Archive for March, 2012

Infosecurity Magazine news stories for 22-28 March 2012

March 29, 2012 Leave a comment

My news stories on Infosecurity Magazine from Thursday 22 March until Wednesday 28 March…

Digital Crime: Fourth great era of organized crime
Organized digital crime is growing – but we still know little about the structure of organized digital crime groups. A new report from BAE Detica Systems and the John Grieve Centre for Policing and Security at London Metropolitan University seeks to change this.
28 March 2012

2600 to broadcast interview with Richard O’Dwyer’s mother
2600 is one of the world’s longest running ‘hacker’ publications. Richard O’Dwyer is a UK citizen likely to be deported to the US for operating the website and providing links to ‘copyright infringing’ material.
28 March 2012

Legislation to enforce Google filtering proposed by MPs’ committee
Parliament’s Joint Committee on Privacy and Injunctions has reported: “This could involve giving Ofcom or another body overall statutory responsibility for press regulation.”
28 March 2012

PwC report highlights senior management complacency about security
Financial services are, not surprisingly, increasingly subject to economic cybercrime. According to a report from PwC, cybercrime is now second only to asset misappropriation as the most popular way of defrauding an organization in the financial services (FS) sector.
27 March 2012

Security concerns delay deployment of NGDCs
A survey from Crossbeam Systems shows that 94% of IT personnel identify network security as the main cause for stalled next generation data center (NGDC) deployments.
27 March 2012

The new Oxford Cyber Security Centre
Final proof of the extent to which information security has become embedded within society comes from Oxford university, Home of the Humanities. The university has announced a new Oxford Cyber Security Centre.
27 March 2012

Strong showing for the Pirate Party in German elections
Saarland is the smallest (apart from the city-states) of 16 states within Germany, with a population of just over 1 million inhabitants. Politically it is generally considered to be a conservative area.
26 March 2012

Anonymous launches Operation Imperva
Anonymous has declared a new target: Imperva Inc, a security firm, is now the subject of Operation Imperva.
26 March 2012

Microsoft takes control of 800 domains associated with Zeus botnets
In a major action against the banking trojan Zeus, Microsoft with FS-ISAC and NACHA and research from Kyrus Tech and F-Secure have succeeded in disrupting a number of the most harmful Zeus botnets in “in an unprecedented, proactive cross-industry action.”
26 March 2012

Europe’s first information risk maturity index developed
PwC and Iron Mountain have joined together to develop a risk maturity index for European SMEs; and finds them generally lacking.
23 March 2012

Firefox will use HTTPS by default
Encrypted searching should become available by default for all Firefox users within a few months – a big win for privacy.
23 March 2012

Indian call centers sell UK financial data and DVLA gives access to Indian workers
On the same day that the Sunday Times reported Indian workers offering UK finance details for sale at as little as 0.02p, the Observer reported that IBM contractors in India will have access to the data of 43 million UK drivers held by the DVLA.
23 March 2012

Privacy: the great EU/US debate
The two great western trading blocs are taking personal privacy very seriously. In January the EU published a draft proposal for a new Data Protection Regulation, and in February the White House released its privacy blueprint, including the Consumer Privacy Bill of Rights.
22 March 2012

Almost half of UK educational establishments have had mobile devices stolen
A new survey from LapSafe Products has revealed that that 45% of education establishments have had mobile devices – such as laptops, netbooks, MP3 players, tablets and gaming devices – stolen between 2009 and 2011.
22 March 2012

Dame Fiona Caldicott to review patient data confidentiality
The people currently responsible for protecting the confidentiality of patient information in the UK are known as the Caldicott Guardians, so named after Dame Fiona Caldicott. Dame Fiona will now lead a new independent review into patient privacy.
22 March 2012

Categories: All, Security News

Further example of dumbing down

March 29, 2012 Leave a comment

The life of the journalist would be much harder were it not for the PR companies providing a conduit between journo and vendor. But journalists live by words – and their aesthetic and accurate use is important. It hurts when the PR, who earns much more than the journo, cocks up. It gets personal. It’s an insult.

Here’s the aesthetic insult:

…went on to say that the informative morning starts off what promises to be a must-see array of informative and thought-provoking series of sessions… covering a variety of informative and topical subjects.

Here’s the accuracy insult:

…including how to align an organisation’s business and IT strategy, focusing on the security GRC (government, risk and compliance) balancing act that most IT departments must now solve.

Frankly, I am offended.

Categories: All, General Rants

Government is getting above itself – it should remember that it is our servant, not our master

March 28, 2012 Leave a comment

In one small paragraph that buggers belief, UK members of parliament show that they are divorced from the reality of public opinion and bereft of internet knowledge.

Google acknowledged that it was possible to develop the technology proactively to monitor websites for such material in order that the material does not appear in the results of searches. We find their objections in principle to developing such technology totally unconvincing. Google and other search engines should take steps to ensure that their websites are not used as vehicles to breach the law and should actively develop and use such technology. We recommend that if legislation is necessary to require them to do so it should be introduced.
Joint Committee on Privacy and Injunctions – First Report: The role of search engines

These people, the cross-party Joint Committee on Privacy and Injunctions, are actually suggesting that Google should be forced, by law, to “develop and use” censorship.

There have been riots in European streets over ACTA’s censorship. The US government has been forced (however temporarily) to backtrack over SOPA’s censorship. The anti-censorship Pirate Party has won parliamentary seats in Germany. So much for being interested in public-opinion. And as for the internet. Almost 20 years ago John Gilmore said “The Net interprets censorship as damage and routes around it.” We’ve had two decades of immune system development since then. If it routed around in 1993, it will shrug off in 2012. All that will happen is that otherwise innocent people will be forced to break or by-pass the law in a natural curiosity about the truth.

But such supreme arrogance from our political master raises two important questions about the nature of democracy in the free democratic West.

  • Do we elect people in order to delegate total responsibility to them, in order to say, ‘here you go, you make up my mind for me in future and just tell me what to do’; or do we elect people to enact what we wish them to enact?
  • Is the rule of law sacrosanct; that is, once these people pass a law, do we have to obey that law under all circumstances?

To the first I say categorically that my elected representative is there to represent me and my wishes. He or she is not there to represent the wishes of business, other governments or anything or person other than me. And I say think again about your current attitude towards internet censorship and copyright protection.

To the second question I say that it is the duty of all citizens to reject the rule of law when their conscience demands it. War criminals are probably not law breakers: they uphold the rule of law in their own lands. You cannot say that the rule of law is sacrosanct here but not sacrosanct there. The rule of law must always be ultimately subservient to the rule of conscience.

So, to all members of government: remember your role. You are there to serve us; you are not there to usurp us.

Categories: All, General Rants, Politics

The crisis of identity at Oxford

March 27, 2012 Leave a comment

Oxford has a new Cyber Security Centre. Dare I suggest, however, that it needs to go back to its roots before it tries something new?

“The Oxford Cyber Security Center is the new home to cutting-edge research designed to tackle the growing threats posed by cyber terrorism and cyber crime…” Cutting-edge research? Cliché! PR hyperbollocks. Almost a trope. Notice also, by the way, that the Centre has suddenly become American.

But it gets worse. “In addition to being a springboard for new research, is an umbrella for current research activity worth in excess of £5m, supported close involvement of over 12 permanent academic staff, and in excess of 25 research staff, 18 doctoral students.” That is a tragic coagulation of words – I hesitate to call it a sentence.

Actually, I think that an Oxford Cyber Security Centre is a good thing; and that the introduction of Oxford thinking into infosecurity will be a great benefit. But I am heartbroken to see that dumbing down has breached Oxford’s city walls.

Categories: All, General Rants

Infosecurity Magazine news stories for 21 March 2012

March 22, 2012 Leave a comment

My news stories on Infosecurity Magazine for Wednesday 21 March…

Two new botnets discovered by ESET and Kaspersky Lab
Kaspersky’s discovery is centered in Russia; ESET’s discovery is centered in Georgia. Both shed new light on the ingenuity and intention of cybercriminals.
21 March 2012

Russian wins Facebook Hacker Cup Again
Eight thousand initial entrants to Facebook’s second annual Hacker Cup from 150 countries were reduced to just 25 finalists from Russia, Germany, Poland, Ukraine, China, South Korea, Japan, Taiwan, and the United States.
21 March 2012

Indian company hacks GSM and usurps IMSI
At a security conference organized by Null in India, Matrix Shell claimed and demonstrated the ability to hack into GSM phones and manipulate the user’s International Mobile Subscriber Identity.
21 March 2012

Categories: All, Security News

From the sublime to the ridiculous – comments on the EU

March 21, 2012 Leave a comment

Rick Falkvinge, founder of the Swedish Pirate Party, has written the most sublime rant against the Swedish parliament: In Grand Deceivefest, Swedish Parliament Just Voted For Data Retention. I cannot do it justice and you must read it.

This has been one of the most filthy, deceptive political campaigns to introduce a massive Big Brother law I have ever seen. Its only parallel is when the general wiretapping was introduced in 2008, and I’m pissed off as all hell. There have been attempts at deception of every conceivable kind.

He then lists the deceptions, adding

Additionally, a Germany study concluded that the data retention had only helped on 0.002% of criminal cases. Yes, you read that right: zero point zero zero two per cent. In other words, hiring two new police officers is more effective for fighting crime than this abomination.

The worrying thing is that beneath this rant lies truth – a truth that is increasingly ignored by all of our governments.

That’s the sublime. The ridiculous is reported by TechDirt: German Gov’t Uses Anger Over Lack Of ACTA Transparency To Justify Further Lack Of Transparency. For example,

the European Commission tried to counter accusations that the [ACTA] negotiations were lacking in transparency by pointing out that the German government had a representative present during all the sessions (that’s transparency?). This was news to people, since the German government had somehow omitted to mention this fact.

So they tried to discover more, such as who was this representative, even going so far as to deliver a freedom of information request. The German government declined. Transparency? Ridiculous!

Categories: All, General Rants, Politics

Infosecurity Magazine news stories for 20 March 2012

March 21, 2012 Leave a comment

My news stories on Infosecurity Magazine for Tuesday 20 March…

New twist in social engineering rogue AV
Rogue anti-virus products continue to be a major source of malware. The trick for the criminal is in getting the victim to click the link; and GFI has spotted a new development.
20 March 2012

Cost of data breaches outstripping inflation
The average cost to UK business per record lost, according to the latest Symantec/Ponemon study, has increased from £47 in 2007 to £79 in 2011. Had it been inflation alone, it would have increased to just over £53.
20 March 2012

Infosec human factor solved only by education
Information security is among the most popular of all the training courses offered by SkillSoft, with ‘An introduction to Information Security’ second only to the ‘Fundamentals of Networking’ in the top 100 IT courses says the company.
20 March 2012

Categories: All, Security News