Category Archives: Privacy

What we Can Learn from Yet Another Government Data Breach

by Ross Dyer

One of the curious side effects of working in the information security industry for any length of time is that, after a while, the same stories start coming round again and again. So it was last week when the government admitted that two discs full of data related to three highly sensitive police inquiries had got lost in the post. For those with long memories, the echoes of 2007 – when the personal details of 25 million Britons went missing in similar circumstances – are telling. So let’s remind ourselves again of the importance of good data handling practice and what we should all be doing to minimise the risk of a damaging breach. Continue reading

Minister Warns of Driverless Car Hacking? Let’s Address Legal Issues First

by Raimund Genes

Transport minister Claire Perry warned this week that hackers may look to disrupt driverless car systems in the future for political or economic ends. “The more we move to technologically assisted forms of transport, whether it’s smart motorways or driver assisted vehicles, there is also a risk of cyber hacking – so we are mindful of that,” she told the Commons transport committee. Continue reading

Who knows what Santa knows?

by Rik Ferguson

Screen Shot 2014-12-08 at 09.05.48Of course we all know that Father Christmas is out there, with his happy elves, keeping tabs on us throughout the year. In fact every year a considerable part of my time each day is spent going through my activities and making sure that nothing I have done will mean that I end up on Santa’s naughty list. I have to say, so far I appear to be doing quite well and each year, for all these years, there’s been a little something under the tree for me as well.

Unfortunately it’s not only Santa and his elves who are collecting your information there are plenty would use it for more nefarious ends. Maybe it’s worth clicking here to find out exactly what Santa knows about you…

There are several entry points available for cybercriminals into the interactive playground of social networking; fake or compromised profiles, malicious applications, malvertisements, cybersquatting, spam and phish masquerading as legitimate notifications from social networks, exploitation of vulnerabilities and direct messages just for starters. Victims are at risk of identity theft, fraud, infection or simply of becoming an attack platform to infect or defraud their own friends and colleagues.

The one thing that all of these attacks have in common though is the very thing that binds social networks together: trust. Because the attacks, messages and links come from friends or colleagues, they appear far more credible than the average Spam email from a stranger. Even the Koobface worm with its almost textbook standard Spam messages such as “You are veryy ggood at pposing to a spy cameera!” becomes that little bit more credible when it comes from someone you know.

Most of us are guilty of being far too trusting and far too free with our personal information online, we give away little snippets (or great chunks in some cases) of our personal lives in what is essentially a public forum, making the work of criminals such as carders and ID fraudsters far more simple. In fact I have seen social networking sites spoken about in underground carding forums as a “free date of birth look-up service” along with a wealth of tips on how best to exploit these kinds of platforms.

We need to become far more aware of the value of our personal information and importantly the information we have about our friends. We also need to become far more conversant with the privacy controls available on social and professional networking sites and actually use them. There is no need to fill out that questionnaire “25 Things About Me” and post it on your profile, there is no need to share your entire employment, educational or address history. There is no need to share your “Porn Star Name” (first name = name of your first pet, family name = mother’s maiden name), isn’t that exactly the kind of information needed to reset your email account password, or access your financial data?

When your personal information becomes public it is out of your control and soon out of sight. Criminals can and do use this stuff to break into your online accounts, just ask Scarlett Johansson, Jennifer Lawrence and many others.

  • Next time, before you hit “Post”, ask yourself this “If a stranger called me on the telephone asking for this information, would I tell them?” If the answer is “No”, then step away from the mouse.
  • Make sure you always pay attention to the permissions you grant to third party apps that you integrate into your social and mobile life.
  • Ensure that you are the only person who can answer your password reset questions and that those answers are never shared on social networks.
  • If you’re lucky enough to have kids of your own, then make sure you pass on the benefit of your online wisdom, after all, you wouldn’t send them out to cross the street alone without explaining the risks.

See what Santa knows about you here.Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.

Continue reading

Vishing for Victims: Building Awareness to Beat the Fraudsters

by Ross Dyer

Well that’s the Black Friday/Cyber Monday madness over for another year. This curiously American tradition of shopping excess around Thanksgiving weekend has well and truly come to the UK, and with it warnings that online fraudsters are looking to exploit distracted retailers and fraudsters around this period for their own ends. But while it’s obviously important that businesses and their customers stay vigilant to the increased risks of cyber attack, that’s not the only story we should be concerned about this week. Continue reading