Blog

53 - When is a breach a breach?

In risk management, and data protection, we tend to assume the worst. That if we've exposed the data of millions of users, that someone has actively exploited it and done terrible things with it.

52 - To patch or not to patch

It has been quite a week of breaches. From WhatsApp, to vulnerabilities in the linux kernel, hardware, Windows and Cisco products and I'm sure I've forgotten some others already.

51 - What does cyberwar actually mean?

The IDF tweeted that they had carried out a missile attack on a Hamas cyber offensive operations team, and it made me ponder the militarisation of cyber warfare.

50 - Who are the attackers we worry about

The old adage says that on the internet, nobody knows you are a dog. It's always been hard to attribute cyber attacks because of the complexities of internet governance means that country location of servers isn't the same as commercial affiliation of the owner, who might be selling to organisations in yet another country.

49 - We're on a Huawei to hell

I've been up at the NCSC's flagship conference, CyberUK, in Glasgow this week, for which the Huawei decision was a point of conversation. Mostly it was with a kind of resigned shrug that "Inevitably someone will mention it" that introduced the topic in many sessions. "A flag of origin is an important factor, but a secondary factor [compared to the technical, security and engineering complexities]" was a good summary of the view that was espoused both on stage and with the individuals who I ended up speaking with.

48 - DNS is at the root of our cybersecurity

I'm back from holiday, so massive thanks to Jon and Joel for covering the newsletter while I was away. I hope you enjoyed it, and it was novel to wake up on a Saturday morning and be able to read the newsletter rather than having to check and write it!

47 - People & Privacy: Consent? Is that your question?

Us again! Michael has kindly let us edit Cyber Weekly again this week (thanks for having us 'stay' a little longer Michael).

46 - People & Security - forever intertwined

Michael has kindly let us guest edit Cyber Weekly this week (thanks Michael for inviting us along).

45 - How secure is our software?

While the debate about the geopolitical implications of Huawei software managing western 5G networks continues on, we really should be worrying about how secure is the software that manages... well everything.

44 - It’s not always targeted attacks

Malware is running around an industrial control system. It must be Russia, or China, or Iran, or the US or ...

43 - Hacking Tools

I'm not actually a very good hacker. I know and understand a lot of the theory, and I've been on web application hacking courses, played at a few Cybergames, and while I don't come first, I don't do terribly.

42 - Fake news and propaganda

I was determined to not talk more about fake news this week. I'd had in mind to do something about how the law affects the internet, but there were just too many good stories this week, especially the absolutely excellent writeup by Recorded Future about chinese activity in influence operations.