Category Archives: Infosec

Contrarisk Security Podcast 0023: M2M and malware detection

» Listen or download now on the podcasts page » Machine-to-Machine (M2M) is a domain that includes industrial systems, telemetry, Scada and so on. And while Scada has increasingly become a focus of security concerns, this has tended to concentrate on the the control systems themselves, rather than the entire chain from sensor to control room. In this episode, we talk to… Read more »

ContraRisk Security Podcast 0022: Security visibility and protecting data

» Listen or download now on the podcasts page » This is the time of year when security vendors make lots of predictions about what the year ahead holds for information security. Most of the predictions are stunningly obvious and trivial, but one was intriguing. Corey Nachreiner, director of security strategy at WatchGuard, reckons 2014 will be the year of security visibility. But… Read more »

Down with the kids, and the CEO

      No Comments on Down with the kids, and the CEO

The pressure on CISOs is well-recognised – growing cyber threats, static IT budgets, staff who ignore the most basic advice (password 123456 anyone?) and board directors who still think it’s all just an IT problem. Yet on the other side of the scales, cyber security professional has to be one of the most coveted job titles around at present. First… Read more »

ContraRisk Security Podcast 20: Rogue insiders and cybercrime co-operation

» Listen or download now on the podcasts page » Cybercrime co-operation The International Cyber Security Protection Alliance (ICSPA) was formed to help help government and law enforcement agencies assist businesses in tackling cybercrime. Co-operation and information sharing are very much at the core of this kind of activity, so, at the recent ISSE conference in Brussels, Steve Mansfield-Devine asked John Lyons,… Read more »

ContraRisk Security Podcast 0019: The evolution of pen-testing

» Listen or download now on the podcast page » For some organisations, penetration testing is merely a compliance requirement that they hope will find the minimum of weaknesses. For others, it’s a key step is discovering where their weaknesses lay, so they can fix them. But is pen-testing too often an afterthought, taking place after systems have been developed and… Read more »

iPhone 5s fingerprint recognition – sounding the death knell for PINs?

At Tech Crunch Disrupt in San Francisco yesterday, Yahoo’s CEO Marissa Mayer confessed that she doesn’t use a passcode on her smartphone. Not everyone blamed her. Jeremiah Grossman, CTO and co-founder of WhiteHat Security says: “Perhaps she feels the personal slowdown is more costly than it would be if someone stole her phone and got whatever data was on it…. Read more »

Another nail in GSM’s security coffin?

One of the great things about communications hardware is the flexibility of the technology, which means that – as well as being highly flexible – with the right software and firmware code, the hardware’s capability can be significantly stretched. Leading European cellular communications researcher Karsten Nohl has proven this to be the case time and again in recent years by… Read more »

NSA, GCHQ and the erosion of trust

There’s been yet another revelation about Internet spying by US and UK intelligence agencies, thanks to the leaks by Edward Snowden, but this one has much larger implications for the information security community. According to a report published by The Guardian and New York Times newspapers, in conjunction with ProPublica, the NSA has succeeded in cracking the most common encryption… Read more »

Inching ahead in the cyber crime war

In the popular American Football movie ‘Any Given Sunday’, a near burnt-out coach played by Al Pacino somehow digs out an inspirational half-time speech in a crucial game that turns his team’s fortunes and his own life around. His theme is that, in sport and in life, the gap between success and failure is measured in inches and you have… Read more »

ContraRisk Security Podcast 0017: encrypted comms and BYOD

» Listen or download now on the podcasts page » Silent Circle offers secure voice and text communications using peer-to-peer encryption. Until recently, it also offered secure email, but shortly after we interviewed Jon Callas, the firm’s CTO and co-founder, Silent Circle followed the lead of another secure email provider, Lavabit, and shut down that service. This was a reaction to… Read more »