Monitoring Logins – Why have I logged in from the far east?

August 30, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Monitoring Logins – Why have I logged in from the far east?
Tags: , , , ,

During my recent trip to the United States, I was logging onto email systems and other systems from a different country and outside normal expected times. As such the systems, I was logging into (both professional and personal) demanded additional levels of authentication beyond username and password.

Multifactor authentication has now advanced to the point that tracking user behaviour (location, MAC address and login times for example) can be used as an additional authentication layer as opposed to a traditional token code.

You can view your successful and unsuccessful login on most personal websites to confirm it Is you and it is important to do this.
Monitoring logins is an easy and effective method of mitigating Data Breaches as if you can identify that a user or account is logging in from an unexpected location when they are not expected to be there you can lock the account down and prevent potential data breach.

Many attacks and breaches have been caused by stolen credentials and by simply monitoring login activity then this particular avenue of attack can be mitigated and the threat reduced.

Advertisements

Returning to Normal Schedule – Intuitive Networks

August 29, 2017 at 4:17 pm | Posted in Cyber Security | Comments Off on Returning to Normal Schedule – Intuitive Networks
Tags: , , ,

For the majority of the last few weeks I have been abroad in the United States attending a conference with work to discuss strategies for the upcoming financial year but also to learn more about what is coming up.

There is a lot coming up in terms of technology and strategy from Cisco but for the time being I think the best way to see what is coming is to ask Peter Dinklage.

Innovation and intuition is the most human element of all, we learn and we adapt we go from there.

Importance of Multi-Factor authentication

August 16, 2017 at 4:00 pm | Posted in Cyber Security, Musings | Comments Off on Importance of Multi-Factor authentication
Tags: , , , ,

Yesterday it was announced that the Scottish Parliament was under a cyber-attack similar to the one that targeted Westminster earlier in the year.

The Attackers were trying to gain access to the email systems of MSP’s and Staff members of the parliament for their own gains. This time it looks as if the attack was stopped in its tracks.

I am fortunate enough to have worked with the Scottish Parliament closely in a previous role and I know a bit more about their security infrastructure than most. And, I am assuming that their methods of security have not changed to radically in the last three years.

The Scottish Parliament does use multifactor authentication for the majority of its users.

The importance of multifactor authentication is key to as to why this particular brute force attack was not as successful as previous one that hit Westminster as there was an added layer of security beyond that of username and password.

It still affected the Scottish Parliament but it is better to have some minor disruptions as opposed to having data stolen.

Australia vs New Zealand – Citizenship rights.

August 15, 2017 at 4:00 pm | Posted in Musings | Comments Off on Australia vs New Zealand – Citizenship rights.
Tags: , , , ,

It is all kicking off in the Southern Ocean, and it is not being friendly.

Over the last few months there has been a story rumbling of various members of parliament having to resign their seats due to having dual citizenship.

Under Australian Law, it is illegal to stand for Parliament if you “knowingly” hold dual citizenship and across the Tasman Sea, New Zealand automatically grant’s citizenship if one of your parents is a New Zealander. Although you have to apply.

This Scandal has now affected with government with the Deputy Prime Minister being informed that he holds New Zealand citizenship. Something that he claims not to have known.

However, this story has taken a more interesting term as it turns out that the Labor Party in Australia instigated the investigation into his citizenship working closely with the Labor Party in New Zealand.
This story will rumble on.

One thing that is slowly being agreed on though is that the Australian Law needs to be changed as currently almost half of all Australian citizen’s hold dual citizenship of some form or another.

Labour Leadership & Venezuela – “Many people died on both sides of the Battle of Yavin – I condemn both the Death Star and the Rebel X-Wings.”

August 8, 2017 at 10:00 pm | Posted in Musings | Comments Off on Labour Leadership & Venezuela – “Many people died on both sides of the Battle of Yavin – I condemn both the Death Star and the Rebel X-Wings.”
Tags: , ,

The pressure that has been mounting on the Leader of the Labour party to condemn the actions taken by the Venezuela government and that I wrote about last week. Now that Jeremy Corbyn has returned from his holiday the statement came.

Moreover, he failed to do so in a spectacular fashion.

Within the statement, he condemned the violence of both sides.

However, there is no equity in the violence here. The United Nations has now spoken out and lays the blame of the issues and unrest of Venezuela at the highest levels of the Venezuelan government and the Venezuelan government is oppressing human rights of its citizens.

You also get within the statement, that the economy was “too dependent on oil” and that there were “effective and serious attempts at reducing poverty.”

This is an effective attempt at reducing Poverty? Where over three in four people now live in poverty and where food now costs three times the minimum wage.
Any progress that has been made to reducing Poverty in Venezuela has now moved it back to levels not seen before the 1950’s.

As for dependency on the Oil, that is true but surely that should have been for the government of Venezuela to deal with they own the oil company. Instead, due to pricing controls manufacturing in the country collapsed by a third.

I condemn the Labour Leadership for their stance on the Venezuela Crisis and commend those in the Labour party that are taking a stand against it as many around the world are.

Jeremy Corbyn once said that by being “neutral in situations of injustice, you have chosen the side of the oppressor”

So yes Mr Corbyn, you have chosen the side of the Oppressor.

PS: Credit to Tom Harris, former Labour MP for the Death Star line.

Black Hat vs White Hat

August 7, 2017 at 4:00 pm | Posted in Cyber Security, Musings | Comments Off on Black Hat vs White Hat
Tags: , , , , , ,

This Blog is entirely my own opinion and is no way tied to my employer. 

Last week, news broke that the cyber security analyst who stopped the Wannacry cyber security incident in May had been arrested in Las Vegas while attending the ethical hacking conference. He was accused and charged with having previously creating a piece of banking malware that gained notoriety around 2014.

Now, in this case as always the presumption is innocent until proven guilty.

However, it does pose significant questions as to those researchers who were previously wearing the “Black hat” and facing off against the security industry and later chose to go legitimate and become “white hats” in security industry.

If there is a sword of Damocles hanging over them about their past then it adds a further question as to if they want to go legitimate.

It all boils down to the principles of Sun Tzu and the Art of War. How far are States willing to overlook past crimes for the greater good.

Sun Tzu says on spies, in chapter 13 of Art of War
“Having CONVERTED SPIES, getting hold of the enemy’s spies and using them for our own purposes.”

Converted Spies are deemed the most useful by Sun Tzu as it enables other spies to be brought in based on the knowledge of the converted spy.

A thousands year old text still has relevance today and in the cyber security industry chapter 13 is especially relevant. As the knowledge that those researchers who were formally on the other side of the battle is extremely valuable.

It is entirely possible that regardless of whether the Wannacry researcher is guilty or not that the actions taken in the US have potentially put off future Black Hats from becoming White Hats and that the knowledge they would have brought is now lost.

Labour Leadership silence – Venezuela a better way of doing things?

August 3, 2017 at 5:00 pm | Posted in Musings | Comments Off on Labour Leadership silence – Venezuela a better way of doing things?
Tags: , , , ,

In the past Week, the failing state of Venezuela finally took the steps to throw off the idea of democracy and finally descended into an Autocracy. With opposition leaders arrested by the secret police and parliament having now been effectively bypassed.

International condemnation has been swift from the US, EU and the UK.
However, the UN has been strangely silent on these matters.

Individual Labour party MP’s including the shadow foreign secretary have joined condemnation from other left wing parties throughout Europe in condemning the leadership of Venezuela. However, there has been largely silence from the Labour Leader’s office.

The Reason, because I fear that this is what the Labour Leader wants society to be like.
Corbyn & his leadership team have been praising Venezuela for the better part of two decades. Corbyn himself is quoted as saying of Venezuela.

“Showed us there is a different and better way of doing things. It’s called Socialism”

Well let us see what socialism has done to Venezuela?

  • 3rd Highest murder rate in the world.
  • Inflation at 2000%, shortages in basic food and medicines.
  • Bribery and corruption rampant.
  • Freedom of the Press destroyed with protests now going on three years.
  • Tampered elections and opposition politicians arrested and banned.
  • Poverty increasing dramatically.

This is a better way of doing things?
No its not, since the fall of the Soviet Union in the 90’s brought about a decrease in absolute poverty by nearly two thirds and Venezuela is now trying to reverse that statistic.

The Labour Leadership who have for nearly the past twenty years praised Venezuela now need to come out and condemn it and stop trying to claim that what Venezuela did was the right thing to do as it has been proven, as has been proven every time before it.

Socialism doesn’t work.

July 2017 Cyber Incident Report

August 2, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on July 2017 Cyber Incident Report
Tags: , , ,

So the White board has been wiped for the new financial month at work and now I can reveal the statistics behind the last financial month of the incidents recorded in July.
As a reminder the criteria to get on this list is that the Breach/Attack needs to be reported in major media outlet and be over 5000 records in size.

  • There were Six Cyber Attacks and Thirteen Data Breaches.
  • Over 150 million records were compromised.
  • Financial Costs of the Cyber Incidents this month is estimated to be over $1.2 Billion.
  • Insider Threats continue to be a weakness of all organisations.
  • Average time between each incident is just 2.3 Days.

The largest and perhaps the most interesting was the UK Parliament attack and the Nyetya malware attacks of late June, the effects of which are still being felt today. Companies such as TNT are still trying to recover from the attack that compromised their network.

Electronic Voting – It’s Hard to Hack a piece of Paper

August 1, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on Electronic Voting – It’s Hard to Hack a piece of Paper
Tags: , , , , ,

One topic of conversation that comes up quite regularly for me is when people discuss electronic voting machines or voting online. With arguments in favour such as it will increase turnout and that it is more accessible. However, while I work In Cyber Security I will always be against electronic voting for the simple reason of, nothing is 100% secure.

Anyone in the security industry who says that a technology is 100% protected is lying.

There are still accusations that the US elections were tampered with and those rumours will continue for many years unless evidence is found. While it is possible to commit fraud using the UK’s traditional methods of pen plus paper and postal voting. The scale and the difficulties of doing it on a large scale is incredibly difficult.

This past week has reinforced my opinions on the weaknesses of electronic voting machines. At the Ethical hacking conferences in the USA this past week, various ethical hackers and researchers were invited to try and compromise the electronic voting machines used in past elections as recent as 2015.

Within 30 to 90 minutes, every machine type gifted to them was compromised with the researchers able to change hypothetical votes, play minesweeper and have the machines play videos.

Some of the machines could even be compromised remotely via wireless networks. It has been a pretty damning set of research and reinforces the point that with current technology no electronic voting machines cannot be 100% secure.

The ability to change thousands of votes just by messing with a spreadsheet and given the risk all organisations have against insider threats these machines cannot be considered physically secure either when not used in election season.

I’ll stick to my pen and paper for the time being.

Is a Data Breach going to bring down a Government?

July 29, 2017 at 8:30 pm | Posted in Cyber Security | Comments Off on Is a Data Breach going to bring down a Government?
Tags: , , , ,

Earlier this week news came to light that information from the Swedish Transport Agency that a database containing the registration numbers of hundreds of thousands of Swedish citizens had been subject to a data breach.

Within this data was details of if people were in a witness protection program, armed service personal and police information. In short information that should never have been accessible by non-authorised parties.

However, unlike many data breaches this was not the result of a Hack but due to a lack of awareness and proper safeguards and oversight of an outsource project. The former head of the Agency has been found guilty and fined for negligence in the handling of this project and the data by the courts.

(The Maximum penalty in Sweden is just half a months’ Salary)

Now, this has taken on a political field.

This is one of the largest data breaches ever taken please in Sweden and it has emerged that Government ministers were aware of the breach happening last year but did not inform the Prime Minister for months and that when the PM did find out, this was also kept from both Parliament and other ministers.

Now the news has broken the Ministers responsible have been fired, resigned or moved. However, the threat of no confidence remains in both the Prime Minster and the ministers still in situ as it is going to be months before the data is fully secure.

This story will rumble on over the next month or so as the Swedish parliament is in recess at the moment but it is entirely possible that as more information becomes clear then a no confidence motion in the Swedish government might pass.

« Previous PageNext Page »

Create a free website or blog at WordPress.com.
Entries and comments feeds.