Posts

Showing posts from October, 2012

Social Media Witch Hunting

Image
Last Friday evening (19th October 2012), I was at home watching a football match between Leeds United and Sheffield Wednesday. You could feel the bitter rivalry between the teams through the tv, both on the pitch and with the crowd atmosphere, which in all honestly added to the entertainment as a neutral watching it, as football played with passion rarely fails not to entertain. Sheffield Wednesday had taken the lead just before the end of the first half, but with 12 minutes from the end of the game, Leeds equalised. Then several Leeds supporters spilled onto the pitch behind the Wednesday goal, then one Leeds fan ran around the goal and up to the Wednesday goalkeeper Chris Kirkland, the fan raised his hands and shoved the keeper in the face, knocking the keeper to the ground for several minutes. Outrage: Chris Kirkland Assaulted Live on TV This sort of incident is extremely rare in the English game, unlike other European countries, fans are "trusted" not to encourage ...

PCI SSC Community Meeting Dublin 2012 Review

Image
I attended the Payment Card Industry Security Standards Council (PCI SSC) Community Meeting in Dublin this week, in all honestly there isn't a lot happening with PCI SSC Standards at the moment, namely, PCI DSS, PA-DSS and PTS, and I will explain why. Firstly the PCI SSC and PCI DSS has been around for many years now, I was at the inaugural SSC community meeting in Toronto in 2007. Since then the PCI standard has only undergone a few fairly minor changes, don't be fooled with PCI SSC's version control process i.e. PCI DSS V1.21 to V2.0. We can certainly expect PCI DSS Version V3.0 next year. The actual changes since the original release of PCI DSS are minor, so in essence we have a mature and highly static data security best practice standard. Secondly, over the last 6 years PCI SSC has provided reams of guidance, FAQs and have improved how they communicate with those within the payment card industry trying to comply. Again this has matured,  there just aren't any...

RSA Conference Europe 2012 Review

Image
A conference is only as good as its speakers, specifically the speaker's subject matter expertise, presentation subject and presenting ability, in this the RSA Conference Europe succeeds where many others conferences fail miserably. The best InfoSec speakers do not regurgitate topics with arrogance, repeating empty messages to sell products and services. No, the best speakers converse with their fellow information security professionals at the same level, informing and exploring the latest and future issues that will matter to business. Speakers are not bound and gagged by their company sales and marketing reps, are free to share and open up new ideas, new thinking, new solutions, and so challenge thinking and generating discussion by security professionals and businesses influencers beyond the conference, which ultimately leads to improvements for society. Why? Because ultimately when businesses get information security wrong, it is everyone that ends up footing the impact, whethe...

UK InfoSec Review for September 2012

Glasgow City Council has lost 750 devices over the last five years according to an IT audit The Council incurred significant national and local media criticism following discovery of 56 unencrypted laptops and 487 desktop PCs, also thought to be unencrypted, are unaccounted for. These were also lost from an office in the City Chambers which contained about 17,000 bank details. A reported theft in May, which the Information Commissioner is aware of, led to the audit of all the council's IT hardware and revealed that almost 750 devices that are unaccounted for. Microsoft release emergency Security Patch for remote code execution flaw within Internet Explorer Microsoft released an emergency patch for the zero-day flaw in Internet Explorer on 21 st September 2012. IPad led BYOD leaves gaping holes in enterprise security Sophos warn many firms are leaving themselves open to attack based on the findings of Sophos' Warbike research. Quest Software iss...

UK Data Protection Review for September 2012

ICO fines Scottish Borders Council £250,000 after employee records found in supermarket car park over-filled recycle bin More than 600 files were deposited at the recycle bins, containing confidential information and, in a significant number of cases, salary and bank account details. The files were spotted by a member of the public who called police, prompting the recovery of 676 files. A further 172 files deposited on the same day but at a different paper recycling bank are thought to have been destroyed in the recycling process. Even though a third party caused the breach, the Council found responsible. Scottish Borders Council employed an outside company to digitise the records, but failed to seek appropriate guarantees on how the personal data would be kept secure. The Data Protection Act requires that, if you decide to use another organisation to process personal data for you, you remain legally r...