Profile cover photo
Profile photo
Vladimir Jirasek
164 followers -
Designing technology solutions to make the world a better place.
Designing technology solutions to make the world a better place.

164 followers
About
Communities and Collections
View all
Posts

Post has attachment
This article brings back my experience at +BMW dealership in Watford. I purchased 3 years old approved used 5 Series back in 2013. When I asked the service manager if there is upgrade for the onboard SW he told me yes and it would cost me £250 to do. He could NOT confirm if any of these missing updates fix safety or security vulnerabilities.
I said it is a computer on wheels and all updates should be free. Naturally, he did not agree, saying this is a car with computer inside. Needless to say I left dissatisfied.

Until car makers and dealer follow the same old behaviour the new entrants, like Tesla, will succeed in customer satisfaction.

http://flip.it/yMoHJF
Add a comment...

Post has attachment
Attack on encryption from hypervisor
This is not anything I did not expect. Researchers from Bitdefender discovered a novel way to obtain encrypted data including master secret keys, from a gues machines running on a hypervisor. The researchers aim was to run honeypots and observe the behaviou...
Add a comment...

Post has attachment
Recommended photo shooting tutorial for everyone.
Add a comment...

Post has attachment
Surveillance bill is a 'breath-taking attack' on internet security http://flip.it/CqbF3
http://flip.it/CqbF3
Photo
Add a comment...

Post has attachment
My view on: Theresa May says 'contentious' parts of web surveillance plan dropped

Everyone with basic education in Internet protocols and cryptography knows that once https is used to secure web traffic it is only the basic metadata that are available. Foremost it is just the IP address of the destination and the source, and the FQDN of the target web server, I.e. www.bbc.co.uk. Everyone else is encrypted and without bit more difficult methods cannot be obtained.
I am guessing this is the reason the UK government has backed down on the full browsing history being saved by Internet providers.
What we need to watch for are further "enhancements" of this bill proposed by security services. The appetite for data never decreases, instead it always increases.
Add a comment...

Post has attachment
Take a look at this video on YouTube:
Add a comment...

Post has attachment
Thank you Apple for such a generous price reduction. :)
Photo
Add a comment...

+Mike Elgan, listening to TNT 1333 about the drivers licenses in mobile phones. One way to overcome issue with handing over an unlocked phone to a police office could be, at least on iOS, to use Passbook. That allows access to saved tickets and card from the lock screen. Just a thought
Add a comment...

Post has attachment
The question is not if I listen to podcasts. Instead ask me what podcasts I listen to. These are my favourite:
* Security Now: https://twit.tv/shows/security-now
* This week in tech: https://twit.tv/shows/this-week-in-tech
* This week in Enterprise Tech: https://twit.tv/shows/this-week-in-enterprise-tech
* Tech News Today: https://twit.tv/shows/tech-news-today
and to balance technology overload:
* FT Alphachat: http://podcast.ft.com/s/52
* The Public speaker: http://www.quickanddirtytips.com/public-speaker
PhotoPhotoPhotoPhotoPhoto
2015-08-27
6 Photos - View album
Add a comment...

Post has attachment
When the news of the Ashley Madison’s data breach emerged on July 15 2015, many people froze and panicked! They, perhaps inspired by the company slogan “Life is short. Have an affair”, foolishly entrusted their personal and sexual secrets to the affair search website. 
The alleged hack screams to have a multitude of questions answered, some can be found in the company’s vague press release: (http://media.ashleymadison.com/statement-from-avid-life-media-inc-july-20-1225pm/). What I want to cover in this column though, is what Ashley Madison, and the banks looking to manage their eventual and now delayed IPO, should have done before the “…unprovoked and criminal intrusion...” occurred.
Dissecting the aforementioned press release which states: “…foremost in our minds… stringent security measures in place… working with leading IT vendors”. We now know that the first two are not true. The last one suggests a culture of buying security technologies and hoping for best. Such a strategy does not cut it anymore in this day and age.
Ashley Madison management should have been humble and recognise that determined adversaries will breach the defences eventually; the task of security teams is to slow them down, detect and react quickly to prevent/contain damage. The most important process that helps is the security architecture process. 
It is not, as many wrongly deem, a technology only domain. The security architecture is a process, consisting of business (people, locations, politics), data, application and technology topics.  The key component of a security architecture process is a threat analysis: one must know all assets, adversaries and vulnerabilities. Only then can a company proceed with a selection of the most applicable security controls. 
In the case of Ashley Madison who “worked with leading IT vendors”, it was most likely presented with use cases that fit the vendor salesmen’s objectives, not the client’s. In short, the vendor sells something that is likely not a good fit in the overall security architecture.
Furthermore, if a company does not integrate a multitude of security technologies tightly together; omitting people and processes challenges; the result is a clutter of security technologies, working in isolation and with questionable effectiveness. 
A side effect is also an overconfidence by the company management of their impenetrability: “We spent millions on security technology from leading IT vendors. We must be secure…”. I could argue that an excessively confident company with a myriad of poorly implemented technologies presents a worse scenario than a humble company with a smaller set of well implemented security processes and architecture. Would you agree?
And finally, back to the original question: what Ashley Madison should have done? I strongly believe that getting an external viewpoint would have helped. Someone outside of the organisation, and not an SW or HW vendor, would be able to see their security controls in a holistic view. As a result, an analysis of business objectives could have alerted the company to weaknesses in their security architecture process.
Asking for a second opinion is not a sign of weakness. The opposite is actually true. Only those who recognise their weaknesses have chance of survival. So please, do seek out an external advice and be open to hear some not-so-flattering facts. Your company’s shareholders will thank you for it, in the longer run. 
Photo
Add a comment...
Wait while more posts are being loaded