Posts

Showing posts from 2013

Printicy: 3D Printer Design Piracy

Image
The sun is rising on the exciting and limitless age of 3D printing. 3D printing technology is really starting to pick up the pace, the latest evolutions of the technology means 3D printers are not only becoming more affordable, but the objects 3D printers can produce are becoming more sophisticated, allowing for all manor of potential object capability and application. Anyone can have their  designs 3D printed through online services   already, and in the coming years we can expect to see 3D printers within many households. P erhaps as part of your weekly shopping visit to your local supermarket, you'll pick up your 3D printed objects from a supermarket 3D printer counter, just as you might do with photograph prints today. 3D Printers for the Home Exciting as the 3D printing is, I foresee the technology will be blighted with piracy problems, along the lines of what we saw with illegal music downloads pre music stores like Apple iTunes, and music streaming services...

Big Data Intelligence Driven Security at RSAC

Image
A constant theme from this year’s RSA Conference Europe, is the idea of security intelligence collaboration, namely the capture, sharing and data mining of “Big Data’, to detect and prevent security incidents and attacks, but will it ever take off? The concept of gathering and using big data is nothing new, from Google to your supermarket loyalty card; big data mining has been very successfully used commercially for at least a decade, not to mention the alleged big data mining said to be conducted by the NSA. This collaborative led intelligence approach has potential and I believe it could be effective if conceived and built smartly, however I fear the issue will be with the data sharing. Most of the existing big data models in use are covert, and organisations aren’t collaborating, so they do not share their big data analytics. This is a fairly obvious approach, as the whole idea of mining big data in their case is for commercial advantage and gain. So I imagine ...

RSA Conference: Anonymity is the Enemy of Privacy

Image
‘Anonymity is the Enemy of Privacy’ was a point stressed by Art Coviello, the Executive Chairman of RSA, in the opening keynote of the RSA Conference Europe 2013.   This point is controversial to say the least, especially to a European audience, with mainly Europeans still rocking in the wake of the massive NSA covert internet surveillance allegations against European leaders, and millions of EU citizens. Many privacy advocates hold a polar opposite view to Art, believing anonymity online is a fundamental ingredient for online privacy. Art's perspective also highlights the difference in attitudes towards privacy harboured between the United States and Europe. The European Union was built on its citizen rights, including the right to privacy, a right the EU wishes to see exercised online, whereas the US view tends to be 'privacy is dead', believing the right to online privacy has been given up and the privacy fight lost.

Identity Theft & How to Protect Yourself from ID Theft

Image
HotSpot Shield have created an Identity Theft InfoGraphic which I'm happy to share. InfoGraphic explains the malicious actors behind ID theft, some of the techniques they use and how to protect yourself.  

RSA Conference Europe 2013 Preview

The keynote speaker at this year's RSA Conference Europe  is certainly of interest. Sir Seb Coe was widely applauded as delivering an outstanding Olympic Games in London last year.  The security of the games was always a great concern from the day after it was announced London was to receive the games back in 2007, but it is the cyber security aspect of the games which interests me. The games were subjected to cyber threats, including a specific cyber threat aimed at taking down power supplies to the games stadiums, so it will be fascinating to learn more about the planning, preparation and the testing of the London 2012 cyber defence. I always recommend the RSA Europe Conference to fellow UK security professionals, especially those new to our busy and complex sector.  It’s a great event to learn about the emerging threats, defences and the latest security thinking, with plenty of quality sessions to choose from. The conference is also a great place to network with fe...

2000 to 2013: The Moving Sands of Information Security

Image
I am been in the information security game for a very long time, many of the fundamental security controls haven’t really changed a great deal, and continue to remain best practice, such as deploying anti-virus, patch management and decent firewall management, the business environment where these security controls are applied has radically shifted, especially over the course of the last decade.   So lets take a trip down memory lane back to the year the 2000, the world has just found out that the Y2K bug was a complete none starter, aside from making IT contractors a bob or two. Meanwhile the Internet is starting to find its way into mainstream business, even so secretaries were still being asked if they had any experience in using the Internet during job interviews. And if you had a job title with the word “Cyber” in it, people assumed you were some sort of a Dr.Who extra. Policies Starting with the cornerstone of all good information security management, the informatio...

Security by Staff Responsibility instead Enforced IT Controls

Image
Today IT security controls are enforced on the end user without prejudice, all for the purpose of migrating the human risk. These controls, especially endpoint security controls, are typically applied because it is best practice to do so, and not as a result of a risk assessment.  What if the application of technically enforced security controls was taken as an action of last resort? Can human responsibility be be just as affective as an enforced control? Can it be more advantageous in managing the same risk?   These our my thoughts. Lets take a English FA Premier League football match, there is a risk that spectators in the stands will invade the pitch, and impacting on the match and threatening safety  Yet spectators rarely invade football pitches at English matches, even though they aren't fenced in. A fence is an example of an enforced control meant to prevent fans from accessing the pitch.  My argument is the fans are self re...

iPhone 5S "Touch ID" Fingerprint Security

Image
Apple announced the new iPhone 5S today, the introduction of a new fingerprint recognition access system on the smartphone, called "Touch ID", grabs the security attention. Fingerprint reader is the main button Security of the Fingerprint Reader The fingerprint reader is not like the traditional readers you see on laptops, and is actually part of the main button on the phone. The reader is no security gimmick as it is not a outdated optical reader, which works by taking and comparing a picture of your fingerprint, it is a capacitance reader,which is a more advanced and secure technology. Capacitance readers uses an electrical current to map your fingerprint, measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, which makes it very difficult to defeat. I don't like to advocate the security of anything without inspecting, researching and testing a device myself, but I will say this reader has certainly been designed ...

Square Enix Final Fantasy XIV Accounts Security Warning

Last week I posted on  How to keep your Final Fantasy XIV Online Account Safe & Secure Today (9th Sept), Square Enix posted an urgent security warning concerning account security for the game. Confirming a "third party" was using account names and passwords, which they believe to have been obtained from security breaches of other companys' online services. Square Enix's advice mirrors my own, setup and use their one-time password system, or ensure your password is unique to your Square Enix account Since my post I have been asked...  Why would anyone be interested in hacking gaming accounts like FFIX? 1. For the Money. Rare in game items, which it can take many hours of gameplay and luck to obtain, can be sold off in game auction houses for a great deal of game currency. Players over the course of time built up lots of such items and lots of in game currency (gold/gill), these rewards for sometimes hundreds of hours of gameplay hav...

GCHQ Cracks SmartPhone Codes, Privacy Outrage or Lifesaver?

The Edward Snowden fallout continues with the steady trickle of classified revelations released by the media.   The latest appears to be confirmation of GCHQ ability to crack or bypassed the encryption on Blackberry and Android smartphones. This news isn't really that shocking given cracking encryption is a core part of what GCHQ has done for decades. It is also important to understand that nowhere does the released documentation say GCHQ have been breaking into everyone’s smartphones and harvesting our private data on mass, I doubt they’ll have resource and funding in the UK to do that. My assumption is breaking smartphone encryption is a necessary GCHQ tool for gathering information on specifically targeted bad guys, for example suspected and known terrorists.  Several terrorist plots have been foiled since the 7/7 atrocities, so what if GCHQ's ability to access encrypted smartphone electronic messaging and call information, had played a key par...

Bullrun & Edgehill: US NSA & UK GCHQ have broken Internet Encryption

I have always suspected this and now according to newly leaked documents  by Edward Snowden, the NSA and GCHQ are said to have defeated most of the online encryption used by internet users and the likes of Microsoft, Google, Yahoo and even banks. The usage of supercomputers, court orders and the good old application of pressure to internet service providers, are all said to be tools used to gain access to encrypted data by the government agencies. "In recent years there has been an aggressive effort, lead by NSA, to make major improvements in defeating network security and privacy involving multiple sources and methods, all of which are extremely sensitive and fragile" "NSA has introduced the BULLRUN CoI to protect our abilities to defeat the encryption used in network communication technologies" The US programme name is Bullrun, and is said to have a £150m annual budget, while the UK GCHQ counterpart is called Edgehill. These codewords come from battles in ea...

How to keep your Final Fantasy XIV Online Account Safe & Secure

Image
Final Fantasy XIV, is a new online multi-player role playing game (MMORPG) which was launched on the Sony PlayStation 3 and PC this week by Square Enix. Gaming accounts on such games are actively targeted by cyber thieves, as they look to profit from victims by selling off in game character equipment in exchange for real life money, and to even also harvest personal. Protection of the Square Enix user account by the gamer, is the key to the games security, and it is much the responsibility of the gamer, not Square Enix, to ensure it is kept secure, which will become clear in the rest of this post.   I f a bad guy gains access to this account, he will have achieved his objective, and can go on to steal. Many victims don't understand how their accounts were compromised by hackers, and consider the hackers to be super clever, and the gaming company to be at fault. However the attacks are old techniques and fairly simple, and in the vast majority of ca...