Unscrewing Security

RSSSubscribe to this blog
About Author

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Contact Author

Email Alec

Twitter Profile

Linked-in Profile

Recent Posts

Nominet: a website, by any other name, would be more secure?

Nominet propose to allow domain names directly under ".uk"; this is better?

So Nominet - the people who own, manage and monetise the top-level .uk DNS domain - propose to allow creation of domain names directly under the UK suffix (PDF). Thus instead of inflatable-widgets.co.uk you could instead own inflatable-widgets.uk, and it...

Tags: dns, dnssec, nominet, security

Why is nobody crowing about 'Critical National Infrastructure'?

O2 went dark; RBS/NatWest/Ulster Bank died. Surely the Government ought to tell us what to do?

Much cybersecurity planning is couched in terms of we must protect critical national infrastructure - but when a bank goofs a software upgrade and commits transactional suicide for a week (or more, see Ulster Bank) - and when an entire...

Tags: cni, natwest, o2, rbs, security

If it turns out that LinkedIn passwords have leaked...

...here's what you should do

Rumours are circulating on the net that a database of hashes of LinkedIn passwords has been published on a Russian hacker site. I cannot confirm this but if the article referred to above is correct then there is a risk...

Tags: linkedin, passwords, security

Chinese Cyberwarriors in your Chips?

Perhaps, but the Cambridge ones are more interesting

The security interwebs this morning are alive with reference to Sergei Skorobogatov's webpage at Cambridge, the key quote from which is: We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is...

Tags: cambridge, china, fpga, security

Ask Alec: Security for Freelance Developers and SMEs

What do you do to be secure when you're on your own?

So in my mailbox a few weeks ago there arrived the following: Hi Alec I was wondering whether you'd mind doing me a small favour. It'd be great if you could punt out a quick top 5 / top 10...

Tags: intrusion, policy, protection, security

Cybersecurity: Demand An Evidence-Based Approach

Beware Secondhand Statistics; Beware Creating Them

In the days before the SOPA blackout a popular meme infected the interwebs: Dear Congress: It's No Longer OK To Not Know How The Internet Works Directed at the US Government this article and its related discussion decried the...

Tags: ccdp, cybersecurity, security, sopa, statistics

Still Scrambling For Safety

Time for old magic in the debate on CCDP

Dateline: the late 1990s; in the USA and UK there is fear and debate over development of new technology which renders moot the "existing capability" of Government agencies to intercept internet communication - thereby risking intelligence (even that which cannot...

Tags: ccdp, cryptography, government, interception, privacy, security, ssl

Surveillance? The Liberal Democrats aren't supporting it...

The Home Office wants to log with whom you communicate, wherever and however, just in case you're naughty - but the Liberal Democrats object...

It's been a good few months for surveillance, its practitioners and its supply industry - barnstorming industry conferences, massive media coverage of technology and puff pieces on government projects stateside ... oh, wait, is this meant to be covert? Oops....

Tags: ccdp, home office, imp, interception, security, surveillance

Learning about Cybersecurity from an Unnatural World

Radio 4 on Security: Bio, Cyber or otherwise...

I was listening to the rerun of File On 4[1] this evening, and a chap from the FBI said something very sensible about Cybersecurity. Albeit the programme itself was nothing to do with cybersecurity and its tone was mildly hysterical...

Tags: bbc, biosecurity, cybersecurity, fbi, police, security, terrorism

Digital Darwinism: Perspectives for Industry and Government

A term which will soon see greater use, but it would be nice for the nuances to be understood

A few days ago I spoke on a panel at PICTFOR - the Parliamentary ICT Forum - some writeups of which have been posted elsewhere; but a few days prior in preparation myself and some friends had the opportunity to...

Tags: copyright, darwinism, filesharing, regulation, security