In Part 1 of this GDPR blog series, we looked at the PII threat landscape and the legal & financial consequences of technology failure. In Part 2, we highlighted the major provisions in the GDPR for technological measures to protect data. In Part 3, we examined some of the guiding principles to be considered in relation to the technological impact of the GDPR within an organization.more →
Vulnerabilities in modern computers leak passwords and sensitive data
Spectre and Meltdown are the names of theoretical attack techniques which exploit weaknesses in many modern microprocessor chips. The attacks seem to be extremely limited in scope – able only to allow an unauthorised programme to read data from parts of the computer memory that it ought not to have access to.more →
It’s no secret that the proposed EU General Data Protection Regulation is technology-agnostic. It demands that companies implement proportionate, cost-effective controls to protect the personal data of EU residents, as well as enabling data subjects to exercise their rights over their own personal data. The only technology areas specifically mentioned in the regulation, currently, are pseudonymization and data encryption.more →
As a general rule, I would generally avoid commenting on high profile cyberattacks. Criminals often get as much out of notoriety as they do stealing money from others. However the impact of the WanaCryptOR (aka WannaCry et al) ransomware on the National Health Services (NHS) can not pass without comment.more →
There’s something magical about remote control.
The world I grew up in involved getting up and crossing the room to select from one of three channels of TV – or turning the box off. Today, remote controls festoon every surface of my living room and the idea of getting up to operate a device is as anachronistic as using the word “box” to describe a television.more →
Volumetric DDoS attacks are similar in nature to floods to my mind. I regularly term the systems put in place to deal with volumetric DDoS attacks as “flood defences”, to differentiate them from systems used to defeat more sophisticated application-based DDoS attacks. Dealing with floods is often a raw numbers game.more →
Bruce Schneier is a name I have associated with Internet security since the mid-1990s. He is famous for his books on cryptography and security theory in general. In the circles I find myself moving in, he’s a celebrity name and his thoughts and opinions carry weight.
On 13th September 2016, an informal blog article appeared written by Schneier, which was dramatically entitled “Someone Is Learning How to Take Down the Internet.” The thrust of the article seems to be that over the past year or two, owners of infrastructure, critical to the functioning of the public global Internet (such as DNS, and elements of IP addressing and BGP routing), have seen an increase in a certain type of DDoS attack.more →
A recent report published by Check Point Threat Intelligence Team has revealed interesting information about the Cerber ransomware operation. Cerber makes money by infecting victims’ machines, encrypting their files, and then charging them money (starting at ~$600) to decrypt them.
Cerber is an example of cybercrime as a professional, if criminal, business.more →