Posts

Showing posts from October, 2012

CYBER LESSONS FROM SANDY

Whether in the 'real' world or the Cyber world there are real threats and dangers and there are perceived threats and dangers.   Sandy has just taught us about the reality of the force of nature when an extreme event occurs.    Destruction has been wrought on an unprecedented scale.  While we know that physical harm can be effected through  cyber-terrorism/war such as Stuxnet – the reality is that the hype about Cyber war is just that – hype.   These events, like Sandy, are rare.   I contend that the sources of much of the scare-mongering  (about the ‘threat’ of Cyberwar )  are more often than not , entities/organizations/newspapers / journals that have a vested interest in the proliferation of FUD about the weakness of our Cyber defences.    Don’t get me wrong – I am just as concerned as the next guy about cyber security – all I am saying is – lets get some perspective on the matter.   The defences that were put up again...

NatWest mobile banking fail and why real innovation in security is needed

Not a good week for NatWest innovative banking services.  NatWest Get Cash fraud   ( Get Cash Pulled ) A combination of a simple phishing attack and a fundamentally insecure service led to many users of the Get Cash service ( a sub set of the NatWest mobile banking app – powered by Monitise) being defrauded of cash from their accounts.    The system allows users to get cash from an ATM by keying in a ‘secure cash code’ into the terminal.    The assumption is that once you have logged in to your app you are legit and so you ping the system for the code.   A user name and password level of security – that’s it!.   No better than 99% of all apps on the Net today.    Needless to say the service was shut down once the fraud started becoming rampant.    Does the drive for customer convenience completely outweigh basic security rules. ?   The problem with this kind of solution and others that rely on the presentation ...