Posts

Showing posts from October, 2010

Assault on Authentication

  While doing some research as we head towards the end of ‘CyberSecurity Month’   I came across two very interesting developments.   The rather melodramatic – Assault on Authentication -   is one of the 8 top threats of 2010 as cited by the Information Security Media Group, Corp. (ISMG) in a recently published report called 10 Faces of Fraud   (   Old and New Schemes Target Banking Institutions and Their Customers   )   In addition in a very new development in a recent article ( http://www.theregister.co.uk/2010/09/27/zeus_mobile_malware/ ) David Barroso of S21sec highlights the vulnerability of mobiles to Zeus ( MITMO ) (Man-in-the-Mobile ) attacks.    The out of band password delivered via SMS in many 2FA solutions has now been found to be vulnerable to attack by the Zeus variant.   So while “ banking regulatory bodies have long called for mandatory two-factor authentication for all online banking sites”   .    “...

SPOOKS - CYBER ATTACK

Well I’ll be damned – if the subject of my last blog wasn’t the central theme to last nights episode of Spooks – CYBERWAR.    (To those who live outside the UK – Spooks is a very popular TV series about the goings on of a key team inside MI5 who spend their time thwarting terrorist attacks on the UK – while engaging in risqué amorous trysts on the side ).   And so last night we had the Russians and the Chinese –(working together !!) – ganging up on MI5 by infiltrating ( hacking ) their ‘secure’ internal network.     Whether the events portrayed were within the bounds of possibility or credibility who knows?     But if teenagers can break into the Pentagon – then I am sure that Russian/Chinese expert hackers can probably do something along the lines of infiltrating a UK Govt ‘Spooks’ departments network.      Either way it constituted an attack on British soil by foreign ‘combatants’ – which ( if it were true ) would have been...

THE SECURITY WEEK THAT WAS !

This week started with a bang with the UK Govt announcing that Cyber War was imminent ( http://www.bbc.co.uk/news/uk-11562969 )  – the ‘Enemy’ now has the capability to :   close down our power grids / transport networks / industry / ( read - critical infrastructure)   – with one flick of a mouse!   ‘They’ could insert Trojans into our infrastructure which could travel through our networks and attack the mainframes running our railways ( for example)  – bringing them to a grinding halt ……with the resulting disorder that ensues.    Just like the onset of winter – actually…… about now – when the falling Autumn leaves start to accumulate ' strategically'  on the railway lines – and when coupled with some strategically placed raindrops - can bring trains to a grinding halt.    Causing commuter chaos. ( We have seen those headlines before !)  So if its not the Unions ( and believe me they are just warming up ...

ONLINE BANKING STAYS IN THE DARK AGE

 A large ( big 4 )  UK bank recently sent its corporate customers a letter advising them of their  ‘new’ security solution.   Here is an extract from the letter : " Online banking fraud and identity theft is increasing across the UK - in 2009 fraud across all UK banks exceeded £59m.  Fraudsters are becoming ever more sophisticated in their efforts to obtain personal information and gain access to accounts.  We're committed to keeping your Internet Banking service safe, so we're introducing a more secure way to bank online using a card reader.  A card reader is a small handheld device which you will need every time you bank online.  We'll send one to every registered user within your business.   " Talk about being underwhelmed.  If I was a customer I would be seriously unhappy.   But most  customers probably will not.  That is because they (probably)  don’t realize that :  1)    THEY are g...