Dave Waterson on Security

While ransomware has been around since 2005, recent variants released over the past three years represent a resurgence resulting in the fairly widespread extortion we see today. Due to its ease and speed of converting successful infiltrations into cash, ransomware is the current weapon-of-choice for online criminal gangs. Criminal syndicates are extorting millions of dollars. CryptoLocker generated $30m in 100 days. CryptoWall made $18m from only 1000 victims. Angler ransomware earns $5m per month for its operators. That’s a lot of loot, and it is spurring online gangs on. This past week, the US House of Representatives started blocking YahooMail due to the large number of ransomware attacks coming through the network.
Continue reading →

The rush to connectivity in manufacturing, critical infrastructure, energy, transport, utilities, and aerospace, has exposed significant security vulnerabilities. Implications of security failures in the IIoT are potentially far more serious than in the home and consumer IoT. While pursuing benefits of remote control and management of devices, IIoT manufacturers have lacked the security awareness, skills and experience needed to ensure secure environments. Security has not been the top priority in the scramble to bring connected devices to market.
Continue reading →

With iPhone and laptop fingerprint access, facial scanning and fingerprint border controls, DNA crime scene analysis, biometrics are all-pervasive. In the recent popular BBC series, The Night Manager, Tom Hiddleston uses facial recognition on his phone to access a bank account. As the trend is increasing utilisation of biometrics for identification and authentication, we need to examine security implications.
Continue reading →

Industry-changing technological advancements occur in waves. Mobile, the cloud, big data, IoT – are all examples of major technological advancement waves. The latest wave is Artificial Intelligence (AI). Quantum and nano waves are yet to fully arrive. While the technology of previous waves is still very relevant, often it is the latest flavour-of-the-month which commands front-page attention.

Continue reading →

Records representing 10% of global GDP will be stored on blockchain by 2025, according to a World Economic Forum (WEF) report. Momentum is gathering and this nascent technology is potentially game-changing across several industries.
Continue reading →

With the addition of billions of low-power devices to the Internet of Things, how will they communicate? The Wi-Fi Alliance have been developing IEEE 802.11ah, dubbed HaLow, to satisfy connectivity requirements of IoT. This post looks at what you need to know about HaLow.
Continue reading →

The Information Security market is forecast to burgeon from $75b in 2015 to $170b in 2020. With one million current job openings, what does it take to succeed in this industry? Although this advice will not apply to everyone and is not exhaustive, here are some ideas:

Continue reading →

IoT heralds a quantum leap in the number of devices connected through a Wi-Fi router. In the home for example, devices such as lights, electric plugs, cameras, alarms, kettles, refrigerators, etc. communicate with each other on the local Wi-Fi network, and to the internet through the home router/modem. If one device on the Wi-Fi network is compromised, the attack could compromise the router itself, as well as data from other devices on the network. An example is a recent vulnerability discovered in a connected kettle which is able to steal router passwords.

Continue reading →

Stefan Esser is an iOS security researcher based in Cologne, Germany. Last month when returning to his Frankfurt hotel room after dinner one evening, he noticed that his laptop had been tampered with in his absence. On investigation he concluded that the hard drive had been removed and then improperly replaced. It appears Stefan may have become victim of an Evil Maid attack. A bit of a give-away indication was the hotel room door handle which also appeared to have been the target of tampering.
Continue reading →

So everyone knows about the VW emissions scandal. Software in the car’s engine management system can detect when an emission test is being carried out (a give-away clue is when the vehicle is on a dynamometer), and reduce engine performance in order to provide better emissions test results. Malware developers use a similar technique to evade file-based sandbox detection methods.
Continue reading →