Skip to navigation

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Posts Tagged ‘ Security ’

How to check your identity hasn’t been sold to the hackers

Tuesday, September 16th, 2014

Database breaches, in which giant corporates such as Adobe, eBay, or Sony lose track of copies of their user and billing databases, are becoming almost weekly news items in late 2014.

Sometimes this is given a hacker spin, other times it’s just a dull case of not knowing where all those USB keys or backup tapes have gone.

Consumers are meant to respond to the news – which manages to be simultaneously both worrying and vague – by meekly changing their passwords, even if they don’t think they’re included in the database that’s been stolen. eBay’s alleged database theft triggered a mandatory password change for everyone, right across the system.

I have some problems with this approach, because, to be honest, I have a whole lot of different web identities. Once you’ve signed up to enough services for review, this becomes inevitable: I have a slew of login names and emails, and figuring out which one goes with which service becomes a daily trial. (more…)

Phishing emails: how I nearly got caught out

Thursday, May 29th, 2014

A phishing email popped into my inbox this morning. That’s hardly a rare occurrence, but what was unusual about this one is that I really wasn’t sure, for a moment, if it was malicious or not.

Take a look:


This caught my eye, as I’ve recently returned from overseas travel, and I did (foolishly) log into my account on hotel Wi-Fi without taking any precautions. What if someone had nabbed my login credentials?


Windows XP end of life: key information

Monday, March 24th, 2014

Windows Updates will be ending soon

Windows XP support will end on 8 April. After that date, Microsoft won’t provide any more updates. Yet many millions of people are still using the veteran OS: recent figures suggest that it’s still running on around 30% of PCs worldwide, many of them in businesses.

Understandably, there’s a lot of doubt and concern over what’s going to happen next. If you’re still running XP, here are the straightforward answers to the key questions.


Has the NSA really broken “strong” encryption?

Friday, September 6th, 2013


It’s been reported that GCHQ and the US National Security Agency have managed to crack the encryption systems we use to protect emails, personal data and financial transactions. If this means HTTPS, SSL and so forth are no longer secure, it’s a huge deal. You may not be immediately alarmed about the idea of spy agencies accessing your supposedly private data, but if they’ve found a technique for getting around strong encryption, it could sooner or later find their way into less well-meaning hands.

Frustratingly, however, we don’t know the specifics of what’s really been broken. The original report in The Guardian – based on revelations from US whistleblower Edward Snowden – describes specific intelligence programmes; but the central allegation rests on a mysterious “breakthrough”, of which no details are provided.


How PayPal is perpetuating the phishing problem

Friday, February 15th, 2013

paypalPhishing has been a problem for years, with ne’er-do-wells sending emails stuffed with links to lure you into typing passwords into their mocked-up sites resembling your bank or some other service.

With the criminals making fewer stupid grammatical errors and getting better at designing mocked-up sites, the one rule of thumb recommended by banks and security experts is to not click through links in emails from companies without checking they’re safe — and if in doubt, to head to the site directly to log in.


How much does cybercrime cost the UK? Not £27bn

Tuesday, February 12th, 2013

Judging the success of the UK’s online security strategy is difficult, a government agency has reported – and it’s no surprise given it’s using debunked statistics.
The cybercrime strategy report from the National Audit Office (NAO) looks to measure the success of the government’s efforts, looking at non-financial as well as financial measures.
“The NAO recognises, in particular, that there are some challenges in establishing the value for money of the cybersecurity strategy,” the agency said. “There is the conceptual problem that, if cyber-attacks do not occur, it will be difficult to establish the extent to which that was down to the success of the strategy.”
Those challenges are worsened by the NAO’s own use of bad data, and the misquoting of reports within its own analysis.
[pquote]The NAO recognises, in particular, that there are some challenges in establishing the value for money of the cybersecurity strategy[/pquote]
The NAO cites the cost of cybercrime is between £18bn and £27bn – two figures that are respectively inaccurate and thoroughly debunked.
The £27bn figure is from a 2011 Detica report commissioned by the Cabinet Office, which has been widely dismissed as [a href="" title="Light Blue Touchpaper"]“scaremongering”[/a] and a [a href="" title="ZDNet"]“sales exercise”[/a].
The second figure, of £18bn, comes from a [a href="" title="Cambridge report"]University of Cambridge report[/a] commissioned by the government entirely to debunk the Detica report, a fact that is clear to anyone reading as far as five paragraphs in. However, that figure is also inaccurate and misleading.
First, the Cambridge report shows the figures in dollars, so in the very least it should be $18bn, not £18bn.
Second, the report authors specifically advise against adding up all of the numbers it provides, saying it would be “entirely misleading to provide totals lest they be quoted out of context, without all the caveats and caution that we have provided”.
And that, of course, is exactly what has happened. The $18bn figure is made up of four parts: Transactional crime, such as card fraud and “loss of consumer confidence” makes up more than $3bn; cost of infrastructure and protections such as antivirus accounts for $1.2bn; more traditional crime, such as tax and benefit fraud, shifting to the internet adds more than $14bn; “genuine” cybercrime, such as online banking fraud and botnets, cost the UK an estimated $164m an year – less than consumers spend on antivirus.
The NAO report provided two solid figures for cybercrime in the UK. The Serious Organised Crime Agency prevented a “potential economic loss” of £500m last year, while individuals reported £292m of attempted online fraud to Action Fraud. Those numbers don’t include all the costs of cybercrime, which are hard to collect, as companies aren’t required to report data breaches.
Getting the numbers straight is key, as the government has laid out £650m in funding to 2015 to secure networks and educate the public  - as well as to help UK businesses grab a slice of the “growing market in cybersecurity”.


Judging the success of the UK’s online security strategy is difficult, a government agency has reported – and it’s no surprise given it’s using debunked statistics.

The National Audit Office (NAO) has today released a report examining the government’s£650m cybersecurity strategy, looking to judge whether or not it’s working and offers good value for money.


The world’s worst phishing attack

Tuesday, January 8th, 2013


It’s not often I get actual, handwritten mail sent to me at the office, let alone from South Africa. So I was intrigued when the envelope above landed on my desk yesterday. Was it an invite to come and meet Nelson Mandela? Fan mail from afar? No, it was the worst phishing attempt in the history of mankind.


Tags: ,

Posted in: Random, Rant


The USB stick that thinks it’s a keyboard

Tuesday, December 4th, 2012


To Covent Garden, where James Lyne – director of technology strategy at Sophos – has been presenting a review of the security landscape during 2012, and a look forward to next year’s threats. The review is an annual event, and always entertaining thanks to Lyne’s bona fide geek credentials: this year’s talk included references to Anonymous masks, the obligatory Gangnam Style allusion and several exhortations to “[verb] all the things”.

Predictions for 2013 include increasingly sophisticated and targeted attacks, on mobile platforms as well as PCs. No surprises there. More interestingly, Lyne also expects to see a rise in ransomware, which locks away your files and provides the decryption key only on payment of a fee. So far, malware ransoms have typically been around the £200 mark, but Lyne reckons criminals will soon start to recognise high value targets (such as company CEOs) and demand much higher fees for the return of sensitive documents. He describes this type of attack as “irreversible”, as there’s nothing third-party software can do to recover your files if they’ve been strongly encrypted: the only defence is to keep backups. You’ve been warned.

The part of the talk that particularly struck me, however, relates to the little device pictured above, which Lyne demonstrated with glee. Fully assembled, it looks just like a regular USB flash drive. Or, from the internal microSD slot, you might assume it was some sort of card reader. In fact – believe it or not – it’s a keyboard. (more…)

Tags: , , ,

Posted in: Random


How to compromise your web security in one stupid step

Tuesday, September 11th, 2012

Personal Safety Book

Opinion is divided amongst the security experts about whether you should write down passwords or not — security guru Bruce Schneier is among the write-them-down advocates.


Tags: ,

Posted in: Random


DNSChanger a “damp squib”? That’s a good thing

Tuesday, July 10th, 2012


The DNSChanger server shutdown has come and gone, and it was nothing but a “damp squib”, a doomsday that “fizzled”, and not worth the headlines comparing it to the frenzied build-up around Y2K. The Daily Mail’s talented subs managed to shove most of that sentiment into a single headline: “Malware internet meltdown a bust as feared DNS Changer virus fizzles on ‘doomsday’.”

Uh, guys? It’s good when the internet doesn’t meltdown. Doomsdays, as should be clear from the name, are bad — when they “fizzle”, we should crack open champagne, not whine.







Your email:

Your password:

remember me


Hitwise Top 10 Website 2010