CESG Certified Professionals
CESG Certified Cyber-Security Consultancy
Company InformationCompany profile
Certifications and qualifications
News and comment <
Why choose BladeSec IA?
Products and ServicesTypical work
Terms and conditions
Latest News & Comment
Comment: 2017/08/25 - Going dark....
Whilst many readers of this weblog think it happens more often than it does, we will be going dark for most of September and possibly part of October.
Starting with a visit to the Home Office on the 8TH of September and subsequent citation to court (for the prosecution, ahem!), passing comment on information assurance is unlikely to be something at the top of my agenda. Hence, this site might not be updated until week beginning the 16TH of October.
Normal service for existing customers will not be affected.
Comment: 2017/08/24 - Dundee City Council worker convicted of fraud.
In discussions with the National Cyber Security Centre regarding the same project, they agree with our assessment:-
Let's just say that the staff at BladeSec IA are all of a certain age. It's that age where Planet Rock never plays a song that isn't recognised and doesn't recall a story or situation.
Oddly, it stopped working this morning, and on further investigation, it turned out that despite our IP geolocation being set to Alloa, the CDN thought that we were outside of the UK and so it asked for a post code. Ignoring the fact that this can easily be faked, we put in the post code for the security cartshed, and the music started again.
About an hour later, I suddenly realised that I was listening to an advert about Childrens Panels in Scotland. Something that would have been entirely irrelevant to England and Wales.
Was Planet Rock serving up adverts based on my post code? Possibly....
On a similar note, STV Player clearly - and very annoyingly - serves up a different spread of adverts than on live TV. Those adverts seem to come from a much smaller pot, and so James Cosmo offering financial advice from his RBS benefactors is getting to the stage of being filtered out.
Comment: 2017/08/19 - Barcelona.
I woke up to news that about a dozen people were dead and dozens more injured. To me, it demonstrates how much Daesh are on the back foot that they have to resort to taking responsibility, for what appears to be an attack in their name rather than planned by them.
Once again, the fashion conscious driver was wearing a fake bomb belt. The press are reporting this as a deliberate ruse to dissuade armed responders from shooting them. Having previously worked alongside such a team, I should perhaps enlighten potential terrorists.
It doesn’t work. You’ll simply get shot in the head and generally, your closest relatives will be unable to identify you facially afterwards.
Think on that.
We are not afraid.
Comment: 2017/08/15 - The Scottish Government under brute force digital attack.
News: 2017/08/11 - Scottish IISP Branch Meeting - The Annual Hallowe'en Special.
Needless to say, it's so early, we don't know quite what format it's going to take this year, but undoubtedly it'll be the usual jolly japes and high jinks.
Register or see more information as it's added here.
Comment: 2017/08/04 - Marcus Hutchins (AKA MalwareTech) arrested at Black Hat.
Comment: 2017/06/26 - Parliament under sustained digital attack.
Comment: 2017/06/24 - Parliamentarians logins up for sale.
Comment: 2017/06/21 - IASME Hacked?
If it's true, it's really not a good advert is it?
BladeSec IA will shortly be renewing our Cyber Essential's certification, but it's unlikely to be with IASME.
Comment: 2017/06/20 - Finsbury Park Mosque.
I had a friend that was married at Finsbury Park Mosque. The celebration - held at London Zoo - immediately afterwards was one of the most multi-cultural events that I had ever attended. I was very proud to see my friend and his fiancé married that day. My wife and I were accepted warmly by the Asian families that day.
Jump forward to the present day, and this latest attack shows a complete ignorance of the interfaith work of the Mosque and the tolerance of Islam.
We are not afraid.
Comment: 2017/06/05 - London Bridge and Borough Market incidents.
It was bad enough to target children in Manchester, but the three individuals responsible for the latest incident decided to wear fake bomb vests. They wanted the image without the effort. Since when did "terrorism" become a pathetic fashion statement?
The police responded, "robustly". Eight minutes after the first 999 call, the three perpetrators had been killed in a hail of fifty rounds.
Seven people died that night at the hands of three idiots that should have been at home breaking their Ramadan fast with their friends and families – had they been true Muslims. Instead they pretended to be freedom fighters and stole the lives and futures of seven innocent people.
We’re still not afraid….
Comment: 2017/06/02 - Not quite an at risk period.
We don't expect there to be any customer facing technical issues (and indeed, the new FTTC DSL is already in and functioning), but we thought we'd better mention the office move. Customers will receive notification of the new address and contact details shortly, if they haven't already been told.
Comment: 2017/06/01 - Edinburgh University E-mails.
Busy week this week!
Comment: 2017/05/31 - Another blow for the US Intelligence community.
Comment: 2017/05/28 - End of at risk period.
The Register has an interesting discussion on the Investigatory Powers Act 20116.
Comment: 2017/05/26 - At risk period.
Comment: 2017/05/25 - The "Judy" malware.
Comment: 2017/05/23 - Manchester.
At the point Daesh thinks that it is acceptable to raise it's strategy of horror by attacking a concert by a singer that appeals to young girls, it shows that it's already lost. The forbearance exhibited by people all over the world, in the face of Daesh attacks will not change.
We are not afraid....
Comment: 2017/05/15 - IISP social and networking evening - Edinburgh, Scotland.
Comment: 2017/05/15 07:40 - WannaCry Ransomware Worm - Update 6.
This was an entirely predictable situation that was beaten by the number of security professionals (on CiSP and other places) working together, over a weekend to limit the impact.
Guess something else.... it'll happen again. Anything that is man-made has minute flaws that show it's hand crafted nature. Anything that's man-made is exploitable. It's about staying one step ahead of the bad guys - and sometimes we get it wrong. And sometimes those that should be protecting us get it wrong.
Comment: 2017/05/14 15:40 - WannaCry Ransomware Worm - Update 5.
Comment: 2017/05/14 12:40 - WannaCry Ransomware Worm - Update 4.
The fact is that MS produced a patch in March. The issue that many organisations haven't rolled it despite being halfway through May isn't entirely unreasonable. Every organisation has complexities, nuances and issues.
Comment: 2017/05/13 09:30 - WannaCry Ransomware Worm - Update 3.
Comment: 2017/05/12 23:30 - WannaCry Ransomware Worm - Update 2.
The code for the worm is not well written. It's using a zero-day disclosed by the ShadowBrokers as part of the alleged NSA stockpile. It's been written quickly and badly. The infections that we're seeing now could simply be devices who for one reason or another have been unable to see the sinkhole.
Was this designed to specifically take out the NHS on a Friday afternoon? Unlikely, as Spain (and specifically Telefonica) was the first to report but this looks like it is going to get much aworse before it gets better.
The great thing about the NHS is that they care less about confidentiality than integrity or availability. Encrypting files suggests that the data hasn't been stolen, but it's hitting availability harder than anything.
Comment: 2017/05/12 21:40 - WannaCry Ransomware Worm - Update 1.
Comment: 2017/05/12 20:40 - WannaCry Ransomware Worm.
There's some good analysis here.
At the minute, it's unclear whether the initial delivery is by brute forcing an RDP session or a compromised Office or PDF document.
Comment: 2017/05/12 - Malware.
Off to investigate.
Comment: 2017/05/03 - IISP social and networking evening - Edinburgh, Scotland.
The registration for members is live. Non-members will have to wait until the 15TH of May to register. Please note that this event will be held on a Tuesday rather than a Wednesday. We're inhabiting the downstairs room of The Mad Hatter, near Haymarket.
More information is at the usual place.
Comment: 2017/05/03 - Google Docs Attack.
Comment: 2017/04/29 - ICO Fines.
Comment: 2017/03/23 - Westminster, London.
This doesn't help those that were caught up in yesterday's tragic events and our deepest sympathies go out to their families.
At this dark time, remember one thing: In the moments after the attack, dozens of people ran in to help strangers with no thought for themselves. On the other hand, it was a single, sad, lonely individual who tried to break our spirit.
We are not afraid....
Comment: 2017/02/23 - IISP Personal Development and CCP Briefing - Edinburgh, Scotland.
An exceptionally strong team of speakers were fielded on a variety of topics. The first speaker is well known to the IISP community, Marie H-W, the accreditation manager, spoke about the Institute and CCP in general as well as some of the activities that the members never get to hear about. NCSC spoke next about the value of CCP, it’s future and how it will develop. Changes in the IISP Skills Framework and the Knowledge Framework fell to Pete F to discuss.
Following coffee, the topics became slightly more generalised including insights into securing agile developments from Paul C of the Scottish Government and the magnitude of cybercrime from Eamonn K of Police Scotland.
The briefing was exceptionally well attended, with little room for the guests from the Intelligence Corps who also attended. The afternoon ended with the distribution of packets of shortbread and bottles of whisky to the speakers. It was just a shame that the majority of them were flying, and had no hold luggage. This meant that the whisky could only come in one size – miniature!
The feedback has been universally positive and there has been some talk of repeating it again next year. Perhaps when the Scottish Chair has recovered!
Comment: 2017/02/08 - IISP Personal Development and CCP Briefing - Edinburgh, Scotland.
Whilst the venue and the identity of the presenters currently remain under embargo, if you hold the CESG Certified Professional qualification, we know that you will want to attend, with representatives from NCSC and the IISP coming to speak about the future of the qualification.
Other speakers include representatives from Police Scotland, the Intelligence Corps along with one or two surprises. We hope to participate in one or two shenanigans too - all of which will provide delegates with CPD points!
Due to the anticipated high demand for the event, this is open to IISP members only.
Please register at the usual place.
Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones.
On a completely unrelated note, this is a fascinating read.
Comment: 2017/02/06 - Data held by US companies.
Comment: 2017/02/04 - Interesting analysis of FaceBook's collection of data.
Comment: 2017/02/03 - Protecting information across government.
There are a variety of different ways of reading it - depending on your own views.
When does the revolution start?
In a slightly unrelated note. I found this very funny.
Comment: 2017/01/01 - Privacy Sheild Vs POTUS.
One good, legal view is here.
Comment: 2017/01/31 - Another physical cyber-attack.
News: 2017/01/27 - Digital Marketplace.
Director, Owen Birnie said, "With the demise of the CLAS Scheme and the slow uptake of the replacement CESG Certified Cyber Security Consultancy, we were always keen to get more cost-effective ways to market. The Digital Outcomes and Specialists Framework appears to meet this requirement and will allow our public sector customers an efficient method to engage with us."
More information on the framework is available here.
Comment: 2017/01/26 - Unsecure Android and the American President.
A more down to earth analysis from Bruce Schneier.
(*)POTUS - The President of the United States in Twitteresque.
Comment: 2017/01/20 - The end of the PSN.
So in the medium term, all the segregation that (particularly) local authorities undertook to keep the PSN away from schools, social workers and (a long time ago) courts can be undone. What about those organisations who provide PSN services? They’ll have to architect yet another new network topology to get the benefits? What if they’ve hardcoded in PSN IP addresses.
Whilst most will welcome the end of the PSN, untangling the knots of years of GSI, GCF and PSN compliance won’t be easy.
And on the other side: What about those poor security people who’s only hope of getting any investment was when they said, "We need it for the PSN otherwise we won’t be approved". Will this lead towards a general weakening of defences in the public sector who are already struggling to maintain budget approval?
Perhaps another double edged sword?
Comment: 2017/01/19 - Cybercrime figures in England and Wales.
Comment: 2017/01/18 - Detecting Android malware.
This is a good piece on why it's not.
Comment: 2017/01/03 - Never under estimate the powers of large numbers of stupid people.
We would never call our customers stupid, but in the last three years, whilst on engagements, we had note to highlight to the BladeSec IA management team, three occurrences where we’ve had to seek advice on how to proceed.
The first was during a procurement where we were asked "just for a quote with a number of days and a cost". We provided a bit more than that (taking two days to generate the proper proposal for the work), and yet we failed to get the job because the preferred bidder had some obscure qualification that was irrelevant for the job and wasn't listed under the evaluation criteria. Had we known it was required, we could have addressed it, but it was not asked for and just demonstrated that the procurement exercise was a fit up. If the individual had been honest, we would have been happy to provide a short-form quote. That way, they could fulfil their "three competitive quotes" criteria. It would have saved us two days of work too.
The second (and indeed third) was a MoD contractor who asked for a pre-sales meeting to discuss how to accredit a cloud solution for a military system. It’s something that we’re familiar with, and so we met, had coffee (which we paid for), gave them some advice, highlighting the benefits that engaging with BladeSec IA could bring to the whole scenario. Two weeks later we received an e-mail from their legal department asking us for details of our indemnity insurance – despite the fact that there was no contract.
Apparently, the individual concerned had gone back to their boss, and cited our advice as gospel. As part of a data transfer (something that we’d never discussed!) to the cloud there was a small data loss. The individual then tried to blame us as we had failed to disclose this requirement. Whilst not wishing to alienate anybody, that took a few meetings to sort out – and I’m pleased to say that they agreed that liability did not rest with us.
So that was the second stupid individual. The third instance was when he phoned asking for another pre-sales to discuss a "big contract". I don’t often hang up on potential sales calls, but I did that day.
No customers were harmed in the writing of that statement!
Comment: 2017/01/01 - Happy New Year!
That means that it’s time for our irreverent look at the last twelve months:-