BladeSec Logo

Introduction

CLAS Consultancy
CESG Certified Professionals
CESG Certified Cyber-Security Consultancy

Company Information

Company Profile
Certifications & Qualifications
News & Comment
Why Choose BladeSec?
References

Products and Services

Typical Work
Specific Highlights

Website

Contact Us
Terms & Conditions
Privacy Statement
 

Latest News & Comment

Comment: 2017/06/26 - Parliament under sustained digital attack.
Further to the news reports from Saturday, we have now learned that "up to 90 e-mail accounts were compromised on Friday". The Parliament issues this statement.

Comment: 2017/06/24 - Parliamentarians logins up for sale.
The Times are reporting that Russian hackers are trading the login credentials for MPs, civil servants and police.

Comment: 2017/06/21 - IASME Hacked?
El Reg is suggesting that the Pervade Software platform used by IASME for the Cyber Essentials scheme has been hacked. We've not been told, and there's precious little in the press. There's nothing on the IASME web page or Twitter page.

If it's true, it's really not a good advert is it?

BladeSec IA will shortly be renewing our Cyber Essential's certification, but it's unlikely to be with IASME.

Comment: 2017/06/20 - Finsbury Park Mosque.
Once again, the UK has woken up to details of another terrorist attack. This time, a van was driven into people walking near Finsbury Park Mosque after tarawih prayers.

I had a friend that was married at Finsbury Park Mosque. The celebration - held at London Zoo - immediately afterwards was one of the most multi-cultural events that I had ever attended. I was very proud to see my friend and his fiancé married that day. My wife and I were accepted warmly by the Asian families that day.

Jump forward to the present day, and this latest attack shows a complete ignorance of the interfaith work of the Mosque and the tolerance of Islam.

We are not afraid.

Comment: 2017/06/05 - London Bridge and Borough Market incidents.
It's been some time since the UK faced a similar period such as now. In those times, it might have been Irish-related terrorism that was the main harbinger of horror, but events over the weekend show a different side to current times.

It was bad enough to target children in Manchester, but the three individuals responsible for the latest incident decided to wear fake bomb vests. They wanted the image without the effort. Since when did "terrorism" become a pathetic fashion statement?

The police responded, "robustly". Eight minutes after the first 999 call, the three perpetrators had been killed in a hail of fifty rounds.

Seven people died that night at the hands of three idiots that should have been at home breaking their Ramadan fast with their friends and families – had they been true Muslims. Instead they pretended to be freedom fighters and stole the lives and futures of seven innocent people.

We’re still not afraid….

Comment: 2017/06/02 - Not quite an at risk period.
This weekend sees our office move to a historic part of Dollar. We're doing this to get better access to Glasgow and Edinburgh.

We don't expect there to be any customer facing technical issues (and indeed, the new FTTC DSL is already in and functioning), but we thought we'd better mention the office move. Customers will receive notification of the new address and contact details shortly, if they haven't already been told.

Comment: 2017/06/01 - Edinburgh University E-mails.
This would be quite funny if it wasn't so serious. Something about the response doesn't add up. A system error that ties up the registration for a graduation ceremony with the number of credits a student has attained. It's been a while since I worked in tertiary education, but that seems to be in breach of my "just because we can, doesn't mean to say we should" rule.

Busy week this week!

Comment: 2017/05/31 - Another blow for the US Intelligence community.
Something about this doesn't feel quite right. But hey ho. Cloud's great isn't it?

Comment: 2017/05/28 - End of at risk period.
The migration to G Suite went okay. There's some "nuances" that we're still working out, but normal service has been restored.

The Register has an interesting discussion on the Investigatory Powers Act 20116.

Comment: 2017/05/26 - At risk period.
This weekend, ahead of our office move next weekend, we're migrating our e-mail to some new cloud technology (Why is IMAP functionality in Outlook 2013 so rubbish?). For that reason, we are declaring this an "at risk period". It is feasible that for the next 48 hours, e-mails to the bladesec.net domain may bounce. Customers on 24x7 contracts should use the secondary communication channel as the primary until 08:00 on Monday the 28TH.

Comment: 2017/05/25 - The "Judy" malware.
Check Point have released an advisory and analysis of a recently discovered form of Android malware. The interesting thing is that this appears to have gone unnoticed on Google Play Store since 2016.

Comment: 2017/05/23 - Manchester.
Once again, the UK went to bed, or woke up to news of a horrific terrorist attack at an Ariana Grande concert at the Manchester Arena.

At the point Daesh thinks that it is acceptable to raise it's strategy of horror by attacking a concert by a singer that appeals to young girls, it shows that it's already lost. The forbearance exhibited by people all over the world, in the face of Daesh attacks will not change.

We are not afraid....

Comment: 2017/05/15 - IISP social and networking evening - Edinburgh, Scotland.
Open for registration from non-members at our new Edinburgh venue!

Comment: 2017/05/15 07:40 - WannaCry Ransomware Worm - Update 6.
Piers Morgan has responded in a particularly narrow minded manner. He has no concept how complex computer networks are, and the political intricacies of the situation. Undoubtedly, he'd be the first to cry foul if he discovered that there is more spent on IT in the NHS than on cancer care. Guess what? This is not black and white.

This was an entirely predictable situation that was beaten by the number of security professionals (on CiSP and other places) working together, over a weekend to limit the impact.

Guess something else.... it'll happen again. Anything that is man-made has minute flaws that show it's hand crafted nature. Anything that's man-made is exploitable. It's about staying one step ahead of the bad guys - and sometimes we get it wrong. And sometimes those that should be protecting us get it wrong.

Comment: 2017/05/14 15:40 - WannaCry Ransomware Worm - Update 5.
Well done to the security researcher / idiot who simply hex-edited the file to produce a new variation. It's not in the wild, but its on VirusTotal.

Comment: 2017/05/14 12:40 - WannaCry Ransomware Worm - Update 4.
Most of the press that I've seen are reporting this wrong. This is not entirely as a result of using Windows XP. This is as a result of the NSA stockpiling vulnerabilities, and then not keeping them secure. They get stolen and the resulting vulnerabilities are weaponised.

The fact is that MS produced a patch in March. The issue that many organisations haven't rolled it despite being halfway through May isn't entirely unreasonable. Every organisation has complexities, nuances and issues.

Comment: 2017/05/13 09:30 - WannaCry Ransomware Worm - Update 3.
Microsoft have released a patch for Windows XP. This is unprecedented.

Comment: 2017/05/12 23:30 - WannaCry Ransomware Worm - Update 2.
A security researcher has declared that it has a kill switch sinkhole domain. I'm not going to list the domain as it's compromised, but this doesn't read like a kill switch. It's a "go-switch".

The code for the worm is not well written. It's using a zero-day disclosed by the ShadowBrokers as part of the alleged NSA stockpile. It's been written quickly and badly. The infections that we're seeing now could simply be devices who for one reason or another have been unable to see the sinkhole.

Was this designed to specifically take out the NHS on a Friday afternoon? Unlikely, as Spain (and specifically Telefonica) was the first to report but this looks like it is going to get much aworse before it gets better.

The great thing about the NHS is that they care less about confidentiality than integrity or availability. Encrypting files suggests that the data hasn't been stolen, but it's hitting availability harder than anything.

Comment: 2017/05/12 21:40 - WannaCry Ransomware Worm - Update 1.
More analysis suggests this is spreading through open SAMBA shares virulently. There is speculation that this is caused by individuals using unprotected public access WiFi spots and then bringing their laptops back inside the corporate network.

Comment: 2017/05/12 20:40 - WannaCry Ransomware Worm.
So this is bad. Short answer: Install the patch for MS17-10 and disable SMB v1. Block the SMB ports (TCP 139, 445 and UDP 137, 138) on security enforcing infrastructure. Do not present a SAMBA share to the internet.

There's some good analysis here.

At the minute, it's unclear whether the initial delivery is by brute forcing an RDP session or a compromised Office or PDF document.

Comment: 2017/05/12 - Malware.
I was originally going to mention the dodgy Conexant audio driver that has silently been keylogging everything on a number of HP laptops to "c:\users\public\MicTray.log". It was even mentioned on the news on Planet Rock. As I type this, the various security channels are full of material relating to a variation of WannaCry attacking the NHS.

Off to investigate.

Comment: 2017/05/03 - IISP social and networking evening - Edinburgh, Scotland.
The Scottish Branch of the IISP are delighted to announce that following a short break, we're back in Edinburgh at a new venue on the 13TH of June.

The registration for members is live. Non-members will have to wait until the 15TH of May to register. Please note that this event will be held on a Tuesday rather than a Wednesday. We're inhabiting the downstairs room of The Mad Hatter, near Haymarket.

More information is at the usual place.

Comment: 2017/05/03 - Google Docs Attack.
Google never thought to block a third party from calling their application "Google Docs". As a consequence, if you get an e-mail containing a link to a Google Doc, don't click the link. It's a very sophisticated attempt to give fraudulant access to your Google Account. There is some speculation that it's a targeted attack against journalists, however we had a number of phishing attempts here at BladeSec Towers.

Comment: 2017/04/29 - ICO Fines.
We've been working closely with NCC Pen Testers recently, who highlighted this facet of information. The gist of it is under GDPR, the fines charge to UK businesses would be 78 times as much - a total of £69 million. Ouch!

Comment: 2017/03/23 - Westminster, London.
My family and I came back from London last week. We had been down to see Loreena McKennitt at the London Palladium. I do recall, there was one point, whilst on a tube train, where it crossed my mind, what if? My internal risk assessment concluded that we had been too lucky for too long. The same risk assessment concluded that statistically, crossing the road remains far more dangerous.

This doesn't help those that were caught up in yesterday's tragic events and our deepest sympathies go out to their families.

At this dark time, remember one thing: In the moments after the attack, dozens of people ran in to help strangers with no thought for themselves. On the other hand, it was a single, sad, lonely individual who tried to break our spirit.

We are not afraid....

Comment: 2017/02/23 - IISP Personal Development and CCP Briefing - Edinburgh, Scotland.
The Scottish Branch of the IISP were delighted to hold their biggest event so far. Hosted by the 5TH Military Intelligence Battalion in Edinburgh, the personal development event incorporated the first ever CCP briefing north of the border. This was regarded as a coup by the branch chair as it was also the first since the creation of the National Cyber Security Centre.

An exceptionally strong team of speakers were fielded on a variety of topics. The first speaker is well known to the IISP community, Marie H-W, the accreditation manager, spoke about the Institute and CCP in general as well as some of the activities that the members never get to hear about. NCSC spoke next about the value of CCP, it’s future and how it will develop. Changes in the IISP Skills Framework and the Knowledge Framework fell to Pete F to discuss.

Following coffee, the topics became slightly more generalised including insights into securing agile developments from Paul C of the Scottish Government and the magnitude of cybercrime from Eamonn K of Police Scotland.

The briefing was exceptionally well attended, with little room for the guests from the Intelligence Corps who also attended. The afternoon ended with the distribution of packets of shortbread and bottles of whisky to the speakers. It was just a shame that the majority of them were flying, and had no hold luggage. This meant that the whisky could only come in one size – miniature!

The feedback has been universally positive and there has been some talk of repeating it again next year. Perhaps when the Scottish Chair has recovered!

Comment: 2017/02/08 - IISP Personal Development and CCP Briefing - Edinburgh, Scotland.
The Scottish Branch of the IISP is delighted to announce the first ever Personal Development and CCP Briefing, to be held in Edinburgh, EH7 on Wednesday, 22ND February from 14:00 until 18:00.

Whilst the venue and the identity of the presenters currently remain under embargo, if you hold the CESG Certified Professional qualification, we know that you will want to attend, with representatives from NCSC and the IISP coming to speak about the future of the qualification.

Other speakers include representatives from Police Scotland, the Intelligence Corps along with one or two surprises. We hope to participate in one or two shenanigans too - all of which will provide delegates with CPD points!

Due to the anticipated high demand for the event, this is open to IISP members only.

Please register at the usual place.

Comment: 2017/02/07 - Hacking the Cracker.
We know that in January, a hacker broke into Cellebrite's network and stole approximately 900Gb of data. Cellebrite admitted as much.

Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones.

On a completely unrelated note, this is a fascinating read.

Comment: 2017/02/06 - Data held by US companies.
A new development. And a very scarey one for out-sourcers. Google plans to appeal.

Comment: 2017/02/04 - Interesting analysis of FaceBook's collection of data.
A new article that appears to be well researched.

Comment: 2017/02/03 - Protecting information across government.
So. This is doing the rounds in the news today.

There are a variety of different ways of reading it - depending on your own views.

When does the revolution start?

In a slightly unrelated note. I found this very funny.

Comment: 2017/01/01 - Privacy Sheild Vs POTUS.
There's been some speculation that one of President Trump's Executive Orders may have significantly adversely impacted on the fairly new, Privacy Sheild.

One good, legal view is here.

Comment: 2017/01/31 - Another physical cyber-attack.
A luxury Austrian hotel has been hit by a "cyber-attack" that apparently prevented guests accessing their rooms.

News: 2017/01/27 - Digital Marketplace.
BladeSec IA Services are delighted to announce that they have been successfully listed as a supplier on the "Digital Outcomes and Specialists 2" framework run by Crown Commercial Services.

Director, Owen Birnie said, "With the demise of the CLAS Scheme and the slow uptake of the replacement CESG Certified Cyber Security Consultancy, we were always keen to get more cost-effective ways to market. The Digital Outcomes and Specialists Framework appears to meet this requirement and will allow our public sector customers an efficient method to engage with us."

More information on the framework is available here.

Comment: 2017/01/26 - Unsecure Android and the American President.
The New York Times published this story, that the media (WIRED story here) have taken to conclude POTUS(*) is using an unsecured Android mobile phone.

A more down to earth analysis from Bruce Schneier.

>

(*)POTUS - The President of the United States in Twitteresque.

Comment: 2017/01/20 - The end of the PSN.
I think that it's fair to say that we've predicting this for quite some time. I guess the GCN carriers must be fuming. And what about the Police? There are interesting rumours going around about them. Not to mention what's going to happen to SWAN.

So in the medium term, all the segregation that (particularly) local authorities undertook to keep the PSN away from schools, social workers and (a long time ago) courts can be undone. What about those organisations who provide PSN services? They’ll have to architect yet another new network topology to get the benefits? What if they’ve hardcoded in PSN IP addresses.

Whilst most will welcome the end of the PSN, untangling the knots of years of GSI, GCF and PSN compliance won’t be easy.

And on the other side: What about those poor security people who’s only hope of getting any investment was when they said, "We need it for the PSN otherwise we won’t be approved". Will this lead towards a general weakening of defences in the public sector who are already struggling to maintain budget approval?

Perhaps another double edged sword?

Comment: 2017/01/19 - Cybercrime figures in England and Wales.
This is fascinating reading. I wonder if we would ever get something similar north of the border?

Comment: 2017/01/18 - Detecting Android malware.
An interesting story on The Register.

Comment: 2017/01/13 - Backdoor in WhatsApp.
The Guardian has reported that WhatsApp has an NSA installed backdoor.

This is a good piece on why it's not.

Comment: 2017/01/03 - Never under estimate the powers of large numbers of stupid people.
I just wanted to clarify our tongue-in-cheek statement about the number of stupid people we had encountered whilst working in our "happy new year" post.

We would never call our customers stupid, but in the last three years, whilst on engagements, we had note to highlight to the BladeSec IA management team, three occurrences where we’ve had to seek advice on how to proceed.

The first was during a procurement where we were asked "just for a quote with a number of days and a cost". We provided a bit more than that (taking two days to generate the proper proposal for the work), and yet we failed to get the job because the preferred bidder had some obscure qualification that was irrelevant for the job and wasn't listed under the evaluation criteria. Had we known it was required, we could have addressed it, but it was not asked for and just demonstrated that the procurement exercise was a fit up. If the individual had been honest, we would have been happy to provide a short-form quote. That way, they could fulfil their "three competitive quotes" criteria. It would have saved us two days of work too.

The second (and indeed third) was a MoD contractor who asked for a pre-sales meeting to discuss how to accredit a cloud solution for a military system. It’s something that we’re familiar with, and so we met, had coffee (which we paid for), gave them some advice, highlighting the benefits that engaging with BladeSec IA could bring to the whole scenario. Two weeks later we received an e-mail from their legal department asking us for details of our indemnity insurance – despite the fact that there was no contract.

Apparently, the individual concerned had gone back to their boss, and cited our advice as gospel. As part of a data transfer (something that we’d never discussed!) to the cloud there was a small data loss. The individual then tried to blame us as we had failed to disclose this requirement. Whilst not wishing to alienate anybody, that took a few meetings to sort out – and I’m pleased to say that they agreed that liability did not rest with us.

So that was the second stupid individual. The third instance was when he phoned asking for another pre-sales to discuss a "big contract". I don’t often hang up on potential sales calls, but I did that day.

No customers were harmed in the writing of that statement!

Comment: 2017/01/01 - Happy New Year!
Once again, as the clock ticked past midnight, BladeSec IA Services became another year older as we celebrated our fifth birthday.

That means that it’s time for our irreverent look at the last twelve months:-

  • Miles to closest job: 200 yards.
  • Miles to farthest job: 618.8 miles.
  • Largest number of miles covered in a single job: 1453.6 miles (still at no cost to the customer!)
  • Number of products sold: Nil.
  • Number of different BladeSec services sold: 3.
  • Amount of money received for anything other than consultancy: £nil.
  • Number of customers assisted in the last twelve months: 6.
  • Number of individual projects worked on: 27.
  • New customers: 1.
  • Number of tenders submitted: 2.
  • Most interesting place visited: Probably still Edinburgh Castle!
  • Value of donations made by BladeSec IA to support good causes: £680.
  • Number of stupid people encountered whilst working: 3.
  • Number of times the BladeSec IA management team watched the leader for "The Grand Tour": 8.
  • Number of times we've explained that we do more than "cyber": 1,000+.
Click here for older News & Comment.