» Listen or download now on the podcasts page » Is the real threat to our security APTs or apathy? We all know that the software on our systems contains vulnerabilities and needs constant patching. And malware generally attacks well-known vulnerabilities that we have the ability to fix. So why isn’t it done? “If you can implement a good vulnerability management programme,… Read more »
With an 87% global market share, it’s no wonder that Android devices are attracting malware authors like circling vultures – much to Apple’s delight. There’s a kind of hackers’ arms race going on as they compete to plant nastier and nastier bugs on Android phones. The latest arrival is ransomware, which infects and encrypts your files then (sometimes) releases your… Read more »
In the popular American Football movie ‘Any Given Sunday’, a near burnt-out coach played by Al Pacino somehow digs out an inspirational half-time speech in a crucial game that turns his team’s fortunes and his own life around. His theme is that, in sport and in life, the gap between success and failure is measured in inches and you have… Read more »
So, it seems we have the first vulnerability for Google Glass, even before the product from your favourite Internet stalker hits the stores. Consultant Jay ‘saurik’ Freeman has described how he used a known exploit for Android Ice Cream Sandwich (4.0) to get root on Glass. This isn’t going to endear the platform to people who are already worried about… Read more »
The GhostShell hacktivist group has been at it again. It has dumped 1.6 million records – mainly database tables – which it claims it took from NASA, ESA, the FBI, Interpol, various defence and aerospace industry firms, the Credit Union National Association (CUNA) and others. You can read more details at The Register and Information Week. The data dump is accompanied… Read more »
Any password can be cracked, given enough time. All you’re doing when you choose a nice strong password – 20 characters, say, with upper- and lowercase, numerals and symbols – is slow down would-be attackers. Make it complex enough and it might take them an aeon or two to crack it. Even if they’re the NSA. That’s assuming, of course,… Read more »
One of the most exasperating things about attempting to defend an organisation against attacks by hackers is that the conflict is so asymmetric. Enterprises and public bodies operate within the law – well, most of them — and are constrained by ethical and regulatory considerations. Attackers do not and are not. There must be legions of corporate infosecurity professionals who… Read more »
With law enforcement officials claiming that LulzSec has been decapitated, what does this mean for Anonymous? The web is awash with hydra metaphors, but the truth is that no-one can say exactly what the effects are likely to be. Not for a while, anyway. It’s always been clear that the number of Anonymous members with real hacking skills is a… Read more »
So, it turns out that the infamous ‘Sabu’, the somewhat cocky leader of LulzSec and one of the few members of Anonymous accredited with real hacking skills, has been an FBI informer for months. This is not news to someone who goes by the name ‘HuntJaeger’ on Twitter. Just over five months ago I witnessed a Twitter exchange between anonymouSabu… Read more »
Vivek Ramachandran. Published by Packt Publishing (ISBN: 978-1-849515-58-0). Price: $49.99, 208pgs, paperback. It says something for the ubiquitious nature of wifi that this subject warrants a book to itself. Wireless networks are everywhere – some would argue they’re in too many places. And as we discuss in the article on pg.14 of this issue, the technologies that are supposed to… Read more »