DataSecurityExpert.co.uk - All Things Graeme Batsman

Service Offerings

Cyber security training
Product reviews
Blog or article writing
SME & UHNWI cyber security

View more details here or email me.

Chapter Author

"Chpt. 4: How to Defend"

Contact Graeme

Journalists, students or potential clients:
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

Backup! Data loss can happen to anyone including me who is paranoid on security and privacy

Details: Category: Cyber Security (Personal)

As you can imagine from my websites name I take security and privacy extremely seriously unlike a lot of companies who say this but do not. It is called do as you preach. Drive encryption, hardware encrypted USBs, file encryption, UTM firewall, web filtering, long passwords, encrypted DNS, application whitelisting, little cloud used and so on. My security would likely beat the strength of most central government departments.

On Wednesday I was happily using my speedy, well looked after and well maintained SSD desktop. Without notice the computer bluescreened (BSoD) while using an internet browser. It turned itself off and after turning it on it said insert boot media which means no HDD/SSD is present or no operating system is loaded. Resetting the CMOS, removing the CMOS battery or swapping the SATA and power cable did not help. It was not seen by the motherboard nor did inserting it into another computer make it visible.

Help we are under attack! Let’s create a hundred-page defence plan not actually roll out the big guns

Details: Category: Cyber Security (Personal)

Picture this Pakistan the arch foe of India, fly fighter jets over the sovereign airspace of India and attack a small defence-less remote village. India will quickly and without too much bureaucracy roll out mobile AA (anti-aircraft) defences mounted on trucks to the borders and to key cities. Countries and others, from the United Kingdom to India, can be overly bureaucratic but in times of emergencies that should go out the window.

Over the years I have seen an assortment of companies, from tiny to the giant, from aircraft engineering companies to penetration testing and defence contractors. They have all had something in common, ISO 27001 or ISO 9001. The first is an information security framework and the latter a quality management system. Why did they get this externally audited certification? Simple, to tick a box and possibly so they could bid.

Can encryption protect your secrets against “APTs” and web exfiltration? Well, it depends...

Details: Category: Cyber Security (Personal)

Many security (commercial) professionals and sales girls & boys will tell you we protect your data with military grade encryption and your transactions are encrypted with the same technology banking sites use. Often the scope of these comments is small and refers to SSL (TLS) encrypting names, email addresses, passwords or credit cards when flying through the unknown, between your device and the shopping carts server. A great one is “someone stole our data but passwords were encrypted (hashed in reality). How nice the website owners bothered to one-way hash passwords stored but who cares about email address, secret question/answer, data of birth or your address?

Take a standard website for instance, you create a free account, enter your chosen password, the passwords flies over HTTPs (SSL/TLS) and the password is transformed into a hash (MD5, SHA1/2/3 etc.) and stored as that. “000ca7b75084509a58de17c003c5” is what a hash looks like if you are wondering. The password is not usually stored in clear text (readable English). Hack the websites database and you get a load of odd looking strings which people think are “one-way”. Mathematically yes but if you have one million passwords you can generate one million hashes and compare them. Also known as: rainbow tables.