Category Archives: Opinion

Identity Theft

They say that imitation is the sincerest form of flattery.  Well, I’d say that identity theft is taking that a step too far.  The urge to masquerade as someone else may have deep roots in the human psyche but as usual the ‘bad guys’ have put a more sinister spin on things and are only too ready to exploit an alter-ego given half a chance.  Bogus passports, fraudulent bank loans, even online relationships, are all the province of those hiding behind the ‘front’ that the anonymity of the internet can purvey. For charities dealing with the most human of interactions, taking their operations online is a challenge in establishing not … Continue reading

Posted in Opinion | Comments Off on Identity Theft

User Access

Back in the day it was the practice of system administrators to grant every new user account supervisor rights.  That way they could guarantee that it wasn’t the network or these new fangled file permissions that was causing the software application to fail.  The diligent administrators would carefully allocate time to go back and work with the developers to remove layers of access from said user accounts until the application would work without the user being burdened with an account that could wreak as much havoc across the network as an untrained sysadmin. Those days, or to be more accurate, that attitude, is still apparent in many organisations.  Giving ‘admin … Continue reading

Posted in Opinion | Comments Off on User Access

Socially Engineered?

What’s the easiest way to get someone’s password?  Hack their PC? Exfiltrate the user database? Nope, much easier.  Just ask them. No matter how many times tech support staff are told never to ask for a user’s password, it still happens.  It’s like no-one can help themselves and the ability to masquerade as an unsuspecting user is the divine right of service desk analysts everywhere.  It’s not that it’s a cardinal sin (although certainly very bad practice and an indication of lazy processes), nope, it’s more that it opens the door to what becomes ‘acceptable’. So when Mr Bad Guy phones one of your users it’s a cast iron certainty that … Continue reading

Posted in Opinion | Comments Off on Socially Engineered?

Viruses & Worms

Back in the bad old days the infosec pro would be facing adversaries who would attempt to disrupt and destroy our systems and our data buy writing malicious code in the shape of viruses and worms.  There’s a distinct difference between the two that’s worth understanding if only because one of them needs the complicit assistance of our other arch-enemy, the user.  It might be fair to say that double-clicking an attachment in an email needs to be classified as the eighth deadly sin.  It’s been popular to assume that viruses are dead, and that the majority of damage to data occurs from deliberate hacks. So antivirus software likewise is … Continue reading

Posted in Opinion | Comments Off on Viruses & Worms