I've written about email-based fraud before. I cover it in every talk I give. It's in our 20-minute guide to cyber-security. It's in our October newsletter. It's made the mainstream news. But whether you call it spear-phishing, whaling or "business email compromise" it seems that all the training in the world just can't help some … Continue reading It’s 2018 and there are still morons
So today we have the news that a top plastic surgery outfit has been breached by hackers. Included in the haul: before and after pictures of celebrities’ improved nether regions. Never thought I’d be able to include labiaplasty as a keyword in this blog. Hard to think of anything more intrusive by way of data … Continue reading Article 9 – it’s not just a number
Why do I bang on so much about training? If driverless cars are the future, why can't machine learning give us perfectly secure networks? Here's a quote from an interview with Steve Furber in The Register. He says it better than I can: Furber gives the example of Google's much-publicised triumph when its network, having … Continue reading Wetware beats hardware
It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too
I'm having a bit of a row with Garmin at the moment. They've decided to change their password policy, upping their complexity requirements so that they now require uppercase as well as lower case and a number. This is not a step forward. It means I have to change my password on a variety of … Continue reading Why do we even bother?
So, Yahoo! has been hacked, and 500m records abstracted, allegedly by a “state-sponsored” agency. Apart from worrying what you might have kept on Yahoo!, and whether using the same password for your social media account and your bank account was really a good idea, what does this mean for you? First off it’s a reminder … Continue reading What can you learn from the Yahoo! hack?
I wrote recently about a report that people would sell their company username and password for as little as $150. That’s just the tip of the iceberg. There’s a market, and a market price, for everything – credit card details sell for as little as $7, but bank account credentials sell for 1-5% of the … Continue reading The hacker economy