It’s no secret that the proposed EU General Data Protection Regulation is technology-agnostic. It demands that companies implement proportionate, cost-effective controls to protect the personal data of EU residents, as well as enabling data subjects to exercise their rights over their own personal data. The only technology areas specifically mentioned in the regulation, currently, are pseudonymization and data encryption.more →
As a general rule, I would generally avoid commenting on high profile cyberattacks. Criminals often get as much out of notoriety as they do stealing money from others. However the impact of the WanaCryptOR (aka WannaCry et al) ransomware on the National Health Services (NHS) can not pass without comment.more →
There’s something magical about remote control.
The world I grew up in involved getting up and crossing the room to select from one of three channels of TV – or turning the box off. Today, remote controls festoon every surface of my living room and the idea of getting up to operate a device is as anachronistic as using the word “box” to describe a television.more →
Turning to predictions concerning the technical side of DDoS attacks in 2017, there is near unanimity over the escalating threat from insecure Internet of Things (IoT) devices. As we found at the tail end of 2016, large scale DDoS attacks are being facilitated by IoT botnets running the Mirai malware system (for example, the 21st October Dyn attack).more →
What does the forthcoming year hold for Distributed Denial of Service (DDoS)?
Whilst we don’t possess a crystal ball at activereach® we do pride ourselves on keeping up with the latest thinking and, of course, we are in daily touch with our customers who are at the sharp end of this malicious form of cyberattack.more →
I have seen it so many times before. DDoS (Distributed Denial of Service) tests are being commissioned simply to fulfil a “tick-box approach” to network security. Once purchased, those concerned move on to the next project. This is fine for most IT project deployments, but when it comes to maintaining effective DDoS mitigation, it is a different matter.more →
Volumetric DDoS attacks are similar in nature to floods to my mind. I regularly term the systems put in place to deal with volumetric DDoS attacks as “flood defences”, to differentiate them from systems used to defeat more sophisticated application-based DDoS attacks. Dealing with floods is often a raw numbers game.more →
Bruce Schneier is a name I have associated with Internet security since the mid-1990s. He is famous for his books on cryptography and security theory in general. In the circles I find myself moving in, he’s a celebrity name and his thoughts and opinions carry weight.
On 13th September 2016, an informal blog article appeared written by Schneier, which was dramatically entitled “Someone Is Learning How to Take Down the Internet.” The thrust of the article seems to be that over the past year or two, owners of infrastructure, critical to the functioning of the public global Internet (such as DNS, and elements of IP addressing and BGP routing), have seen an increase in a certain type of DDoS attack.more →