Posts

Showing posts from 2010

Wikileaks, student protests and 'hacktivism' .... ( or The lady doth protest too much, methinks. Or not?)

Are we seeing some kind of a shift in society?  I believe we are witnessing a new era of ‘activism’ – student /societal/ corporate. Students in the UK have taken to the streets in (sometimes) violent protests against the impending imposition of university tuition fees.  Governments are acting in unison against the ‘threat’ posed by Wikileaks.   But ‘hacktivists’ are rising up in protest against them and the corporations (Amazon/MasterCard/Visa ) that are doing their bidding. Consumers span of attention continue to fall as 30 second advertisements are cut down even shorter.  Our children engage in electronic media multi-tasking gaming / watching TV / surfing the web / texting / talking on the mobile and so on.  Their brains are being hardwired into a new mode of operation with boredom thresholds at an absolute minimum. So.  Are we all becoming hedonists – needing a short term fix ?   Have we lost the ability to plan ahead and see the con...

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple....

“ KNOCK KNOCK - WHO GOES THERE ?? “ ( or Why authentication matters ?)

“ Halt who goes there ?  “  The traditional challenge of a guard watching over the entrance to a castle / city / camp / fortress since time immemorial.   The visitor wishing to gain access,  be they friend or foe,  then had to engage in a process of convincing the guard of the validity of his credentials.  In other words - identification and authentication.    I sn’t it amazing how little things have changed?     Today these challenges happen all the time.  When you log on to you computer / to your corporate network / to your email account / to your online bank / to your social network site and so on,  you are required to identify yourself.    Have you considered just how many times you do this every day.   ?  Most of the time this happens seamlessly under the hood without you even be conscious of it happening.    When you log on to your email account – you don’t re-enter your password ever...

GET SAFE ONLINE OR HOW TO KEEP SAFE ON THE DARK SIDE …

Today marks the beginning of the Get Safe Online week   ( http://www.getsafeonline.org ) here in the UK.      Last month was Global Cyber Security month.   This celebration of the ‘evil’ Internet - is becoming a ghoulish fetish – an obsession with the dark side of the cyber world, this dangerous underworld populated by zombies and Zeus mutants.    During every breathing moment this new ‘world’ we have created – the Internet / Cyberspace / the Web – morphs and grows and its tentacles reach into every nook and cranny of our lives.    You would have to be a Buddhist monk in the remote mountains of Bhutan not to have been influenced by the spread of this techno organism and its cancerous viruses….    Or is this all scaremongering? How bad is it really?   Well first we have to acknowledge that it is a reality   – the Internet that is -   and everything that goes with it – both good and bad.     Th...

Assault on Authentication

  While doing some research as we head towards the end of ‘CyberSecurity Month’   I came across two very interesting developments.   The rather melodramatic – Assault on Authentication -   is one of the 8 top threats of 2010 as cited by the Information Security Media Group, Corp. (ISMG) in a recently published report called 10 Faces of Fraud   (   Old and New Schemes Target Banking Institutions and Their Customers   )   In addition in a very new development in a recent article ( http://www.theregister.co.uk/2010/09/27/zeus_mobile_malware/ ) David Barroso of S21sec highlights the vulnerability of mobiles to Zeus ( MITMO ) (Man-in-the-Mobile ) attacks.    The out of band password delivered via SMS in many 2FA solutions has now been found to be vulnerable to attack by the Zeus variant.   So while “ banking regulatory bodies have long called for mandatory two-factor authentication for all online banking sites”   .    “...

SPOOKS - CYBER ATTACK

Well I’ll be damned – if the subject of my last blog wasn’t the central theme to last nights episode of Spooks – CYBERWAR.    (To those who live outside the UK – Spooks is a very popular TV series about the goings on of a key team inside MI5 who spend their time thwarting terrorist attacks on the UK – while engaging in risqué amorous trysts on the side ).   And so last night we had the Russians and the Chinese –(working together !!) – ganging up on MI5 by infiltrating ( hacking ) their ‘secure’ internal network.     Whether the events portrayed were within the bounds of possibility or credibility who knows?     But if teenagers can break into the Pentagon – then I am sure that Russian/Chinese expert hackers can probably do something along the lines of infiltrating a UK Govt ‘Spooks’ departments network.      Either way it constituted an attack on British soil by foreign ‘combatants’ – which ( if it were true ) would have been...

THE SECURITY WEEK THAT WAS !

This week started with a bang with the UK Govt announcing that Cyber War was imminent ( http://www.bbc.co.uk/news/uk-11562969 )  – the ‘Enemy’ now has the capability to :   close down our power grids / transport networks / industry / ( read - critical infrastructure)   – with one flick of a mouse!   ‘They’ could insert Trojans into our infrastructure which could travel through our networks and attack the mainframes running our railways ( for example)  – bringing them to a grinding halt ……with the resulting disorder that ensues.    Just like the onset of winter – actually…… about now – when the falling Autumn leaves start to accumulate ' strategically'  on the railway lines – and when coupled with some strategically placed raindrops - can bring trains to a grinding halt.    Causing commuter chaos. ( We have seen those headlines before !)  So if its not the Unions ( and believe me they are just warming up ...

ONLINE BANKING STAYS IN THE DARK AGE

 A large ( big 4 )  UK bank recently sent its corporate customers a letter advising them of their  ‘new’ security solution.   Here is an extract from the letter : " Online banking fraud and identity theft is increasing across the UK - in 2009 fraud across all UK banks exceeded £59m.  Fraudsters are becoming ever more sophisticated in their efforts to obtain personal information and gain access to accounts.  We're committed to keeping your Internet Banking service safe, so we're introducing a more secure way to bank online using a card reader.  A card reader is a small handheld device which you will need every time you bank online.  We'll send one to every registered user within your business.   " Talk about being underwhelmed.  If I was a customer I would be seriously unhappy.   But most  customers probably will not.  That is because they (probably)  don’t realize that :  1)    THEY are g...

What the Analyst said ....Why LiveEnsure and SiteKey/SitePass are not the same.

  So there I was on the phone to an Analyst today explaining (at a fairly high level )   some of the basic features of LiveEnsure TM   when he says – “   ahh – I get it – this is identical to Bank of America’s SiteKey/Site Pass system .”    Not having the details of said banks system at my fingertips – I was unable to correct the Analyst on his incorrect conclusion with any hard science.    We were also running out of time,   it was a bad line and…all I could say was – it is not the same – there is much,   much more going on under the hood with LiveEnsure TM .     So why is BofA’s SiteKey TM / Site Pass TM authentication system NOT identical to LiveEnsure TM   ? ·                 Device ID.    Although both ostensibly have a ‘hardware device recognition’ component – the BofA solution relies upon the re-referencing of a cookie (dow...

One swallow does not a summer make

Experts from Gartner have said that the recent 'froth' of M&A activity in the security space does not constitute a 'trend'.   While 'one swallow does not a summer make'  I would contend that this is in fact a trend and that it set to hold for at least another year.   Why? Well first of all the 'froth' was in fact more like a large set of Atlantic rollers breaking on the Cape coast!!!  Consider the number of deals that have taken place in the last 6 months ( see previous blog) crowned by the recent announcement by HP of its acquisition of Arcsight for $1.5bn. "   Hewlett-Packard  has agreed to buy high-end technology security company ArcSight for $1.5bn to profit from its customers’ increasing concerns about  protecting their data from hackers . The cash offer of $43.50 a share for Silicon Valley neighbour ArcSight was more than 50 per cent above where the company was trading before reports last month that it was courting buyers. It value...

SECURITY M&A GONE A BIT CRAZY ....

The tech sector and in particular the security sector within  has been extremely active during the past 6 months.  There have been numerous acquisitions that indicate an increased appetite for quality security assets.    Perhaps the most high profile of these was the recent acquisition of MacAfee by Inte l ( a $7.8bn transaction ) representing a premium of over 50% to the then prevailing market price.  A PE multiple of about 48 and 3.8 x Revenue. This was Intel’s largest ever acquisition. Symantec acquired Verisign’s Authentication business for $1.28bn - approximately 4 x revenues. (Second quarter revenues from this Unit was about $100m )  ( May ) ; CA has announced it will acquire Arcot systems for $200m in Q4 2010.  Arcot provides Identity Access Management and Authentication products  ( www.ca.com/www.arcot.com ) ;  VMWare has announced it will acquire Integrien and TriCipher .  (Sep)  HP has just announced it will acquire ...

SMB/E's underestimate the cost of cyber security breaches

I found this article at www.smallbusinesscomputing.com and I am repeating it here verbatim because I believe that it captures the essence of the challenges that lie ahead and the need for education and the provision of simple but effective authentication solutions.  What SMBs Don't Know About Security Can Hurt You April 23, 2010 Small and midsized businesses might be the lifeblood of the U.S. economy, but according to the latest Internet security survey from Panda Security, their generally lackadaisical efforts to protect consumer data is also making them a prime target for cyber thieves. More disturbing, particularly for customers swiping their credit cards or purchasing products and services online, the survey reveals that the vast majority of SMBs claim they don't know how to effectively prevent identity theft, lack the resources to install the technology that could thwart the majority of cyber attacks and, worse, seem to believe that it's really not their probl...

MOBILE INTERNET CYCLE DRIVING PRIVACY SECURITY SOLUTIONS

With over two billon Internet users and five billon mobile phone users these global networks bring people ever closer together. These technologies which include broadband (terrestrial) and 3G (wireless) allow for more and more data to be carried. We have entered the next Tech Cycle which is called the Mobile Internet. It was preceded by four tech cycles starting in the 1960’s with the Mainframe cycle. Approximately every decade thereafter we have had a new cycle; Mini-computers - 70’s; PC’s - 80’s and desktop Internet - 90’s. The Mobile Internet cycle triggered by the launch of the iPhone will see mobile internet access overtake fixed access by 2014. This will be driven by smart phone take up and 3G/4G rollout. We are already at the critical point of over 1bn 3G users. Other drivers are video ( YouTube); Social networking (Facebook) and VOIP. Much of this take up is occurring in emerging markets; there are 5 babies born every second - but there are 30 new mobile ph...

PERSONAL INFORMATION - ONLINE CODE OF PRACTICE

If you found my previous post somewhat disconcerting then have a look at this link which is the UK Information Commissioners Guide to the new legislation. " The code explains how the Data Protection Act applies to the collection and use of personal data online. It also provides good practice advice for organisations that do business online and are therefore subject to the DPA. " http://www.ico.gov.uk/ebook/ebook.htm and if you want more in depth information about the legislation itself then have a look at this video from Stewart Room. It makes it somewhat more accessible.

YOUR PRIVACY IN A VERY PUBLIC AND CONNECTED WORLD

So how do you value your privacy in the Facebook age ? Does it matter to you that the calls you make, the emails you send, your credit card transactions, the Internet sites you visit, the images of you travelling to work, your social networking posts are now stored at data centres in the Cloud and retrievable by myriad marketers, Government agencies and companies ? None of whom you ever entrusted with your information in the first place. Your digital footprint is a permanent record of your every move. Data is the pollution of the Information age. Everything we do generates data, and a secondary spin-off of Moores law is that every year it gets cheaper to store and process this data. So rather than sort through our e-mails and delete the ones we don’t need – we just keep them all – it is easier and cheaper to do so. The same thing happens with all of our data now. Most of ‘your’ data actually belongs to someone else. All of your G-mails, everything you ...