seen. “The problem is two-fold: there are people with the...

As well as backdoors being used by governments to monitor web traffic and user activity, they are put in by attackers of retrieving data. In a recent story, it was revealed that software which is used to manage equipment in power plants, military environments and ships contained an undocumented backdoor that could allow malicious hackers to access sensitive systems without authorisation. I spoke to Adrian Davis, principal research analyst at the Information Security Forum, who confirmed...

This week saw the announcement of the draft Data Protection Directive and among the significant changes was the wording from “right to be forgotten” to “right of erasure”. 1980s pop jokes aside, but perhaps the EU Parliament made this change to get a little respect from the EC Council who will now review it ahead of potentially passing it in April 2014. While the wording differences between forgotten and erasure are pretty significant, I asked the industry...

This week I had the pleasure of meeting Emulex who made a formal step into the security sector with the acquisition of Endace earlier this year. A company with a 30 year history in sectors such as fibre channels and Ethernet, the acquisition allowed it to add network visualisation technology to its product offering. Meeting Shaun Walsh, senior vice president of corporate marketing and corporate development at Emulex, he said that the company’s mantra of...

his week saw three of the major web companies issue patches just to make life especially easy for administrators. As well as Microsoft’s Patch Tuesday, which included eight security bulletins, three of which were rated as critical and addressed 19 distinct vulnerabilities, there were also patches from Adobe and Google. Possibly the most notable of the Microsoft patches was for the Internet Explorer zero-day, which implements a simple kill-bit setting that disables the affected ActiveX...