Blog

GDPR – Is Data Encryption Really Necessary?

Max Pritchard

It’s no secret that the proposed EU General Data Protection Regulation is technology-agnostic. It demands that companies implement proportionate, cost-effective controls to protect the personal data of EU residents, as well as enabling data subjects to exercise their rights over their own personal data. The only technology areas specifically mentioned in the regulation, currently, are pseudonymization and data encryption.

more →

Blog

Making A DDoS Hacker – Games, Cheats, Booters And Remote Control

Max Pritchard

 

There’s something magical about remote control.

The world I grew up in involved getting up and crossing the room to select from one of three channels of TV – or turning the box off. Today, remote controls festoon every surface of my living room and the idea of getting up to operate a device is as anachronistic as using the word “box” to describe a television.

more →

Blog

Someone is learning how to take down the Internet

Max Pritchard

Bruce Schneier is a name I have associated with Internet security since the mid-1990s. He is famous for his books on cryptography and security theory in general. In the circles I find myself moving in, he’s a celebrity name and his thoughts and opinions carry weight.

On 13th September 2016, an informal blog article appeared written by Schneier, which was dramatically entitled “Someone Is Learning How to Take Down the Internet.” The thrust of the article seems to be that over the past year or two, owners of infrastructure, critical to the functioning of the public global Internet (such as DNS, and elements of IP addressing and BGP routing), have seen an increase in a certain type of DDoS attack.

more →

Blog

The money trail behind ransomware-as-a-service (RaaS)

Max Pritchard

A recent report published by Check Point Threat Intelligence Team has revealed interesting information about the Cerber ransomware operation. Cerber makes money by infecting victims’ machines, encrypting their files, and then charging them money (starting at ~$600) to decrypt them.

Cerber is an example of cybercrime as a professional, if criminal, business.

more →

Blog

The CloudPiercer Problem: 70 percent of cloud-based DDoS mitigation systems can be bypassed by attackers

Max Pritchard

CloudPiercer: Is your cloud-protected website’s origin exposed?

In October 2015, an academic study paper relating to the CloudPiercer problem was released (“Maneuvering Around Clouds: Bypassing Cloud-based Security Providers”). This describes how sites that rely on cloud-based DDoS mitigation are often still vulnerable to attackers. The study suggests that 71.5% of 17,887 of the top domains (by traffic) protected by one of several leading cloud-based DDoS mitigation companies (DOSarrest, Incapsula, CloudFlare, Prolexic, and Sucuri Cloud Proxy) are exposed.

more →