Opinions & Analysis

After their companies dropped secure email products in the face of government intervention, security vendors Lavabit and Silent Circle have launched the Dark Mail Alliance. The companies said that the concept is to launch a secure back-end that will allow secure emails to be sent and received. The collective behind Dark Mail Alliance, said that its concept is not a “business venture, but a moral and technological journey”. Speaking to IT Security Guru, Mike Janke,...

The certificate authority (CA) industry may have had a bad year back in 2011 but, according to one of its survivors, 2013 finds it in a better place. Speaking to IT Security Guru, Henry Krumins, a senior director at GlobalSign, said that 2011 was a bad year for the industry, but said that “it defines who you are”. “It was a bad year for the certificate authority industry, but SSL is far from broken and...

The anticipated changes to the payment card industry data security standard (PCI DSS) was published today. Overall there is better clarification of the 12 steps of the standard as well as to remain current with attack vectors and to address the need for physical security of payment terminals and address requests for more stringent scoping and testing. Altogether there are 11 main changes to requirements 5 (use and regularly update anti-virus software on all systems commonly affected...

Pre-requisite requirements for hiring by Human Resources may cause the best people not being considered for jobs in security. Speaking to IT Security Guru, Cyber Security Challenge CEO Stephanie Daman said that there is often an issue where a company will have a hiring policy and if a person doesn’t fit with a qualifications minimum but has the right skill set, they may not be seen. “The problem is two-fold: there are people with the...

As well as backdoors being used by governments to monitor web traffic and user activity, they are put in by attackers of retrieving data. In a recent story, it was revealed that software which is used to manage equipment in power plants, military environments and ships contained an undocumented backdoor that could allow malicious hackers to access sensitive systems without authorisation. I spoke to Adrian Davis, principal research analyst at the Information Security Forum, who confirmed...

This week saw the announcement of the draft Data Protection Directive and among the significant changes was the wording from “right to be forgotten” to “right of erasure”. 1980s pop jokes aside, but perhaps the EU Parliament made this change to get a little respect from the EC Council who will now review it ahead of potentially passing it in April 2014. While the wording differences between forgotten and erasure are pretty significant, I asked the industry...

This week I had the pleasure of meeting Emulex who made a formal step into the security sector with the acquisition of Endace earlier this year. A company with a 30 year history in sectors such as fibre channels and Ethernet, the acquisition allowed it to add network visualisation technology to its product offering. Meeting Shaun Walsh, senior vice president of corporate marketing and corporate development at Emulex, he said that the company’s mantra of...

his week saw three of the major web companies issue patches just to make life especially easy for administrators. As well as Microsoft’s Patch Tuesday, which included eight security bulletins, three of which were rated as critical and addressed 19 distinct vulnerabilities, there were also patches from Adobe and Google. Possibly the most notable of the Microsoft patches was for the Internet Explorer zero-day, which implements a simple kill-bit setting that disables the affected ActiveX...

his week saw social network LinkedIn get itself into the headlines for the wrong reasons once again, as it wasreported that GCHQ created fake profiles in order to hack into a major Belgian telecommunications company. The attack on Belgacom was reported back in September but it was unknown how it had been carried out, but fresh reports claim that GCHQ used fake LinkedIn pages to redirect employees to sites containing malware. Security blogger Graham Cluley said that GCHQ’s Network Analysis...

The surveillance story has left a bitter taste in the mouths of users of some of the web’s biggest companies, but this week some of those companies got their chance to respond. Apple said that the US requests affected 2,000 to 3,000 accounts, adding it gave out data on zero to 1,000 accounts, while the UK made 127 requests and according to the BBC, since Apple’s main business was "not about collecting information", the vast majority...