If you cannot stop mass market ransomware, how will you withstand targeted malware attacks?

Details

Category: Cyber Security (Personal)

I am writing this on a train (to a conference) to pass time [1]* and as readers will know I love and hate malware. Ransomware is not new, it has been around for a decade or more but it is only in the last few years it has jumped into the spotlight. Starting off with fake antivirus suites which would claim to find an “infection”, offer “cleanup & protection”, hide your data in the background and charge a “license” fee, really a less obvious ransom demand. Funny it is it requests payment for protection but is the infection itself.

Move on to the last 2-3 years and Cryptolocker, Cryptowall and Cryptoguard have appeared along with various other names and variations. Typically you open a macro enabled Office document, download an executable or an exploit kit is run in the web browser. All of these download an executable which calls back home to generate a public/private key. Files of various extensions are encrypted locally along with USB devices and mapped drives. Thus if a low level user gets infected the external hard drive used for backup along with an entire file server can get encrypted.

Read more …

Your name might be (Commander) Bond, James Bond, but don’t shout it out on the Tube

Details

Category: Cyber Security (Personal)

Have you ever been to a conference (think InfoSec or CloudSec) or walked near one and been curious to see what everyone does? At InfoSec you will see people with conference attendee badges on saying: head of information security at: MoD, MPS, FCO, Home Office etc. They wear them inside the building and forget to take them off when they leave.

On the train two days ago (6th Jan 2015) I spotted a man (and presumably his wife) entering the train with a name badge on. Curiosity of course overcame me. What did it say? Commander A******* **************, Defence Adviser, ************** High Commission. Could it get any worse? I searched for Commander A******* on the internet and found him on a UK government diplomatic list and then listed on his own high commission website. Along with an entire staff list (including armed forces), phone numbers and assistants.

Read more …

Personal view and observations around commercial (corporate) Wi-Fi data collection in the United Kingdom and Europe

Details

Category: Cyber Security (Personal)

I travel a lot, not that I publish this fact greatly online. This year I have been to nine countries, eight within the European Union and one within Europe. At the moment I am writing this article on a coach journey from one capital to another capital covering 310 kilometres. Excellent I/we can simply turn up at any European Union country by plane, boat or by land and flash (sometimes not) our passport and gain entry.

Back to the topic of commercial data collection. Within the United Kingdom and the Republic of Ireland though to a slightly less extent, when we use free Wi-Fi, it may be free but we are giving “them” something. Our browsing history, search terms, SSL/TLS connection* and probably more. Free yes, but we go from the customer to the supplier and of course they use or sell what they collect.

Read more …