Author Archives: mike

WannaCrypt or the NHS Worm

As many of you will be aware, the NHS suffered from a mass outbreak of a ransomware worm last Friday which has since spread to many other organisations around the world. For more general information please see The Register’s article … Continue reading

Posted in Active Attacks | Leave a comment

Keeping Your Account Safe

We are seeing an increase in the number of compromised accounts due to various forms of attack, and decided to highlight some core protections for your account. If your account is compromised, you may find yourself locked out of the … Continue reading

Posted in Active Attacks, Passwords | Comments Off on Keeping Your Account Safe

‘Phishing’ Emails With Your Home Address

This article is currently being drafted, and will be added to over time. In the meantime, Sophos have an article that goes into some detail about what is going on here. Some key points :- Don’t click on the encrypted … Continue reading

Posted in Active Attacks, Email | Tagged | Comments Off on ‘Phishing’ Emails With Your Home Address

Is IS Aware Of What Password You Have?

One of the more interesting questions that arose from the recent password audit is whether IS is aware of account passwords – i.e. do we know your password. The short answer to that is: No, but with a caveat. First … Continue reading

Posted in Passwords | Comments Off on Is IS Aware Of What Password You Have?

How SHA-1 Is Broken

(This gets very esoteric very quickly) Those of you paying attention may have realised that very recently (January this year), browsers started complaining about security when connecting to sites whose SSL certificates used the SHA-1 hashing algorithm within the certificate. … Continue reading

Posted in Technical | Tagged , , | Comments Off on How SHA-1 Is Broken

Phishing: What To Do In The Aftermath

In the event that you have given away your account details in response to a phishing attack, and either discovered yourself that your account is compromised or you have been told so by IS, then there are some steps to … Continue reading

Posted in Email, Passwords | Comments Off on Phishing: What To Do In The Aftermath

Don’t Automatically Trust Email!

Email is a very easy to forge – so easy that if you try to impress a hacker by claiming to have forged email, they’ll fall about the floor laughing. So you should not automatically trust email – there are … Continue reading

Posted in Email | Comments Off on Don’t Automatically Trust Email!

Analysis Of A Phishing Attack

The following is the analysis of a real phishing attack that we have seen, together with some indications of how a phishing attack can be detected. For the impatient, some of those indicators are listed below :- Are you expecting … Continue reading

Posted in Active Attacks, Email | Tagged , | Comments Off on Analysis Of A Phishing Attack

How Often Should I Patch?

The short version: “It varies”. “Have you applies the latest security fixes from your operating system vendor to your machines?” I asked, trying to a learn a little more about Fred’s security posture. Fred replies with hesitation, “We apply security … Continue reading

Posted in General | Tagged , | Comments Off on How Often Should I Patch?

Friday’s DDoS Attack And The Mirai IoT Worm

It may have reached your attention that there was a significant denial of service attack against a widely used DNS provider – the service provider for organisations such as Twitter, Github, and Amazon. The effect was to make certain services … Continue reading

Posted in Active Attacks, Technical | Tagged , | Comments Off on Friday’s DDoS Attack And The Mirai IoT Worm