David Laceys IT Security Blog

February 2008

• ATM Security Weaknesses Publicised Again

  David Lacey 28 Feb 2008

I see that Cambridge University have hit the news again with claims of flaws in Chip and PIN reader technology. All commercial systems have security weaknesses. They are a compromise between cost ...

• Internet Governance

  David Lacey 27 Feb 2008

The recent case of Pakistan blocking access to YouTube underlines the need for better governance of the Internet. I’m not suggesting we should have heavy-handed, bureaucratic control. But the ...

• Cyber Warfare is This Year’s Fashion

  David Lacey 24 Feb 2008

If 2007 was the year in which the public and media became aware of the risks of large scale data breaches, then 2008 might prove to be the year that they finally grasp the dangers posed by cyber ...

• The Future is not all Doom and Gloom

  David Lacey 23 Feb 2008

I’m regularly accused of being a prophet of doom because I forecast back in 1999 that the average risk profile would climb to a dangerous level by around 2006. That was my suggested starting date ...

• White Hat Worms

  David Lacey 20 Feb 2008

Microsoft researchers at Cambridge are on the back foot after publicizing details of research into Sampling Strategies for Epidemic-Style Information Dissemination. This rather technical piece of ...

• The Grand Challenge of Securing Cyberspace

  David Lacey 17 Feb 2008

A National Academy of Engineering committee, including technologists such as Google’s Larry Page, have drawn up a list of Grand Challenges for Engineering . One of the fourteen challenges is that ...

• Prudent Overreaction

  David Lacey 14 Feb 2008

As Abraham Lincoln once put it, there are times when "the necessity of being ready increases". Given the relatively high threat of a terrorist incident disrupting vital energy supplies, it’s ...

• Ethical Hacking

  David Lacey 14 Feb 2008

I was surprised to read that a 16 year old teenager has achieved a qualification in ethical hacking. It’s clearly a great achievement for him. No doubt he will have a great future ahead of him. But ...

• No Hiding Place for Data Breaches

  David Lacey 11 Feb 2008

A colleague recently pointed me The Breach Blog, a useful site that collects reports of data breaches. It’s fascinating to browse through the category archives and see just how many household names ...

• Measuring Security Progress in an Uncertain World

  David Lacey 11 Feb 2008

One feature of the Information Age that I find fascinating is how fast we are able to adjust to wild swings in levels of activity. We take huge falls in stock market capitalization levels in our ...

• The Importance of Email Disclaimers

  David Lacey 08 Feb 2008

CSO's web site has a blog posting about an alleged accidental data leakage via a misdirected email from a lawyer to a news reporter. Nothing exceptional about that. It's the sort of cock-up that ...

• The Name of the IT Security Game

  David Lacey 07 Feb 2008

The title of the IT Security function is a hot topic this year, as organisations contemplate possibilities for mergers to enable headcount reductions. With whom to merge, and what to call the new ...

• The Evolving Role of Managed Security Services

  David Lacey 04 Feb 2008

Last Thursday I was speaking on the future of security at an excellent seminar organised by Maxima, a fast-growing UK vendor of systems integration and managed IT services. Last year they acquired ...

• Who Needs Network Security?

  David Lacey 02 Feb 2008

De-perimeterisation is a reality. "You've already been de-perimeterised" as we say in the Jericho Forum. But reports of the death of Network Security have been exaggerated. Network World have just ...