Unscrewing Security

Nominet: a website, by any other name, would be more secure?

Alec Muffett — Fri, 05 Oct 2012 13:59:53 GMT

So Nominet - the people who own, manage and monetise the top-level .uk DNS domain - propose to allow creation of domain names directly under the UK suffix (PDF). Thus instead of inflatable-widgets.co.uk you could instead own inflatable-widgets.uk, and it...

Why is nobody crowing about 'Critical National Infrastructure'?

Alec Muffett — Thu, 12 Jul 2012 10:45:29 GMT

Much cybersecurity planning is couched in terms of we must protect critical national infrastructure - but when a bank goofs a software upgrade and commits transactional suicide for a week (or more, see Ulster Bank) - and when an entire...

If it turns out that LinkedIn passwords have leaked...

Alec Muffett — Wed, 06 Jun 2012 11:31:26 GMT

Rumours are circulating on the net that a database of hashes of LinkedIn passwords has been published on a Russian hacker site. I cannot confirm this but if the article referred to above is correct then there is a risk...

Chinese Cyberwarriors in your Chips?

Alec Muffett — Mon, 28 May 2012 07:32:02 GMT

The security interwebs this morning are alive with reference to Sergei Skorobogatov's webpage at Cambridge, the key quote from which is: We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is...

Ask Alec: Security for Freelance Developers and SMEs

Alec Muffett — Tue, 22 May 2012 14:26:44 GMT

So in my mailbox a few weeks ago there arrived the following: Hi Alec I was wondering whether you'd mind doing me a small favour. It'd be great if you could punt out a quick top 5 / top 10...

Cybersecurity: Demand An Evidence-Based Approach

Alec Muffett — Tue, 08 May 2012 22:34:31 GMT

In the days before the SOPA blackout a popular meme infected the interwebs: Dear Congress: It's No Longer OK To Not Know How The Internet Works Directed at the US Government this article and its related discussion decried the...

Still Scrambling For Safety

Alec Muffett — Thu, 12 Apr 2012 20:33:51 GMT

Dateline: the late 1990s; in the USA and UK there is fear and debate over development of new technology which renders moot the "existing capability" of Government agencies to intercept internet communication - thereby risking intelligence (even that which cannot...

Surveillance? The Liberal Democrats aren't supporting it...

Alec Muffett — Fri, 23 Mar 2012 13:48:59 GMT

It's been a good few months for surveillance, its practitioners and its supply industry - barnstorming industry conferences, massive media coverage of technology and puff pieces on government projects stateside ... oh, wait, is this meant to be covert? Oops....

Learning about Cybersecurity from an Unnatural World

Mon, 13 Feb 2012 00:00:24 GMT

I was listening to the rerun of File On 4[1] this evening, and a chap from the FBI said something very sensible about Cybersecurity. Albeit the programme itself was nothing to do with cybersecurity and its tone was mildly hysterical...

Digital Darwinism: Perspectives for Industry and Government

Fri, 10 Feb 2012 13:35:32 GMT

A few days ago I spoke on a panel at PICTFOR - the Parliamentary ICT Forum - some writeups of which have been posted elsewhere; but a few days prior in preparation myself and some friends had the opportunity to...

The Google Dialogues: Search Neutrality

Thu, 19 Jan 2012 00:50:12 GMT

Sometimes I feel that the primary differences between Socratic Dialogues and Strawman Arguments are that: a) the former are apparently respectable, but the latter are fallacious, and... b) everyone since 399BC is not Socrates I too am not Socrates -...

Merry Christmas - it's another Twitter XSS bug!

Tue, 20 Dec 2011 14:31:02 GMT

Update: fixed now, less than 8 hours later. Isn't technology marvellous ? Recently Twitter bought TweetDeck, a provider of custom twitter-browsing clients which were popular amongst many Twitterati for dealing with bulk tweet-management. Twitter subsequently axed the main TweetDeck client,...

NetApp, Sophos join list of tech being used by Syrian state snoopers

Fri, 04 Nov 2011 12:02:53 GMT

If you're in any part of the security industry you will know the phrase dual-use technology; it's the umbrella term for any technology that can be used for both "good" and "evil" from the perspective of whomever is speaking at...

#LondonCyber: our very own Star Trek conference

Tue, 01 Nov 2011 01:39:45 GMT

So the FCO's London Conference on Cyberspace is here - and on Twitter - and you cannot have missed yesterday's press trailers: BBC Cyber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence...

Username: Google ; Password: 2bon2btitq

Fri, 21 Oct 2011 13:28:36 GMT

Google are (in partnership with Citizens Advice Bureau) running a campaign about how to stay safe online, and to this end adverts are appearing in London tube trains explaining how to create longer, more memorable passwords, using an example from...

Amazon, Google, the Platform and Security

Mon, 17 Oct 2011 07:36:12 GMT

A few days ago Steve Yegge posted a rant to his Google+ account with the intention that it would stay Google-internal. Oops. You can read the rant - now replicated all over the net, for instance YCombinator or mirrored back...

Jeremy Hunt requests Google become "Big Brother" on behalf of the British Government

Tue, 13 Sep 2011 10:45:12 GMT

Gadzooks! Here's the Telegraph article with my emphasis added: Jeremy Hunt, the Secretary of State for Culture, Media and Sport, is to tell Google and other search engines that they should play a greater role in the fight against online...

Rare OSX 1Password flaw exposes plaintext passwords, password history

Tue, 06 Sep 2011 14:10:23 GMT

Sunday afternoon I was writing a CWUK posting using my Snow Leopard Macbook Air - plus Chrome, Safari, all the other usual suspects, as well as 1Password, a password-keysafe product from AgileBits. It's not clear what happened next, but as...

Full-Disclosure, Unredacted WikiLeaks, Security and The Guardian

Sun, 04 Sep 2011 14:33:24 GMT

It's not often that one gets to call a Guardian piece all of illiberal, misconceived and self-serving, but it seems to be what happens when one or more of their writers are backed into a corner after doing something silly....

Riot

Alec Muffett — Tue, 09 Aug 2011 23:48:49 GMT

This evening at a barnstormingly good Reading Geek Night I was chatting with a somewhat older "ICT" chap and told him that I do security. We spoke of privacy, we spoke of secrecy, and the subsequent conversation went somewhat like...

Security Events To Watch: 44Con London Security Conference

Alec Muffett — Tue, 21 Jun 2011 07:59:18 GMT

I've long thought that the UK needed a real security conference; for years we've had the booth-bunny fest that is Infosec where you get to see anti-virus pitchmen working the crowd like the guy at my saturday market vegetable stall;...

An indictment of humanity's woeful security...

Alec Muffett — Fri, 17 Jun 2011 12:49:28 GMT

I read articles like this and I fume: Only hours after embarrassing the CIA by downing its website, hacking jokesters LulzSec have issued another self-declared indictment of the Internet's woeful security, leaking a database of 62,000 stolen passwords and user...

Apple malware is a foreign country...

Alec Muffett — Fri, 20 May 2011 11:06:29 GMT

Picture this: some monstrous creature out of a fairy tale arrives at your house, knocks at the door, is let in, and abducts your wife away to the circus. What do you do? Well, if you're PCWorld or some of...

Metricating (Cyber) Security

Alec Muffett — Fri, 13 May 2011 14:23:50 GMT

A forensics friend - Jon Care - pinged me on Instant Messenger last night: Him: Do you remember your "Corporate Security Index", inspired by Dilbert?Me: Rings a faint bell. Did I write it?Him: You wrote "8.6" on a bit of...

The War On Information Access

Alec Muffett — Mon, 09 May 2011 13:38:54 GMT

Information is only useful when it can be accessed at which point it becomes something entirely other - music, video, evidence, or even knowledge - and to do this there is a three-step process: You discover the information - by...