It’s no secret that the proposed EU General Data Protection Regulation is technology-agnostic. It demands that companies implement proportionate, cost-effective controls to protect the personal data of EU residents, as well as enabling data subjects to exercise their rights over their own personal data. The only technology areas specifically mentioned in the regulation, currently, are pseudonymization and data encryption.more →
As a general rule, I would generally avoid commenting on high profile cyberattacks. Criminals often get as much out of notoriety as they do stealing money from others. However the impact of the WanaCryptOR (aka WannaCry et al) ransomware on the National Health Services (NHS) can not pass without comment.more →
There’s something magical about remote control.
The world I grew up in involved getting up and crossing the room to select from one of three channels of TV – or turning the box off. Today, remote controls festoon every surface of my living room and the idea of getting up to operate a device is as anachronistic as using the word “box” to describe a television.more →
Volumetric DDoS attacks are similar in nature to floods to my mind. I regularly term the systems put in place to deal with volumetric DDoS attacks as “flood defences”, to differentiate them from systems used to defeat more sophisticated application-based DDoS attacks. Dealing with floods is often a raw numbers game.more →
Bruce Schneier is a name I have associated with Internet security since the mid-1990s. He is famous for his books on cryptography and security theory in general. In the circles I find myself moving in, he’s a celebrity name and his thoughts and opinions carry weight.
On 13th September 2016, an informal blog article appeared written by Schneier, which was dramatically entitled “Someone Is Learning How to Take Down the Internet.” The thrust of the article seems to be that over the past year or two, owners of infrastructure, critical to the functioning of the public global Internet (such as DNS, and elements of IP addressing and BGP routing), have seen an increase in a certain type of DDoS attack.more →
A recent report published by Check Point Threat Intelligence Team has revealed interesting information about the Cerber ransomware operation. Cerber makes money by infecting victims’ machines, encrypting their files, and then charging them money (starting at ~$600) to decrypt them.
Cerber is an example of cybercrime as a professional, if criminal, business.more →
It is human nature to make our jobs seem more exciting and dangerous. Office language is filled with vocabulary of conflict and warfare. If you’ve ever “kept your head down”, been on “the front line”, suffered “under the cosh”, peered “over the parapet”, or spent time “fire-fighting”, then you’ll recognise what I mean.more →
CloudPiercer: Is your cloud-protected website’s origin exposed?
In October 2015, an academic study paper relating to the CloudPiercer problem was released (“Maneuvering Around Clouds: Bypassing Cloud-based Security Providers”). This describes how sites that rely on cloud-based DDoS mitigation are often still vulnerable to attackers. The study suggests that 71.5% of 17,887 of the top domains (by traffic) protected by one of several leading cloud-based DDoS mitigation companies (DOSarrest, Incapsula, CloudFlare, Prolexic, and Sucuri Cloud Proxy) are exposed.more →