The Equifax mega-breach has now led to two UK regulators investigating the same cock-up. The ICO obviously jumped in straight away, as you'd expect, but now the FCA has turned up to the party, bottle of cheap Bulgarian red from the corner shop in sweaty hand, hoping there's still some cake left. This will be fun. … Continue reading You’re in trouble no-o-o-w…
It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too
Reuters: Ransomware virus hits computer servers across the globe I told you so. And yes, it looks like it's the same attack method as WannaCry. This time without a killswitch. Did you do anything after WannaCry? Looks like lots of people didn't... Backup now. Patch MS-CVE-2017-010 now. Patch MS-CVE-2017-0199 now. Turn off SMB1 now. Send out … Continue reading I told you so
Oh you really couldn’t make it up. Recent terrorist outrages have prompted various European politicians to call, with more or less complete technological illiteracy, for encryption to be weakened so that the security services can spy on us more effectively. I’ve written about this several times, pointing out why this is a criminally stupid suggestion, … Continue reading Hahahahahahahahahahaha
UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief
I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort
Being involved in cyber-security can be quite depressing. So much of the time we see things that make life better for many people being spoiled by a few bad hats. I can't help feeling this is getting worse, and that our digital future will be more paranoid, more cautious, less global and considerably less convenient … Continue reading Have we passed peak convenience?
I was having a chat with a journalist over the weekend, talking about what the future looks like for cyber-security risk in the UK. Here’s a transcript: J: Where does it all go from here? BR: Lots of hot air from politicians. Nothing done for months. A massive deal for ATOS or someone to refresh … Continue reading #WannaCrypt #NHSCyberAttacks : what comes next?
Actually, it's more like #globalcyberattack. For those of you who are still hiding in their bunkers in case Trump nukes North Korea, the short version is that some crims have used a nasty bug in Windows to spread ransomware across the globe. It still had to get in via an email, and Microsoft patched the bug … Continue reading #nhscyberattack
Keeping your server in your office keeps your data safe, right? Just make sure the firewall is working and you’re golden. Because if it’s inside your physical perimeter, it’s protected, isn’t it? Well… It depends on your visitor policies. Your what? All that boring stuff to do with signing people in, showing them to meeting … Continue reading Visitors – you just can’t trust them