Discussion

Vendor trust and the Internet of Things

We recently discussed the potential security and privacy issues surrounding the Internet of Things (IoT)  – the rapidly growing network of “smart” devices we use that are connected via the Internet. Unfortunately, security and privacy are not necessarily high priorities for many technology companies. They are in a race to develop features that will establish their […]

By |April 19th, 2016|Blogs, Discussion|Comments Off on Vendor trust and the Internet of Things

Security and the Internet of Things

The Internet of Things (IoT) is a term meaning the network of physical things that collect and exchange data – a network of “smart” devices connected by the Internet.

If you live in a country that uses central heating systems and you recently installed a boiler, you might be part of the IoT – you […]

By |March 29th, 2016|Blogs, Discussion|Comments Off on Security and the Internet of Things

UK snoopers’ charter debated

The UK’s parliament is currently debating the Investigatory Powers bill, known as the snoopers’ charter. This is its second reading – if it passes the vote it will proceed to committee stage. A good rolling commentary can be found here.

We’ve already discussed the flaws of the bill here, here and most recently here, particularly […]

By |March 16th, 2016|Blogs, Discussion|Comments Off on UK snoopers’ charter debated

DROWN vs POODLE

Lately, the DROWN SSL vulnerability has been in the news. It brings to mind 2014’s POODLE vulnerability, which has some similarities.

Both are issues with obsolete SSL versions. When they connect, many SSL/TLS clients will try the highest version they support, say TLS 1.2. If the handshake (the connection establishment process) fails, the client tries lower versions in […]

By |March 9th, 2016|Blogs, Discussion|Comments Off on DROWN vs POODLE

SSL DROWN attack

There’s a new SSL/TLS attack called DROWN (Decrypting RSA with Obsolete and Weakened eNcryption).  It’s not quite as bad as Heartbleed, but it potentially affects a significant percentage of HTTP servers (33%!), as well as mail servers and anything else using SSL.

The vulnerability is in the obsolete SSL 2.0 protocol – fortunately not supported by our server, CompleteFTP, which […]

By |March 4th, 2016|Announcements, Blogs, Discussion|Comments Off on SSL DROWN attack

Snooper’s charter in parliament

On 1 March, the UK’s Investigatory Powers Bill (or snooper’s charter) was introduced to the House of Commons. It will go through the normal parliamentary processes for a bill, and the government hopes to have the legislation finalised by December 2016.

This is astonishingly fast when just three weeks ago, the latest committee to report on the draft […]

By |March 4th, 2016|Blogs, Discussion|Comments Off on Snooper’s charter in parliament

Apple vs the FBI – latest

Apple is currently battling the FBI, who wants to force Apple to create a version of iOS that enables it to unlock a domestic terrorist’s iPhone.

But this isn’t the only case Apple is fighting regarding the unlocking of iPhones. The DEA went to court to force Apple to unlock an iPhone involved in a drug case, and just lost. Again, the […]

By |March 2nd, 2016|Blogs, Discussion|Comments Off on Apple vs the FBI – latest

Update on Apple vs the FBI

We wrote recently that Apple has refused the FBI’s request to create a new version of the iPhone’s operating system. The FBI wants a version of iOS that will allow the FBI to unlock the iPhone belonging to one of the San Bernardino shooters. They explain why here and here.

When the FBI obtained a court order, […]

By |February 27th, 2016|Blogs, Discussion|Comments Off on Update on Apple vs the FBI

Update on proposed UK “snooper’s charter”

Last year we looked at the United Kingdom’s draft Investigatory Powers Bill (known as the snooper’s charter”), and criticized the requirement for vendors to install “back doors” into their software that governments could access to decrypt user data.

This would be costly for vendors to maintain, result in a significant security vulnerability, and drive users to […]

By |February 17th, 2016|Blogs, Discussion|Comments Off on Update on proposed UK “snooper’s charter”

What is blockchain technology?

Blockchain technology is starting to get attention in banking circles, as its tremendous potential for banking transactions becomes apparent. It was invented by Satoshi Nakamoto (a nom de plume – his or her identity is unknown!) as the key technology comprising the Bitcoin crypto-currency system, first detailed here.

What is a blockchain? Put simply, it is a distributed ledger of transactions. Multiple copies exist at […]

By |February 10th, 2016|Blogs, Discussion|Comments Off on What is blockchain technology?