Monday, October 27, 2014
Houston based security-as-a-service cloud provider Alert Logic has opened its new Security Operations Centre (SOC) in Cardiff after securing £1.15 million in funding from the Welsh government and having the support of a talented pool of exceptional local graduates.
My trip was centred in Cardiff, best known to sci-fi geeks the world over as home to Doctor Who. The BBC has been filming there since the series returned to television in 2005, and the city is also where you can find the Doctor Who Experience exhibition until at least 2017. However, Cardiff is the Welsh capital and also sits at the lively beating heart of an IT Security hub in South Wales. The Welsh Government have made it very clear that the intention is to attract security start-ups and established players alike as part of a broader technology business strategy in the country. This aim can be extended beyond the entrepreneurial basics though; there's a will here to make South Wales one of the most secure places in the world to do business, through the building of cyber security skills and resources.
Sunday, October 26, 2014
I'm starting to get more than a tad fed up with headlines proclaiming that a high profile service has been hacked, and the copy writers then rushing to the conclusion that users would be better off jumping ship. The latest victim of this knee-jerk-style reporting was Dropbox after it was accused, and largely found guilty without any hint of a fair trial, of allowing hackers to make off with nearly 7 million user logins.
Monday, October 20, 2014
Sunday, October 19, 2014
So, Microsoft and iSIGHT uncovered another 0-day vulnerability; this time impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. iSIGHT has detailed in the wild exploits of the vulnerability, and points the finger of suspicion at state-sponsored Russian interests. The Dallas-based cybersecurity outfit explained that the exploit (dubbed Sandworm) showed visibility targeting Ukranian government organisations, Polish energy businesses and US academic organisations as well as NATO itself, and warned that there is an obvious potential for much broader targeting from the same and new threat actors.
Friday, October 17, 2014
The web, as we know it today, relies heavily on content management systems (CMS) to operate. It's a CMS that allows a blog, news publication or shopping site to be managed centrally, collaboratively and consistently, which is why it's such a shame that CMS systems suck elephants through a straw when it comes to security. Actually, let me qualify that statement: CMS plugins suck.
Sunday, October 12, 2014
At the start of the year, DaniWeb reported how Snapchat, the self-destruct photo messaging service, had been hacked and information regarding 4.5 million users had been stolen. Fast forward to now, and Snapchat is again in the mire: nude images have started to appear on 4chan which have been stolen from Snapchat accounts.
Thursday, October 09, 2014
Sunday, October 05, 2014
As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has warned that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the security door wide open for hackers to walk through. Kolochenko refers to the threat posed by old plugins, passwords and extensions as being the 'Achilles heel of popular CMS' and for good reason. High-Tech Bridge regularly tests popular CMSs via the ImmuniWeb online penetration testing service and equally regularly, sadly, discovers vulnerabilities therein. It follows a strategy of responsible disclosure, which I'm all in favour of, whereby any vulnerabilities are reported to the vendor with immediate effect but no public disclosure (other than a broad statement without exploitable details) is made for three weeks. This gives the vendor ample time to do something about it, and should encourage those who are a bit slow off the mark to focus attention on a fix. All without alerting the bad guys as to how to create code to exploit the hole.
The news that JPMorgan Chase & Co, which is the largest of the US banks with a reach that extends to half of all American households, has been breached will surprise nobody. At least not in the sense that this is old news, with a disclosure of the event happening in August. The actual breach was discovered by the bank back in July, and is thought to have been active for at least a month prior to that. What is surprising, however, is that a financial organisation of such a size and reputation should fall victim to such a breach in the first place. One highly placed individual in the IT security business told me over a pint that "if it can happen to JP Morgan then, frankly, it can happen to anyone" and that wasn't just the drink talking. Also surprising was the claim that a million accounts had been compromised during the breach, a claim made during the initial disclosure. Just before the weekend the surprise level went off the scale as the New York-based bank revealed, via a regulatory filing, that the actual numbers were a little higher. How much higher? How does 76 million households and 7 million small businesses higher strike you? Of course, this can be played down by comparing it to other mega-breach statistics: the Target attack last year hit 110 million accounts, and the more recent eBay hack 145 million. That doesn't make the JP Morgan numbers any the less striking though, this is a bank we are talking about after all and bloody great big one at that. Let's not forget that JP Morgan is that largest bank in the USA by measure of assets. It insists that no financial information has been compromised, and further that there has been no breach of login data. Email addresses, names, addresses, phone numbers have all been accessed though. To be honest, this is a case where it is less worrying what information has been breached than the fact that the breach happened in the first place.