It’s Friday, the sun is out (well, it was, briefly), and we’re just about ready to hit the weekend! This week we’ve had expert advice on strengthening the weak links in your supply chain, been figuring out where the next gen of skills are coming from, and sharing the lowdown from our 10k launch event with Ron Hill MBE. We’ve also got the scoop on the Linux bug that’s getting everyone’s knickers in a twist plus today’s update on the patch, and we’re letting you know that time is running out to save money on domains!
Top Tech Team
Several big tech companies in the US are presenting a united front against encryption back doors, led by Apple. In the wake of the San Bernardino attack the US government wants easier access to one of the killers’ phones by asking companies to make it easier to get into encrypted communications.
Last year David Cameron suggested a similar policy, saying that in order to fight crime and terrorism it was necessary to be able to access people’s personal communications. The argument against this – apart from the obvious issues over rights to privacy – is that it’s not possible to provide back doors for the ‘good’ guys and not the bad guys. Apple’s spearheading the campaign against weakened encryption over in the US and, as a result, is heading into legal waters with the FBI with Twitter, Google and others are standing behind it.
GCHQ admits to hacking
Privacy is the flave of the month at the moment over this side of the pond too by the looks of it, as a security tribunal has ruled that GCHQ isn’t breaking any laws when it hacks into computers and smartphones, despite privacy campaigners claiming it’s intrusive and breaks European law. For the first time, GCHQ has admitted it does spy – until now it was more of a ‘we can neither confirm nor deny these allegations’ sorta vibe – and the Home Office has drawn up a code of practice, saying it’ll address the issue in the upcoming Investigatory Powers Bill later this year.
The panel said the ruling struck a balance between the “urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression”. On the other side of the fence, Privacy International has said that it is not only undemocratic, “[i]t is akin to unlocking a person’s window without their knowledge and leaving it open for any attacker – whether GCHQ, another country’s intelligence agency or a cybercriminal – to access.” Basically what we mentioned before about the indistinguishableness of the good/bad guys.
Talking of security issues, social engineering is the one to watch as it tops the list of the 10 most popular hacking methods. 70% of 500 security experts in a recent survey said they think insider threats are the biggest problem at the moment; the survey’s key finding was that outsiders want to wriggle on into your business with minimal effort, and insiders will often unwittingly help them do that.
It also highlighted the problem of attackers getting into a system then staying there undetected, so ensure that you’re vulnerability scanning the heck outta your system and monitoring it thoroughly.
One of the most common types of social engineering scams are phishing emails, which – as we’ve said before – much of which can be avoided with a bit of awareness, some good security practice, and a healthy dose of common sense. Coming up strong after that was ‘compromising user accounts’ (because the same password is often used for corporate and private accounts) and web-based attacks like SQL injections. The report says the findings highlight the need for companies to know what’s going down in the system in real-time, and monitor for any weird behaviour.
Jurassic Paso Park
Have a good weekend!