Wednesday, July 30, 2014
Security vendor Sophos published details of a 'trustworthy browser poll' last week, with a headline proclaiming Firefox "slams Chrome again" in the results. Indeed it did, with 48 per cent of the 3,400 participants trusting it most. This compared with 27 per cent for Chrome, eight per cent for Safari, 7.4 per cent for Internet Explorer and just five per cent for Opera. The remaining 4.6 per cent trusted browser clients such as Tor, Comodo Ice, Chromium and even Lynx, for those of you with a really long memory that stretches back as far as the text-only world wide web. This last percentage group of stragglers also included the client we should all trust the most: none.
Monday, July 28, 2014
Codebreaking computer Colossus is 70 this year - we look at the landmark models that followed that British innovation, from the Magnavox Odyssey to the IBM PC and beyond. This year marks the 70th birthday of Colossus, one of the most important machines in the history of IT. As well as being the world’s first “electronic” computer, it also played a pivotal role in helping to end World War II by deciphering coded German military messages. Colossus has achieved something of a cult status among computer nerds and historians alike, but could you name the world’s first laptop, tablet or games console? Or even the world’s first web server or the first computer with a mouse-driven graphical user interface?
Saturday, July 26, 2014
Let's take a look at what happened to Code Spaces as best we can tell and figure out from that how you can avoid being a cloud-based combination attack fatality; as specifics regarding the nature of the breach are still in very short supply.
Also known as Critroni, and CTB-Locker for what it's worth, the ransomware has been openly available (if you'll excuse the contradiction) on the underweb dark market for a few weeks now. However, this last week it has emerged in the wild being dropped by something called the Angler exploit kit. So why is this such a change in the ransomware attack methodology? Mainly, researchers are telling us, because it uses the anonymous Tor network in order to hide the command and control centers.
Thursday, July 24, 2014
Friday, July 18, 2014
Bugs are, and always have been, a fact of life for the software developer. However, if Microsoft researcher Andrew Begel has his way, they could be a thing of the past. Last month a paper entitled 'Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development' was published which Begel co-authored. This week, Begel spoke at the annual Microsoft Research Faculty Summit on the subject. Basically what Begel and his research colleagues are saying is that the existing work looking at dealing with programming errors tends to focus on the "post hoc identification of correlations between bug fixes and code" and this isn't working. Instead, his team suggests, a new approach is needed to address the very real and very costly problem of code bugs. The new approach in question being to try and "detect when software developers are experiencing difficulty while they work on their programming tasks" and then, of course, stop them before they can go on to introduce bugs into their code.
The term APT is often flagged by vendors as some kind of bogeyman problem to scare you into buying the solution. It reminds me, more often than not, of a salesmen shouting 'FIRE! FIRE!' through your letterbox before embarking on a sales pitch for fire extinguishers.
Thursday, July 17, 2014
A formal information security policy is not an optional item for your business; that's pretty much accepted as a given. Yet when your company migrates to the cloud, in any capacity from data storage through to application delivery, it's often mistakenly accepted that the existing policy will cover this new ground.
Sunday, July 13, 2014
According to research commissioned by security vendor Bit9 + Carbon Black, nearly half (49%) of the organisations questioned admitted they simply didn't know if their businesses had been compromised or not. This uncertainty regarding cyber-attack detection ability comes in stark contrast to the 32% who confirmed they had been attacked during the previous 12 months and the 64% expecting to be targeted in the next 12 months.