You are here
Home > Opinion

France’s Macron announces creation of a new space force command

"Gentlemen, start your [meme] engines." I foresee many cartoons of space troopers (some in red shirts - and we all know what that means) clashing in orbit with one side calling the other "Cheese-eating surrender-monkeys" whilst laser pulses flash around. Seriously though, with the investments in micro satellites much of the internet will bypass terrestrial networks all together so there will be valuable assets in space that need protecting ..: French President Emmanuel Macro

India’s Response to China’s Cyber Attacks

If you're attacked with a stick and all you have to respond with is a gun, what would you do? Reading this article makes me think that physical, 'kinetic' war could break out if there's a mismatch of offensive and defensive cyber capabilities between two nation states...: [...] While India’s handling of incoming cyber attacks has been lethargic, in the short term it could be considered a rational response to threat management. Restraint is a feasible policy due to the uncert

Microsoft’s new OneDrive Personal Vault ups your cloud storage security

I'm cautiously welcoming this. Generally, it's a good idea to keep important stuff in a secure location. For example, keep your important physical documents and valuables in a small fire safe at home. But it also becomes a magnet for criminals. Why bother searching through a hard drive when the victim has conveniently put all the important stuff in one place? I do hope people don't opt for SMS-based authentication which is relatively easy to compromise ...: It seems when o

The Perils of Automatic Updates

I tend to bang on about the balance of risk between updating everything automatically, and running the more traditional 'Dev > Test > Stage > Production' method of introducing change. With the fashion for CI/CD and the automation available you'd think that we've got this covered. Not when those updates happen in your infrastructure layer, operated by a third party. This is what happened to me this week.. One of my clients runs an eCommerce platform, based on

The encryption wars are back, but this time it’s different

ZDNET's take on moves by western governments to insert themselves into your private conversations. Just to be clear, this is a BAD idea...: [...] Until recently there was, for most people in most countries, an effective right to privacy. The state just couldn't spy on every conversation or listen in to what was happening in every home in real time, and nor did they (in most cases) especially want to. Now the technology exists to do exactly that (and in many cases we ch

Google’s Sundar Pichai says privacy can’t be a ‘luxury good’

Compare and contrast these utterings with Mark Zuckerberg's statements on privacy. No matter how well-meaning the CEO is, the business model of both companies currently relies on hoovering data. I'd need to see a shift in how Google makes money to change my trust level...: [...] Pichai acknowledged that having access to our data makes Google's services run better, but that users -- all users -- should still expect their privacy to be protected without having to pay extra for

The NIST Privacy Framework Is More Needed Than Ever

In the world of information security if you compare ISO270001 with NIST CSF, ISO is a framework of sets of principles and CSF is much more a set of rules to follow. You can 'comply' with NIST and 'follow' ISO270001. Best practise is to use CSF as the basis for controls that you implement in your ISO 270001 framework. Let's see if it's the same with GDPR vs. NIST privacy framework..: In recent weeks, the National Institute of Standards and Technology released their latest dra

Britain strikes an artful compromise on Huawei and 5G

An opinion post from The Economist. One thing not often mentioned is that the 3G and 4G core are currently in a large part from Huawei so we should already be experienced in looking for signs of nefarious activity...: [...] Britain’s decision matters: it is a member of the “Five Eyes” intelligence-sharing alliance led by America, and was one of the first Western economies in which Huawei built a presence. Britain also has experience of electronic spying and knows Huawei well

The end of ‘Detect and Protect’ cybersecurity measures

Not exactly "the end of" more "can't be totally reliant on". My view is that you need a range of measures, starting with an understanding of the threats your business is facing, through establishing and refreshing appropriate security controls (like CTR, detailed below), and being able to mitigate the impact of the inevitable breaches. This is part of the toolbag...: I became particularly passionate about the need to shift away from ‘detect and protect’ technologies after an

Major Mobile Financial Apps Harbor Built-in Vulnerabilities

This comes down to "Who do you trust?". I'm unlikely to attempt to reverse engineer every app that I use so I have to put some level of trust in the company that provides it and the location where it's installed from. We've already seen that bad stuff can get into the 'official' app stores, especially Google Play, I'd like to think that the major financial institutions take care with their apps, but that's evidently not the case. I should theoretically reduce my exposure by l