Data Security (Inc. Data Loss Prevention), Cyber Security, Privacy, Website Security, Email Security, Malware/Viruses, Open Source Intelligence, Cyber Security/Product Training

Service Offerings

  • Cyber security training
  • Product reviews
  • Blog or article writing
  • Cyber security consulting for SME & HNWI
View more details here or email me.

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else, email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

Cloud security: large scale public/private cloud is generally more secure but you can be the weakest link just like with on premise

Details
Category: Cyber Security (Personal)
Many senior cyber security managers argue that large scale mass market public/private offerings like Microsoft Azure, Amazon Web Services, Rackspace Cloud etc. are very secure and often are more secure than running in-house servers. Why? Because they have larger departments designing the architecture, implementing isolation and monitoring. A FTSE 100 firm may have a handful of monitoring staff where the names listed above have tens of operations staff.

This over-generalization does not apply to small to medium scale cloud offerings generally. Some I have seen are poor, read “We offer ultra secure online backup...... no you do not”. Many companies' use high security data centres and sell themselves as ultra-secure but only have high physical security. Who is really going to break into a data centre these days? People used to break into data centres (and still do) to steal hardware to sell on the black market.

Read more …

The Tesco Bank hack: my own theories on how it may have happened

Details
Category: Cyber Security (Personal)
Whenever someone is hacked for weeks after there are articles, some with speculation to what happened. Often the theory is SQL injection but in cases like: Sony Pictures Entertainment, Sony, PlayStation Network, Target Corporation, United States Office of Personnel Management and likely Tesco Bank no one will ever know the full facts. Here are some of my own personal theories not in order and yes some are less likely....

Web platform
Many recent attacks have gone after layer seven (the application, i.e. port 443 or 80). SQL injection is common which could disclose records in a database or it could have been a loophole which lets someone get into another account without valid credentials.

Read more …

Mrs. Clinton’s private mail server scenario is not actually as rare as you may think

Details
Category: Cyber Security (Personal)
Firstly this is not a political article to explore or voice opinions around: who is a better candidate, who is more spiteful, who will win or if the media is biased to one side. Reports clearly state Mrs. Clinton run her own non-government sanctioned mail server. The mail server was run by non-IT security experts and various security holes have been reported.

Imagine you are the director-general of Mi6, secretary of state for defence or the CEO of a multinational pharmaceutical business, and you use your own Google Mail, Hotmail, Yahoo Mail or private mail domain server account to conduct work business. Wrong it seems but cases similar to Mrs. Clinton or the examples listed here do happen fairly frequently.

Read more …

Page 26 of 60