Unscrewing Security

RSSSubscribe to this blog
About Author

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Contact Author

Email Alec

Twitter Profile

Linked-in Profile


Recent Posts

DNSSEC: exchanging one threat for another?

A new, wonderful security technology... until some muppet gets ahold of it.

Security geeks have a permanent blind spot: "potential for misapplication of security technology." The problem also afflicts scientists in science-fiction B-movies where the giant robot decides that it wants to serve mankind crispy-fried and the story ends by reflecting on...

Tags: censorship, dns, dnssec, iwf, security, wikileaks

Friday Feed: Wikileaks, Firesheep, and Government Interception

Loose ends for the week ending 29 October 2010

Cloud Computing Considered Subversive Earlier this week I noted that WikiLeaks was using Amazon's EC2 Cloud Computing servers for distribution of the Iraq War Logs; some argued that it was strange to host the data on US servers - as...

Tags: coalition, cryptography, firesheep, government, interception, security, wikileaks

WikiLeaks is mirroring on Amazon and some people don't get it?

Cloud Computing to the fore in high-bandwidth information sharing drama!

So WikiLeaks has been mirroring / hosting their war logs on Amazon's Cloud: Since at least Friday night, the famous whistle-blowing site has been hosting data on Amazon's AWS infrastructure cloud, both in the US and Ireland, records collected...

Tags: amazon, cloud computing, privacy, secrecy, security, wikileaks

Government recycles 2009 Symantec Threat Report as strategic defence review cyberjustification

The Home Office needs to learn what "Threat Signature" means

Responding to the challenge I placed in my last post, Simon Waters directed my attention to the Symantec Global Internet Security Threat Report trends for 2009. I think he's nailed it. You'll recall that Home Secretary Theresa May was interviewed...

Tags: cybersecurity, government, nhs, security, symantec, theresa may

Wanna Cyber?

We must wait patiently for the other cybershoe to drop.

Two things are clear after cybermonday's cyberhoohah cyberregarding cybersecurity: First: no-one in government has yet Googled the phrase "wanna cyber?" else they'd know that to an adolescent demographic "cyber" when used as a noun or verb means "cybersex" or "to...

Tags: security

CyberSecurity: please don't throw government money at this nonsense

The Coalition will fund me an antivirus upgrade?

The best thing - the absolute best thing - about being an unaffiliated security blogger on CWUK is that you're guaranteed daily to have something new to discuss, and you're free to say exactly what you think. Consider this article from...

Tags: cybersecurity, gchq, government, mod, security

SEO is a security issue...

You, your site and link shorteners

SEO leads to verbosity, verbosity leads to redirection, and redirection leads to risk The acronym URL is so common today that we may have forgotten that it stands for Uniform Resource Locator. There are other words - URI, IRI...

Tags: emergency phone number, google, marketing consultants, search engine optimisation, security, seo, url, web page content

It's "Computer MOT" time again, everyone

Microsoft and monoculture

Microsoft's Trusted Computing Veep suggests vetting anything and everything which touches the 'Net. Perhaps this is not such a good idea? Security wonks can generally be placed on a 3D - or perhaps more-D - spectrum: on one axis there...

Tags: computer mot, denial of service, denial of service attack, full disclosure, mandatory access control, microsoft, network firewall, penetration testers, scott charney, security, trusted computing

Blackberry suffering blight

Yet another security threat to the platform beloved of Enterprise users

Cooking, like security, is both art and craft; you must understand both what to do and what not to do in order to create something that is fit for purpose. Consider a turnip: boil one, mince it in a food-processor...

Tags: authentication systems, backups, blackberry, crypto keys, cryptographic keys, cso, hash functions, rim, security