April 2011 Archives

Secure Systems Development Conference - A Must See!

| No Comments | No TrackBacks
| More
On Thursday 19th May 2011 I will be speaking at The 2nd International Secure Systems Development Conference in London on the subject of smartphone security, entitled "I own your smart phone (and of course your private life and your business life)"

But why is code security so important?

The use of complex software is now part of daily business life. Unfortunately cyber criminals are taking advantage of this to spread malware and to attack systems with the aim of stealing information, money and intellectual property.

Information security specialists have been relatively successful in protecting networks and data systems from these cyber criminals but, to date, computer software has been an Achilles heel, open to attacks that take advantage of bugs and errors in computer code. Once a security bug is found it can be abused by cyber criminals whilst a business, in many cases, remains blissfully unaware that they are under attack.

Computer software must therefore be checked for security related bugs--a process that has historically been very manually intensive and expensive, with limited scalability and needing access to the underlying source code.

It's a software developer's job to write application code that satisfies customer requirements and meets business objectives. This code needs to be functional, usable, reliable and with acceptable performance and supportability. As the modern world relies on software to function, teams of developers must do their best to churn out millions of lines of code under huge pressure to satisfy customer demand. 

With looming deadlines and the need to do yet more work developers, in the past, had little time to ensure their code was free from bugs or errors that opened security holes in the application. Fortunately, as many applications ran within a client server network, relatively isolated from the outside world, this approach was normally successful.

Then along came the Internet, the World Wide Web and the subsequent massive growth in handheld devices that exposed what would be normally closed applications to millions of anonymous users. Combine this with the recent introduction of organised cyber criminals continuously looking for new ways of committing crime, and the computer security ground rules have been rewritten forever.

Against this background we have seen a huge move towards componentised code, and the reuse of code libraries and functions that had been developed in house, purchased or borrowed from other developers. As customers have looked to slim down their costs, the use of commercial and open sourced software grew. Outsourced software development has seen projects sent across the other side of the world to be written by developers they have never met in a country they may never have visited. So not only do developers need to worry about security defects in the code they write, but also in the code they reuse.

This perfect storm raises huge concerns in the minds of information security professionals who are trying to get a grip on the scale and diversity of software entering their organisations.
On the other hand we need to consider the developers. The sheer volume of potential security flaws and new and emerging threats can be overwhelming to a developer under pressure to roll out yet another new feature.

Software development managers and information security professionals need to act now to address the security of the software they write, purchase or co-opt into their solutions.

I recommend this event for both security professionals and developers alike.

Nigel Stanley
Practice Leader - Security
Bloor Research

BBC Interviews Nigel Stanley on Phone Hacking

| No Comments | No TrackBacks
| More
Another phone hacking story went live last week here  This was a package we had recorded a couple of weeks ago and it was scheduled for release during InfoSec 2011 week - as if that week wasn't going to be busy enough!

The video demonstrates just how straightforward and achievable GSM cell phone/mobile phone interception can be, given enough time and some smart folks.

Hopefully people will now believe me when I say that voice data protection needs to be seriously considered!

Nigel Stanley
Practice Leader - Security
Bloor Research

BBC Story on Bloor Research into Jihadists use of Smartphones

| No Comments | No TrackBacks
| More
An interesting story from the BBC based on some research I have been doing with Nico Prucha based at the University of Vienna.

We found jihadists were compiling packages of information designed to be received on smartphones. They contained copies of videos, songs, speeches and images that followers are encouraged to pass on. Some were using Bluetooth short-range radio technology to anonymously spread information to potential supporters, and there are further implications for mobile phone security following the commoditisation of tools and techniques.

Nigel Stanley
Practice Leader - Security
Bloor Research

Mobile Phone Hacking at Counter Terrorism Expo, London, April 2011

| No Comments | No TrackBacks
| More

This year's Counter Terrorism Conference (London, 19th - 20th April 2011, ) looks set to be one of the largest CT events ever.

We need to keep up with new threats and challenges, and I have been asked to speak at the conference on cell/mobile phone security. My session is called "Cell Phone Hacking - The Terrorist's Latest Playground" and is scheduled for 1100hrs - 1120hrs on Wednesday 20th April. It will be based on research I have been conducting into the jihadist use of mobile phones to spread propaganda against a background of commoditised hacking against the GSM mobile phone network.

In addition to speaking at the conference I will be spending time at the Morrigan Partners stand (P44) discussing the issues that GSM hacking is presenting to businesses and organisations. I will be at the stand from 1430hrs - 1530hrs on Tuesday 19th April and 1200hrs - 1300hrs and 1430hrs - 1530hrs on Wednesday 20th April.

If you are interested in the problem of cell/mobile phone hacking come along and have a chat at these times. I'd be happy to speak about more research I am doing and ways in which you can protect your data, systems and users from such attacks by terrorists and criminals alike.

Nigel Stanley
Practice Leader - Security
Bloor Research

About this Entry

This page contains a single entry by Nigel Stanley published on March 9, 2011 4:53 PM.

DDoS attacks: coming to a network near you was the previous entry in this blog.

Mobile Phone Hacking at Counter Terrorism Expo, London, April 2011 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

-- Advertisement --