Saturday, 8 September 2018

BA.. an update

Since the last post, more information has been disclosed about the data breach at British Airways.

It seems that a web form was compromised on an internet facing server, which meant the hackers (for want of a better description) were able to capture the personal and financial information of the people making ticket purchases.

This worse than expected as the CVV2 (the digits on the back of the card were captured as well). This means it's possible to make purchases on the credit cards, as names, addresses and full credit card information was captured.

A couple of points, it's admirable that British Airways detected the breach so quickly and can pinpoint when it happened.

It's disappointing that it did happen, especially with the number of records and the type of data.  Without more information, we don't know how preventable this data breach was.

Will it be the last data breach?  No, of course not.

Normal advice applies, change passwords, if you're using the same passwords across multiple sites (or use a password manager), check for unusual activity on your credit and debit cards, and make use of fraud detection services, if they are offered.

Thursday, 6 September 2018

BA... "Bad Action"


So after Air Canada's data breach, it looks like British Airways has lost a suspected 380,000 records, including personal and financial information.

After these two airline breaches, a differentiator would be airlines showing they care about information security. I know I would use them as a first choice over Air Canada and British Airways.

The only way to force improvement in the industry is to vote with our feet.

British Airways probes customer data theft - http://www.bbc.co.uk/news/uk-england-london-45440850

Friday, 31 August 2018

Oh-Air Canada


Air Canada are in the midst of dealing with a data breach with sensitive data that could lead to identify fraud.

The data that has been lost includes the usual, name, address, email address and telephone numbers. In addition, passport information, country of residence, nationality and dates of birth have been lost.

Although the investigation is on going about how this has happened, it has been highlighted that there is a poor password policy on the Air Canada site, only allowing passwords of 6 to 10 characters, with only letters and numbers allowed.  It makes it all too easy to use use simple passwords on the site, and complex passwords would not be accepted.

Not great news as government issued documents like passports and driving licences are used as a form of ID typically in the safe keeping of the owner.  So use advice, keep tabs on financial activities on your accounts, and consider regularly checking your credit score for anomalies.

Wednesday, 22 August 2018

Superdrug, but not super security

Another day and we see another high profile data breach in the news. This time Superdrug are believed to have had a data breach with a loss of the personal details of 20,000 individuals.
These are the initial figures reported, so could change, if it's anything like the Dixons Carphone reports.

"Only" personal details have been lost and not banking or payment card information. The usual advice applies, change passwords, especially if you use the same password in multiple places on the same email address.


Wednesday, 15 August 2018

When you read "Putting Stickers On Your Laptop Is Probably a Bad Security Idea"...

https://motherboard.vice.com/en_us/article/pawvnk/stickers-on-laptop-operational-security-bad-idea

There is a quote from the article that says: “Conferences, border crossing[s], airports, public places—stickers will/can get you targeted for opposition research, industrial espionage, legal or investigative scrutiny,”

It looks like I may need a travel laptop!


Wednesday, 8 August 2018

Blogging overhaul

I bought this domain over 18 years ago on a whim.  Since then little has been done with it, except host this blog, and use the web page to redirect here.

After all the changes to Chrome and the recommendation for HTTPS sites, that needed fixing for both my website and this blog.  It would be strange to got to a secure blog that was hosted on HTTP!

After digging out old passwords, I've transferred my host name from China (I have no idea how it ended up there) and brought it LCN.  I've opted to create a simple website to mimic the sort of information I have on LinkedIn, and enabled HTTPS on Blogger.

I realise I've left this blog alone for around a year, around the same time I took on a new role at work.  As I've got into the swing of things, I'll get this blog back on track with a focus on cyber security.

I may back fill the last year's worth of blogs about major breaches and incidents, but we'll see as the focus will be new articles and comments going forward.  As a sign of things to come, and giving it a name and logo makes it "a thing", I've created a simple logo to use with this blog.

Enjoy the new content going forward!

 blog.andytang.com



Friday, 15 September 2017

VMworld Europe 2017 - General Session Keynote

I attended my second VMworld this year, which you may find odd as I rarely blog about virtualisation or VMware.  VMware is changing and security is now more apparent in the solutions and roadmap.  

On Tuesday 12th September, we had a General Session Keynote from Pat Gelsinger - VMware CEO.

The VMware vision was similar to the previous year, but there are new partnerships with telcos, moving the telco networks closer to cloud, as well as the growth of IoT.


Gelsinger talked about the mix of devices, applications, and platforms causing the core challenge.  There needs to be anywhere access for people to the applications, but it's complicated.  There is a mass of devices, applications, services and security.

He is only reiterating the challenges securities have been facing for a number of years, with the increase in Shadow IT, less complimentary but highly connected applications, and uncertainty of any associated security.


Workspace One is the solution, grown from AirWatch to supporting iOS, to work with many more operating systems, including Google Chrome.  


MDM (Mobile Device Management) solutions have had to grow into EMM (Enterprise Mobility Management) solutions, w here it's no longer just the management of the device, but also the applications, the content, the availability and in my world, the identity and security.

Gelsinger moved to security, highlighting the target has moved form just applications and data, to user infrastructure, including users and devices, but also cloud infrastructure of the network and compute, as these are seemingly under the control of the security team.




The gasps when some of the audience was shocked with this slide, where the security guys have been working with and understanding a number of different areas.  Security people know that security spend is increasing, but the cost of breaches are increasing even quicker.  As Gelsinger says, "your spending more and falling further behind", "something is broken" and "we the tech industry have failed you the customers".  "We need a new approach"



There needs to be move from infrastructure to secure infrastructure.  Security needs to be built in, not an after thought, as I have been saying for a number of years.  There needs to be an integrated ecosystem, leveraging quality solutions and products, where you do not excel.  All of this with cyber hygiene regime. 


I'm glad that a tech giant like VMware is embracing cyber security and embracing the areas, I believe are the most important.  The pillars of cyber hygiene are important for every environment.  

Least Privilege, Micro-segmentation, Encryption, Multi-Factor Authentication and Patching, have been evangelised by security experts for a number of years.  So great to these elements are now considered mainstream.


As expected the EU General Data Protection Regulation (EU GDPR) came up in the keynote, and of course VMware are able to support the regulation by securing the data, automating governance and secure operations.


Gelsinger introduced VMware AppDefense and how it helps the security challenge able to capture, detect and respond.


VMware approach is looking at the security challenges of a business, without the business itself becoming a security expert.

I think it's a very exciting time for a security person to be looking at VMware, and I'm glad I was at VMworld Europe 2017 to see this for myself.

For those unable to attend, the General Session is available to watch here: https://www.vmworld.com/en/europe/video/general-sessions.html (where I also got the screen grabs, as the photos didn't come out so well)