Another Brick from the Wall - Leadership thoughts

The world after user names and passwords

Jericho Forum — Tue, 19 Jul 2011 12:27:46 GMT

When the Jericho forum launched its Identity Commandments earlier this year, one of the key concepts discussed was entitlement. Currently for most organisations, access to information is done through a simple user name and password. Once entered, the user has...

I am not a number

Jericho Forum — Wed, 01 Jun 2011 11:11:38 GMT

Last week I wrote an introduction to the The Jericho Forum Identity Commandments. The last sentence talked about ‘core identity’ and privacy and we will explore these a little more. There is a lot of confusion around identity and what...

The future of online identity lies with the cloud

Jericho Forum — Mon, 16 May 2011 12:16:02 GMT

The new Jericho Forum identity commandments have been revealed this week - but what do they mean in practice? This is the start of a number of articles designed to explain them from a more practical standpoint. The Jericho Forum...

There goes another 25 million Sony customer records

Jericho Forum — Wed, 04 May 2011 08:36:07 GMT

Following on from last week’s Sony PlayStation Network revelations, the company has now admitted losing the details of another 25 million users, this time from the Sony Online Entertainment (SOE) network. While the data here is said to be outdated...

Does the ICO have false teeth?

Jericho Forum — Thu, 28 Apr 2011 16:14:32 GMT

It was with great fanfare that it was announced last year that the Information Commissioner’s Office (ICO) could impose fines of up to £500,000 ($830,000) for data breach events. One year on, how has it gone? Not so good. Fewer...

Data breach hacking comes back from the dead

Jericho Forum — Wed, 27 Apr 2011 13:28:38 GMT

The latest Verizon data breach investigations report showed that the number of incidents investigated quintupled, but the number of compromised records dramatically decreased. The good news is that there wasn’t a major incident, unlike previous years, in which millions of...

After the breach - how secure is RSA's SecurID?

Jericho Forum — Thu, 24 Mar 2011 10:48:14 GMT

The recent breach announced by RSA affecting their SecurID tokens raises stark questions on this authentication system. We have not been told many details so far, but let's look at what could be affected.Each type of RSA SecurID hardware token...

The Internet that never forgets

Jericho Forum — Fri, 18 Mar 2011 18:48:18 GMT

The EU has proposed legislation on websites being able to be asked to ‘forget’ user information and while this initially seems like a great idea for privacy there are a few issues which also need to be thought through. Let’s...

Datacentre defence starts at the front door

Jericho Forum — Wed, 02 Mar 2011 10:09:58 GMT

It doesn’t matter if you have invested in the cloud or not, computing applications require hardware to run on and a place to live. Nowadays, the general feeling is that datacentres are the best place for this to happen. But...

Is Intel's IPT chip security as good as it sounds?

Jericho Forum — Wed, 23 Feb 2011 12:02:34 GMT

Intel recently announced Identity Protection Technology (IPT), a capability to generate one-time passwords within a protected area in its latest Core family microprocessors. IPT is separate from the operating system and works using special digitally signed applets. Users can associate...

Is data falling into a 'digital pocket' or a black hole?

Jericho Forum — Fri, 18 Feb 2011 11:17:08 GMT

Adrian Seccombe posted recently about losing his files in a ‘digital pocket’ which struck a chord with me because I was just glad that someone else has the same problem as me; you know the information exists but you just...

When files get lost in my 'digital pocket'

Jericho Forum — Tue, 01 Feb 2011 13:05:23 GMT

Each of us know that sinking feeling we get as we ever more frantically search our pockets for a mislaid passport. The opportunity to experience this feeling is about to get worse with the advent of what I call ‘digital...

Facebook's flawed approach to privacy

Jericho Forum — Tue, 01 Feb 2011 12:07:13 GMT

Facebook is doing its privacy ‘tap dance’ again, but it seems that they still don't grasp the fundamental principle of ‘secure by default.’ The company has announced that it will temporarily disable the feature to share addresses and mobile phone...

Keep tabs on insiders with rule-based access

Jericho Forum — Mon, 31 Jan 2011 12:21:16 GMT

In his recent blog, Guy Bunker raises the question of the malicious insider, who misuses authorised access to data and applications. How do we detect and prevent such activity? A promising approach to tacking this issue comes in the form of...

The world goes phone-phreaking mad

Jericho Forum — Wed, 26 Jan 2011 12:05:10 GMT

Will the News of the World phone hacking scandal go away soon? And now there are other newspapers being accused of phone hacking as well. The short answer is probably not, at least not while it sells news.Phone hacking has...

The perils of cloud printing

Jericho Forum — Mon, 10 Jan 2011 15:11:27 GMT

There is a lot of hype about the latest application to make it into the cloud, namely printing. While it is true that printers have been tied to corporate networks, and in the past have been notoriously neglected by recent...

Mossad put a backdoor in my firewall (and other tales)

Jericho Forum — Fri, 24 Dec 2010 13:34:21 GMT

I was discussing security matters over a drink with a US Government official at the Black Hat conference in Las Vegas a few years back and the discussion went something like this:[Official] “We won’t allow [insert Israeli security company] firewalls...

The InfoSec Man Cometh

Jericho Forum — Fri, 24 Dec 2010 13:11:53 GMT

(After Flanders and Swann - music and score here) 'Twas on a Monday morning the firewall wasn't right -A distributed denial of service had given it a fright.It's OK for those Jericho guys, they threw firewalls away (1)And when DDoS...

Beware the 'rogue insider' at the top

Jericho Forum — Fri, 17 Dec 2010 13:59:35 GMT

The malicious insider is an employee who ‘goes rogue’.They have access to sensitive information and critical business applications as part of their day-to-day job and they can perpetrate their ‘crime’ without needing to steal passwords or hack systems. Traditionally the...

'Zero network trust' should mean exactly what it says

Jericho Forum — Wed, 10 Nov 2010 15:18:55 GMT

At the recent Forrester Security Conference in Boston I was pleased to see Forrester Analyst John Kindervag presenting on Optimizing Security Architectures And Technologies; No More Chewy Centers: The Zero-Trust Model Of Information Security. Even better, he went on to...

Standards, standards, everywhere...

Jericho Forum — Mon, 08 Nov 2010 16:14:22 GMT

Don’t you just love standards? Evidently everyone does, because they are all proposing their own thereby defeating the whole object of a standard.In the past few weeks we have seen the Open Data Centre Alliance come out with its defining...

'Firesheep' tells us that web security is broken

Jericho Forum — Fri, 29 Oct 2010 09:43:44 GMT

Eric Butler's Firesheep plugin has been causing a stir, as it makes it extremely simple to hijack other people's web account. Once you have installed the plug-in into Firefox, you can see the unprotected websites that other people access over...

Patches, patches, everywhere...

Jericho Forum — Wed, 13 Oct 2010 14:10:03 GMT

So Tuesday was a mega-patch day, we had both Microsoft and Oracle with their biggest ever patch offerings. The good news is they are at least they are sending out patches.The less positive news is how long it will take...

Mysteriously, Internet Explorer 6 hangs on

Jericho Forum — Wed, 29 Sep 2010 14:11:00 GMT

As recent market share figures tell us, many corporates are still using IE6 years after it stopped being current. Meanwhile, the oft-touted Microsoft browser killer, Firefox has about the same market share as IE6. It could be that Microsoft’s true...

Data security is not enough - we need provenance too

Jericho Forum — Wed, 29 Sep 2010 11:44:08 GMT

Another high-profile data loss story in a long line, this time a law firm that collected data on alleged file-sharing media and porn pirates which was then stolen for all to see. There are at least two issues here, the...