Chinese data takeaway

Saturday, August 27th, 2011

Over the years I have written plenty about China in terms of censorship. I’ve also penned a fair amount relating to the Chinese role in government sponsored cyber-attacks against Western commercial and political targets, but much of that has been based on speculation (albeit well-informed) and suspicion. What has been missing was the proof of Chinese involvement in cyber-attacks. Until now.

It would appear that automated IP hacking does originate from China, and is sponsored by the Beijing government after all, if reports showing screenshots of an attack control console which appeared in a Chinese TV propaganda documentary are to be believed.

(more…)

Is your brand in danger of sex domain abuse?

Saturday, August 20th, 2011

Cyber squatting is, for the most part these days, old hat as far as threats to your business go. After all, any business that wants to protects itself from others associating themselves with its name through the simple process of buying a related domain name can follow any number of routes to protect the brand from harm. Be it applying trademark protection laws or just buying up all the associated Top Level Domain (TLD) names from the outset, the processes are in place to prevent such abuse. Indeed, the Uniform Domain Name Resolution Policy (UDRP) which has been developed by the Internet Corporation for Assigned Names and Numbers (ICANN) deals with such matters regularly. So why should cyber squatting, namejacking and domain related brand protection be high on the business to do list now in the middle of 2011? The answer is an explicit one; in fact it’s xxx-rated.

(more…)

Mapping the London riots with Google

Tuesday, August 9th, 2011

It’s all too easy to focus on the negative side of technology when looking at the devastation spreading across London as I write this. Everything from Facebook and Twitter through to the Blackberry instant messaging service have been blamed for helping the rioters to organise both the violent disorder and the looting which invariably seems to follow. However, technology can actually be helpful in times such as these. Facebook and Twitter have been reported as being used by police in working out where to deploy manpower by following postings which appear to be orchestrating events, for example. And, obviously live newsfeeds have been breaking the news of where riots are erupting before the 24 hour news channels get hold of the story.

(more…)

Calculating the true cost of cybercrime

Tuesday, August 2nd, 2011

How much does cybercrime actually cost the enterprise? It’s an interesting question, and one that’s hard to answer accurately as there are so many variables from business to business. That hasn’t stopped HP from trying to though. With the publication of new research compiled in association with the Ponemon Institute, HP has revealed (shock horror and oh my giddy aunt etc) that business is suffering significant financial hardship at the hands of the hackers. Well duh! With knobs on…

Seriously though, predictable as the overall conclusion of the Second Annual Cost of Cyber Crime Study is in suggesting that the average enterprise is taking a bottom line hit courtesy of the bad guys (be that through reputational damage or breach recovery costs) the research itself has thrown up some interesting information. How about the natty little statistic that there are now 72 successful cyber-attacks each week (based on a four week period of study), which works out to 1.4 per organisation polled for example. The average cost on an annual basis to business was calculated at a truly whopping £3.6 million ($5.9 million) or a rise of 56 percent on the figures from last year’s survey. The range covered to reach that median annualised figure was from £920,000 ($1.5 million) to £22.4 million ($36.5 million) per year per organisation.

(more…)

Are you spending more and securing less?

Thursday, July 28th, 2011

Ask most people working in the enterprise IT security sphere what they would wish for and the majority will jump down your throat in a mad rush to call for a bigger budget. My elderly mother continues to warn about be careful what you wish for, and I’ve never quite really understood what she means. I doubt very much, to be honest, that she had IT security budgets in mind at any time during the last 80 years but perhaps she should have done. New research would seem to confirm something that I have often thrown out there, and that is the simple fact that money is not the be all and end all of data security. There, I’ve said it. Sorry.

(more…)

Schizophrenic security syndrome

Monday, July 18th, 2011

I’ve just been reading the latest Secunia global vulnerability half year report and, to be honest, it’s doing my head in. Not because it’s boring or predictable, but rather as it seems to indicate a global epidemic of schizophrenic security syndrome.

Here’s the thing, the report itself is based upon data which is extracted from a vulnerability intelligence database that has information on thousands of software products and their vendors, and which is well respected within the security community as being an indicator of the state of software security when looking at the broadest global picture. Secunia’s ability to continuously track vulnerabilities across such a breadth of products puts it in a pretty unique position within the security reporting industry, which is why I tend to take their reports rather seriously. And why this one is leaving me with a huge headache this morning.

(more…)

Wi-Fi cracking nutjob demonstrates why WEP is pants

Wednesday, July 13th, 2011

I’m starting to get fed up telling people that WEP is about as secure as my garden shed, the one with no lock on it as the door doesn’t close properly. I never got around to fixing the shed as it’s only used by cats and fairies (it’s a long story) and I really don’t care if anyone were to break into the thing. You should care about your Wi-Fi connections though, and although I appreciate there’s a difference between the consumer end of the market and the enterprise end, you might be surprised how small that difference often is.

Indeed, I know of many SMEs who simply do not take Wi-Fi security seriously enough and adopt a very consumerist approach to it. One small business owner I know recently introduced free ‘guest’ Wi-Fi for his customers as a way of saying thanks for their trade, but didn’t think of the damage one rogue user could do to that trade as a result. Think I’m being paranoid? Think again matey boy, this is all too real a threat. IT Pro has been warning about the dangers of not taking Wi-Fi security seriously for ages. Especially when WEP can be cracked in seconds, yes it doesn’t even take minutes any more, using tools that can be downloaded easily enough online and allowing them to use the power of pretty much any decently specced PC these days. Take this example of just how easy, and just how dangerous, Wi-Fi can be without some serious security in-between your network and the bad guys.

(more…)

Children predict future of tech. My arse!

Wednesday, July 6th, 2011

It may well be stating the obvious but children are, it seems, the future of tech. What’s more, according to a new study called ‘Children’s Future Requests for Computers and the Internet‘ they also have an ability to predict the future shape of that tech.

The Latitude consultancy designed research, asked children from all over the planet to draw their answer to the question “what would you like your computer of the Internet to do in the future that it can’t do now” and the results were, frankly, not as amazing as some commentators are suggesting. It doesn’t take some spooky kid with glowing eyes and a brain the size of my arse to ‘predict’ that Internet tech should be more interactive, more human, more integrated with their lives and more empowering. In fact, I imagine it takes someone quite grown up to interpret kids drawings as predicting that.

(more…)

What do Google+ and Facebook have in common?

Monday, July 4th, 2011

Although many people are still having a bit of a giggle at Google trying, once more, to break into the social networking scene the headline to this piece is not a joke. Yes, I know it’s quite funny to see exactly how Google+ will manage to steal people away from their preferred social networking territory, be that Facebook or Twitter. Hmmm, scrap that and replace with ‘be that Facebook’ to be more accurate. Google has tried before and failed miserably of course, and things are not getting any easier as Facebook continues to get bigger and bigger.

The problem being that once you get active on a social network it’s extremely difficult to move away, for what I would like to think are pretty obvious reasons. Reasons such as the simple fact that your entire online social graph is contained within the boundaries of that place. People invest a fair amount of time and energy building a social graph on Facebook, no, stop laughing at the back again, they really do. Why dump it into the bin of life and start again on Google+ is a question that many will be asking, not only in the media but in the potential user pool as well.

(more…)

What do the experts really think about the cloud?

Wednesday, June 22nd, 2011

Ask a bunch of different ITSec experts if the cloud is a safe place to do business and you get a bunch of different answers. The truth is that there is just no overall consensus of opinion when it comes to data security in the cloud. Which is why I was interested to see that a panel of security experts had got together recently to discuss just this question in a round-robin debate held by hosting outfit UKFast. So what did they have to say?

Ian Moyse, and IT security expert with Webroot, thought that a number of media stories which seemed to suggest that recent data breaches and leaks were at least partly cloud related helped to blur the security issues surrounding cloud adoption. “In fact, in many of those cases, it wouldn’t make a difference if it was a cloud service provider or an on-premise system” Moyse insisted, adding “Issues arise in organisations without the right security processes not just in those with a cloud-based infrastructure.” The notion of the cloud being wrongly accused of being at the root of high profile data breaches was also touched upon by UKFast’s IT Director, Neil Lathwood, who said hacking inadequate security at the perimeter, gaining access to login credentials through illegitimate means or intercepting traffic in transit were the most common causes of data breaches. “These issues exist whether you run your own data centre or you’re in the cloud” Lathwood concluded.

(more…)