It’s the software, stupid

      No Comments on It’s the software, stupid

Apple’s solution to the Flashback trojan problem is an interesting one, even though I suspect it’s going to annoy some people. The firm has released three Java updates in rapid succession, none of which appear to fix the original flaw that made the Flashback trojan viable. But the third update did include a removal tool for known versions of the… Read more »

IT security? Never going to happen…

What will it take to make our information systems secure? The answer is simple: an alternative universe in which these systems aren’t designed and built by humans. Take a look around. What can you find that was made by a human and doesn’t contain flaws? Even in great works of art – a Rembrandt portrait or a Mahler symphony –… Read more »

Mac malware and missing the point

      No Comments on Mac malware and missing the point

And so, with Flashback, Mac users finally have a significant piece of malware to worry about. From the tech news sites, you’d think that the sky is falling for users of Apple’s OS X. And, as usual, they’ve completely missed a more significant point – about how malware is changing. I’ve seen one estimate that puts the number of Flashback… Read more »

LulzSec is dead, long live Anonymous

With law enforcement officials claiming that LulzSec has been decapitated, what does this mean for Anonymous? The web is awash with hydra metaphors, but the truth is that no-one can say exactly what the effects are likely to be. Not for a while, anyway. It’s always been clear that the number of Anonymous members with real hacking skills is a… Read more »

Sabu the snitch – as predicted six months ago

So, it turns out that the infamous ‘Sabu’, the somewhat cocky leader of LulzSec and one of the few members of Anonymous accredited with real hacking skills, has been an FBI informer for months. This is not news to someone who goes by the name ‘HuntJaeger’ on Twitter. Just over five months ago I witnessed a Twitter exchange between anonymouSabu… Read more »

Bad password advice

      No Comments on Bad password advice

In the December issue of Computer Fraud & Security, an article by Prof Steven Furnell – ‘Assessing password guidance and enforcement on leading websites‘ – presents some fascinating original research into the password practices of various leading websites – and also paints a somewhat worrying picture. In the article, Prof Furnell, of the University of Plymouth, follows up on earlier research looking… Read more »

Review: BackTrack 5 Wireless Penetration Testing

Vivek Ramachandran. Published by Packt Publishing (ISBN: 978-1-849515-58-0). Price: $49.99, 208pgs, paperback. It says something for the ubiquitious nature of wifi that this subject warrants a book to itself. Wireless networks are everywhere – some would argue they’re in too many places. And as we discuss in the article on pg.14 of this issue, the technologies that are supposed to… Read more »

Interview: Greg Hoglund – a fight-through capability

The recent RSA Europe conference in London was unusual. Some of the high-profile security firms exhibiting and presenting have also been victims of serious breaches this year. RSA, rather notoriously, had its SecurID product compromised by what it insists were state-sponsored hackers. Raytheon admitted to a couple of breaches. And also present at the conference, both in the exhibition hall… Read more »