Latest Feature Articles News

Human behaviour experts to study human vulnerabilities in security systems
posted on 20/02/2007

A team of globally renowned security and human behaviour experts has been awarded a contract to study human vulnerabilities in security systems by the UK Government-funded Cyber Security Knowledge Transfer Network (KTN). The winning consortium includes leading academic researchers with expertise in psychology, criminology, computing, management and marketing, and security practitioners from some of the UK's leading companies. The study reflects concern that more needs to be done to help organisations and individual users of cyber space protect themselves and the UK's critical infrastructure from the increase in cyber attacks and organised e-crime. Criminals and hackers frequently dupe users into releasing sensitive and valuable information or introducing viruses onto their computers and associated networks, often employing sophisticated social engineering techniques to exploit these human weaknesses. The winning team will outline best practice and make recommendations as to how ... [more]

Bugged by Spyware?
posted on 11/11/2003

Do you know what your company's computers are doing right now? Sure, they're being used to run your business. But what else are they up to behind your back? Are there any other programs running silently in the background, monitoring employee activity and sending confidential information about your company back to other organisations? Unbelievable though it may sound, there's a pretty good chance that this is indeed the case in your company. According to a recent survey conducted by UK-based security consultancy PanSec, more than 90% of all company PCs are infected with so-called "spyware". This is the term given to software that gets installed without the user's permission and which covertly gathers and transmits data about the usage of the machine. A report by IT market analysts The Aberdeen Group claims that there are more than 7,000 spyware programs in existence right now, running on millions of corporate and personal computers. No computer that's linked... [more]

Web Application Hacking: Exposing Your Backend
posted on 07/11/2003

We used to have simple web sites. The web server sent HTML to the browser which displayed it. This was a “brochureware” site; designed for marketing or advertising. There was no business data anywhere near the web site. Now we no longer have web sites, we have web applications; and soon, web services. Web applications reside on multiple systems in distributed architectures, using sophisticated programming languages. Corporate and customer data has been moved to the computing edge. The edge has been extended to mobile phones, PDAs, mobile sales force systems, inventory management systems, etc. Web applications invite public access to an organisation’s most sensitive data. Customer information, transaction information and even proprietary corporate data can be accessed through web applications. Access to the application must be allowed by firewalls and access control lists, otherwise the application won’t work. This inherent trust is precisely what hackers attempt to exploit. We s... [more]

New Encryption Technology Opens Up New Business Opportunities in Finance
posted on 03/11/2003

Historically, encryption technology has been seen as too cumbersome, complicated and expensive for organisation to invest in, with too little return. Within the financial services sector, this lack of usability has meant that the Internet has not been fully exploited as a communications channel between the various stakeholders, whether customers, partners or suppliers. This article examines the reasons for the slow take-up of encryption technology and will endeavour to dispel the myth that it can be expensive and complicated to implement, so encouraging the case for an accelerated take-up in the near future. We also discuss the means by which encrypted email can be scanned and accommodated within a policy-based content security system cost effectively. There are obvious costs savings to be enjoyed if financial service companies can communicate securely with their customers over email. However, confidentiality is imperative in financial transactions. Improving email security technol... [more]

Spoofed Identities: Virus, spam or Scam?
posted on 21/10/2003

Identification is becoming increasingly problematic in the halls of smoke and mirrors we call ‘cyberspace’. The identity question raises its head in the context of the origin of mass-mailing viruses and worms; the relentless avalanche of spam; electronic identity theft; Internet fraud and cybersquatters. How do we recognise and respond to email address spoofing? How should we react to the evil spammer? Why must we remain vigilant in defence of our financial details and what is our recourse in the event of identity theft and fraud? How we choose to resolve these issues could determine our future freedom of use of the Internet, and a clearer understanding should allow us to navigate safely some potentially hazardous waters ahead. Where did this virus come from? Faked Sender addresses are not a new phenomenon, but over the last six months this characteristic seems to have become the norm. Of the last six worms to have appeared in significant numbers on the scene recently all spoof the... [more]

Other Security news and resources