In my decades of working for telcos we had little intrinsic trust in suppliers. We always built test networks and bashed the hell out of them for functional and operational resilience before putting anything in production. I sat on the engineering board for one of BT's PABX manufacturers. I remember when we plugged the first digital signalling version into our test network. The alarm printer (yes, it was a paper tape in those days) ran out of paper in seconds. That took us a ...
When the ICO publishes guidance, it's a good idea to read it...: The right of access is a fundamental right under data protection law. And it has never been more necessary. In a world where personal data is used almost everywhere – by everyone – it’s vital that people have the right to be able to find out what’s happening to their information. More and more people are waking up to the power of their personal data, and are exercising their rights. That’s why, as an organis
Baby steps...: A new online platform for IoT vendors to use in receiving, assessing, managing, and mitigating vulnerabilities and reports has been launched by the IoT Security Foundation (IoTSF). The new platform, VulnerableThings.com, is intended to help vendors trying to comply with the terms of a series of new IoT regulations and standards now coming into effect. California and Oregon, along with Australia, Finland, Singapore, and the UK, have published regulations, la...
"Internet Explorer?" I hear you say. Yes, it's still in widespread use especially in enterprise environments where it's used to access legacy applications. But that brings a number of risks. Microsoft are attempting to mitigate one risk, insecure Jscript, with this new feature. However, I can't see many people firing up the registry editor themselves so this is probably one for the desktop support team to get to grips with...: [...] Additionally, before toggling off IE JScri
For UK businesses this is yet another complication arising from Brexit. I'm advising my clients, wherever possible, to separate data flows into EEA and non-EEA zones just in case the EU Commission does not grant an adequacy decision...: United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such laws were compat
It's hardly military-grade hardening, but it's a good start. Time for other countries and ISPs to catch up..: [...] In Singapore, the enhanced security requirements include randomised and unique login credentials for each device, minimum password strength, disabling system services and interfaces that are deemed to be vulnerable, default automatic downloads of firmware updates for security patches, secure authentication of access to the device's management interface, and val
This is getting quite meta. This article lists tools that can be used for attack, by both the good and bad guys. Knowing which are used by the bad guys gives the good guys valuable info on what to look out for...: [...] "We found [that] the most commonly adopted projects were memory injection libraries and RAT tools," Litvak said. "The most popular memory injection tool was the ReflectiveDllInjection library, followed by the MemoryModule library. For RATs [remote access t