All posts by Tom Errington

A small selection of the cyber threats and statistics that have made recent headlines.
  • Sources including censorship watch dog GreatFire have alleged that the Chinese authorities are staging a “man-in-the-middle” attack on Apple’s iCloud, just days after the iPhone went on sale in China. The attack is designed to intercept user’s iCloud account usernames and passwords, using a fake login site that looks exactly like the Apple iCloud login site. Read more from The WHIR and ITProPortal.
  • A new bug, which could be affecting hundreds of millions of computers, servers and devices using Linux and Apple’s Mac operating system, has been discovered. System administrators have been urged to apply patches to combat the bug, which has been dubbed “Shellshock”. Read more from the BBC.
  • US companies Home Depot, Supervalu and JPMorgan Chase & Co have all been hit by high profile cyber attacks.
  • Mark … Continue Reading ››
The ICO has published a review of the impact of its civil monetary penalties (CMPs), the vast majority of which have related to security breaches. The review canvassed the views of representatives from 14 organisations who had received a CMP and 85 peer organisations who had not. The findings suggest that overall CMPs are effective at improving data protection compliance. However some respondents felt that there was a lack of transparency about how CMPs have been calculated and some showed a lack of understanding of just what poor practices trigger the CMP threshold.
In July the Senate Intelligence Committee approved a bill for the Cybersecurity Information Sharing Act (“CISA”) that would encourage companies to share information about threats with each other and the federal government. The bill has been controversial, especially in the wake of Edward Snowden’s revelations about access to US citizens’ data, as it would give the NSA wider powers to access, retain and use data for “a cybersecurity purpose”. This is rather broadly defined as “the purpose of protecting an information system or information that is stored on, processed by or transiting an information system from a cybersecurity threat or security vulnerability”. Indeed, an open letter from a number of privacy, civil liberties and open government groups has been published criticising the bill. Further coverage can be found here, here and here. The bill is expected to see a full vote in the Senate this year. … Continue Reading ››