Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Posts Tagged ‘ Security ’

Windows XP end of life: key information

Monday, March 24th, 2014

Windows Updates will be ending soon

Windows XP support will end on 8 April. After that date, Microsoft won’t provide any more updates. Yet many millions of people are still using the veteran OS: recent figures suggest that it’s still running on around 30% of PCs worldwide, many of them in businesses.

Understandably, there’s a lot of doubt and concern over what’s going to happen next. If you’re still running XP, here are the straightforward answers to the key questions.

(more…)

Has the NSA really broken “strong” encryption?

Friday, September 6th, 2013

Keyhole

It’s been reported that GCHQ and the US National Security Agency have managed to crack the encryption systems we use to protect emails, personal data and financial transactions. If this means HTTPS, SSL and so forth are no longer secure, it’s a huge deal. You may not be immediately alarmed about the idea of spy agencies accessing your supposedly private data, but if they’ve found a technique for getting around strong encryption, it could sooner or later find their way into less well-meaning hands.

Frustratingly, however, we don’t know the specifics of what’s really been broken. The original report in The Guardian – based on revelations from US whistleblower Edward Snowden – describes specific intelligence programmes; but the central allegation rests on a mysterious “breakthrough”, of which no details are provided.

(more…)

How PayPal is perpetuating the phishing problem

Friday, February 15th, 2013

paypalPhishing has been a problem for years, with ne’er-do-wells sending emails stuffed with links to lure you into typing passwords into their mocked-up sites resembling your bank or some other service.

With the criminals making fewer stupid grammatical errors and getting better at designing mocked-up sites, the one rule of thumb recommended by banks and security experts is to not click through links in emails from companies without checking they’re safe — and if in doubt, to head to the site directly to log in.

(more…)

How much does cybercrime cost the UK? Not £27bn

Tuesday, February 12th, 2013

Judging the success of the UK’s online security strategy is difficult, a government agency has reported – and it’s no surprise given it’s using debunked statistics.
The cybercrime strategy report from the National Audit Office (NAO) looks to measure the success of the government’s efforts, looking at non-financial as well as financial measures.
“The NAO recognises, in particular, that there are some challenges in establishing the value for money of the cybersecurity strategy,” the agency said. “There is the conceptual problem that, if cyber-attacks do not occur, it will be difficult to establish the extent to which that was down to the success of the strategy.”
Those challenges are worsened by the NAO’s own use of bad data, and the misquoting of reports within its own analysis.
[pquote]The NAO recognises, in particular, that there are some challenges in establishing the value for money of the cybersecurity strategy[/pquote]
The NAO cites the cost of cybercrime is between £18bn and £27bn – two figures that are respectively inaccurate and thoroughly debunked.
The £27bn figure is from a 2011 Detica report commissioned by the Cabinet Office, which has been widely dismissed as [a href="http://www.lightbluetouchpaper.org/2012/06/18/debunking-cybercrime-myths/" title="Light Blue Touchpaper"]“scaremongering”[/a] and a [a href="http://www.zdnet.com/cybercrime-cost-estimate-is-sales-exercise-say-experts-3040091866/" title="ZDNet"]“sales exercise”[/a].
The second figure, of £18bn, comes from a [a href="http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf" title="Cambridge report"]University of Cambridge report[/a] commissioned by the government entirely to debunk the Detica report, a fact that is clear to anyone reading as far as five paragraphs in. However, that figure is also inaccurate and misleading.
First, the Cambridge report shows the figures in dollars, so in the very least it should be $18bn, not £18bn.
Second, the report authors specifically advise against adding up all of the numbers it provides, saying it would be “entirely misleading to provide totals lest they be quoted out of context, without all the caveats and caution that we have provided”.
And that, of course, is exactly what has happened. The $18bn figure is made up of four parts: Transactional crime, such as card fraud and “loss of consumer confidence” makes up more than $3bn; cost of infrastructure and protections such as antivirus accounts for $1.2bn; more traditional crime, such as tax and benefit fraud, shifting to the internet adds more than $14bn; “genuine” cybercrime, such as online banking fraud and botnets, cost the UK an estimated $164m an year – less than consumers spend on antivirus.
The NAO report provided two solid figures for cybercrime in the UK. The Serious Organised Crime Agency prevented a “potential economic loss” of £500m last year, while individuals reported £292m of attempted online fraud to Action Fraud. Those numbers don’t include all the costs of cybercrime, which are hard to collect, as companies aren’t required to report data breaches.
Getting the numbers straight is key, as the government has laid out £650m in funding to 2015 to secure networks and educate the public  - as well as to help UK businesses grab a slice of the “growing market in cybersecurity”.

securitylock

Judging the success of the UK’s online security strategy is difficult, a government agency has reported – and it’s no surprise given it’s using debunked statistics.

The National Audit Office (NAO) has today released a report examining the government’s£650m cybersecurity strategy, looking to judge whether or not it’s working and offers good value for money.

(more…)

The world’s worst phishing attack

Tuesday, January 8th, 2013

0046_001

It’s not often I get actual, handwritten mail sent to me at the office, let alone from South Africa. So I was intrigued when the envelope above landed on my desk yesterday. Was it an invite to come and meet Nelson Mandela? Fan mail from afar? No, it was the worst phishing attempt in the history of mankind.

(more…)

Tags: ,

Posted in: Random, Rant

Permalink

The USB stick that thinks it’s a keyboard

Tuesday, December 4th, 2012

USB

To Covent Garden, where James Lyne – director of technology strategy at Sophos – has been presenting a review of the security landscape during 2012, and a look forward to next year’s threats. The review is an annual event, and always entertaining thanks to Lyne’s bona fide geek credentials: this year’s talk included references to Anonymous masks, the obligatory Gangnam Style allusion and several exhortations to “[verb] all the things”.

Predictions for 2013 include increasingly sophisticated and targeted attacks, on mobile platforms as well as PCs. No surprises there. More interestingly, Lyne also expects to see a rise in ransomware, which locks away your files and provides the decryption key only on payment of a fee. So far, malware ransoms have typically been around the £200 mark, but Lyne reckons criminals will soon start to recognise high value targets (such as company CEOs) and demand much higher fees for the return of sensitive documents. He describes this type of attack as “irreversible”, as there’s nothing third-party software can do to recover your files if they’ve been strongly encrypted: the only defence is to keep backups. You’ve been warned.

The part of the talk that particularly struck me, however, relates to the little device pictured above, which Lyne demonstrated with glee. Fully assembled, it looks just like a regular USB flash drive. Or, from the internal microSD slot, you might assume it was some sort of card reader. In fact – believe it or not – it’s a keyboard. (more…)

Tags: , , ,

Posted in: Random

Permalink

How to compromise your web security in one stupid step

Tuesday, September 11th, 2012

Personal Safety Book

Opinion is divided amongst the security experts about whether you should write down passwords or not — security guru Bruce Schneier is among the write-them-down advocates.

(more…)

Tags: ,

Posted in: Random

Permalink

DNSChanger a “damp squib”? That’s a good thing

Tuesday, July 10th, 2012

virus

The DNSChanger server shutdown has come and gone, and it was nothing but a “damp squib”, a doomsday that “fizzled”, and not worth the headlines comparing it to the frenzied build-up around Y2K. The Daily Mail’s talented subs managed to shove most of that sentiment into a single headline: “Malware internet meltdown a bust as feared DNS Changer virus fizzles on ‘doomsday’.”

Uh, guys? It’s good when the internet doesn’t meltdown. Doomsdays, as should be clear from the name, are bad — when they “fizzle”, we should crack open champagne, not whine.

(more…)

How EKMPowershop leaks personal data

Thursday, July 5th, 2012

ekmpcproOnline service providers have a duty of trust to protect the data we give them – but it appears that some take this more seriously than others. EKMPowershop.com is a long established, UK-based provider of ecommerce software and, just last week, I was signing up for trial accounts with all the major players, including EKM, as part of a forthcoming Real World column.

Imagine my surprise, then, at seeing the contact details of a complete stranger in my trial shop. At first, I thought this might be dummy data but, on emailing the person concerned (I could, alternatively, have rung her using the details EKM kindly provided) I discovered someone as shocked as me that her information was not as private or secure as she imagined.

Naturally, I contacted EKM’s support team but it’s now ten days later and the problem persists. I shan’t describe how to access these private details for obvious reasons but suffice it to say the only sensible response by EKM would have been to remove the trial functionality until the hole was patched.

(more…)

No wonder people are confused by security…

Wednesday, November 2nd, 2011

securityblue

The Met Police can feel justifiably proud of themselves, with an investigation leading to the jailing for many years of a pair of criminals who attacked computers with malware to steal £3 million from UK bank accounts.

Excellent news; high-fives to everyone involved. However, the force’s communications team slightly tarnished the win with some rather confusing advice on internet security.

(more…)

Authors

Categories

Archives

advertisement

SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010