Skip to main content

Posts

Showing posts from 2017

UK MPs Finally Wake Up To The Cyber Age?

I know when something is brewing when my phone starts to buzz with "Number Withheld", and that it's the news media looking for leads. And so it was the information that the UK Parliament was under a “sustained and determined” attack for the email accounts of MPs and associated staff. It started on Friday, and they targetted accounts which had weak passwords, and led to a lock-out on the affected accounts. Remote access to email systems was also disabled. Basically, it was a Hydra account on the email server: It seems that with the IPB (Investigatory Powers Bill) and the targeting of backdoors in cryptography that MPs are finally realised that we live in an Information Age ... and the days of the Industry Age are receding fast. Jeremy Corbyn even stepped on a Glastonbury stage and announced: “I think [this] indicates just how vulnerable we are to cyber-attacks and our cyber-security. We need to be investing in cyber-protection – it is a huge issue. We all re
Post a Comment
Read more

The Domain Reminder "Scam"

Introduction You may know that I often follow-up on scamming emails, in order to investigate the true motive for their attempt. So here I would like to outline a scam which looks fairly passive but tricks the user in its usage of wording. The Scam First the scamming company search DNS records and locate a domain which is near to timing-out and gain the email address of the registered person. Next they draft an official looking email which looks like it knows lots of details about the domain and account holder, and which warns them about a domain which is expiring: But the wording is strange here, and there's nothing illegal in what they are offering. In quickly reading the email, it seems that they are warning you that your domain is expiring on 28 June 2017, and that it will be cancelled . But read more closely ... it is their offer of the SEO registration that will be cancelled on 28 June 2017! This is the same date as the domain is actually going to time-out, so they
Post a Comment
Read more

Ministry of Computing

Part 1: It Begins Preface With the newspapers full of large-scale data breaches, where each one was larger than the last, no-one ever thought it would be Tom McKinnon, the Chief Security Architect at the Ministry of Computing, that would go down as the person who would create the most devastating breach of all. Hack-a-day The security operations centre within the Ministry of Computing contained many screens showing traffic flows and security alerts. Its coloured coded traces had been designed for the human operators to detect major intrusions, and where green showed that all was good; amber defined a change; and where red identified the colour of danger.  The analysts had perfectly tuned their eyes to the scrolling charts and text feeds, and could instantly see the seeds of attacks. They were the experts in finding not only a needle in a haystack, but also a pin-prick on the Moon.  The place ran on normality - using signatures of well-known intrusions -  and on abnormality
Post a Comment
Read more