Re: How on earth can you tell the difference?
The data used by the fraudsters after the Talk Talk hack did not actually come from the hack. It came from these who knew details of installation/maintenance visits. Guess where that came from?
26 publicly visible posts • joined 9 Apr 2010
It could always be to do with GCHQ wishing to demonstrate that they are worthy hosts for the new National Cyber Centre. We will know if they stop trying to prevent funding for the development of UK security products which block all executable code unless expressly permitted - thus sodding up (technical term) most current attack vectors - and also (potentially) the business models of much of the current on-line industries.
Back in 1984 the NCC Microsystems Centre has a contract to test six GP systems. Each contained routines for recording, collating and exporting adverse reaction data (still not standard across) and not just record export (albeit on floppy discs) for transfer to other practices. Most also contained field level security (including "named doctor only" envelopes for "sensitive" information such as "says he caught it off the senior partner's daughter").
This is a good introduction. For a deeper understanding of why things are as they are, I recommend reading the Long Finance report on Cyber Catastrophe re-insurance http://www.longfinance.net/lf-research.html?id=937 . I attended some of the workshops leading to that report, have blogged on the likely consequences http://www.computerweekly.com/blogs/when-it-meets-politics/2015/08/the-ashley-maddison-hack-illus.html
The key point is that cyber is being routinely excluded from mainstream policies leaving policies which cover the cost of "incident management" (hopefully including business continuity), provided the organisation has an agreed incident management plan in place.
Telegraph and voice were brought to the UK by the private sector but the General Post office exercised its monopoly powers to license them (after Indian Mutiny has revealed their importance) and then nationalised most of them in 1912 - to facilitate mass eaves-dropping, justified by the spy scares during the run up to the First World War. Abut that time the suffragette's began causing chaos by cutting the lines. Were the suffragettes cutting the lines as a protest against the government because they had been nationalised? The historical articles I have consulted do not contain any clues.
Why buy? Already the big UK Insurance Companies are more sophisticated in their approaches to Cyber risk than almost anyone else. The delete it from the policy unless you take out a specific policy which mandates best practice and, even then, covers only the cost of implementing a pre-agreed incident management plan - which commonly includes using a mix of leading security forensics consultancies to identify who attacked you and how so that they can decide whether to fund an "asset recovery" programme along the attack vectors used (including to launder the proceeds). .
Right at the very start the Minister said he wanted the "pathways" checked before any code was cut.
The officials ignored him. Ministers set policy - they do not decide how it is to be implemented.
So the "usual suspects" burned through several hundred million before what they had produced was tried out on real humans. Surprise, surprise - it did not work - other than technically.
The "reset" was to go back to testing processes with real humans before they were enshrined in code for large scale roll-out.
It looks as though a subset does indeed work with real humans - and the phased roll-out of that subset can now begin - at an accelerating pace.
Next will come the task of "folding in" the other benefits - but at each stage checking that the changes work with those who are intended to use it. Hence then open-ended timescale.
I find it interesting that the Register should not be a fan of good practice.
The other way of looking at this is the abuse of legal aid to enable criminal lawyers to trawl through everything collected by (or available to) law enforcement, whether or not it might be relevant. What is being said is that it is too much hassle to review the way that court procedures have become skewed in favour of organised crime as a whole: not just in favour of well-lawyered terrorist groups.
Remove the requirement for a deep water inlet (questionable) and there are a number of obvious choices for basing the Trident replacement, from Barrow (where they are built), to Falmouth, Plymouth and Portland. More interesting would be whether the SNP really does want to lose the jobs from Clydeside and Rosyth. The Royal navy predates the Act of Union.
Looks like an overdue, step by step, reversion to the days of the CCTA list prices in the 1970s - but with a lot more suppliers. If that were to be accompanied by well-supported routines for assessing and approving products and services from SMEs so that risk-averse customers could purchase from them with confidence that would be a great step forward. If not ...
Remembering that TOR was created by US Naval Intelligence to protect its secure communications, including from leak from other agencies, I read the e-mails from the TOR organisers rather differently. My conclusion is that they have now reviewed the situation and are satisfied that those agents whose security was not breached by Manning and Snowden remain safe. Whether or not you believe that they not know or suspect who attempted the breach is up to you. My guess is that it was not the FBI or NSA but a foreign power, perhaps North Korea as a proxy for ... take your pick ... they need the money now that the falling oil price has destroyed their sales of conventional weapons.
This is not such a bad idea. Recreating some of the wartime security barriers (complete with sentries examining tickets for your security clearances - i.e. what you have paid to visit) between the different parts of the site might help the theme park experience.
I suspect that the planners of the Bletchley Theme Park have a carefully sanitised version of history in mind. This does not include the "special relationship" between Bletchley and Fort Meade from 1941 until GCHQ moved to Cheltenham. They fail to recognise that the elderly volunteers are fully aware of their obligations under the official secrets acts (plural). Hence the current situation, instead of a win win way forward which would have preserved the spirit of Bletchley.
We should remember that a core part of that spirit was the tension between the invaluable eccentrics and those trying to keep order between several thousand, largely female, twenty somethings and a rather smaller number of men of varying ages, with few of either knowing what they were really doing. Luckily many of those who were truly invaluable were more interested in what they were doing than in the opposite sex, if they were interested in the opposite sex at all.
At this point I have some sympathy, albeit not a lot, for those trying to create a sanitised theme park which will protect the young of today from the realities of the past.
I wonder if Nik Dakin MP, or the former steel town which he represents, was in the news. I have not mentioned its name but the first letter is "s" then comes "c" , then "u" then "n" then "t" then "thorpe". My browser and security software is among those which obliterate his constituency from the on-line world and tells that they offend a mythical "acceptable use policy" that I appear powerless to over-ride.
If I am typical the measure is indeed reactive rather than predictive. I typically do three or four searches to check the showings (times and locations) before going to see a film, having already decided what to see and when. In making that decision I may indeed look at the trailers, but rarely suficiently in advance for anyone to make a meaningful "decison" based on collating the search patterns of "millions like me". If movie-makers and distributers were to want infomration of predictive value it would be more sensible to give me a discount (or other benefit) in returning for responding to a survey on what I like to watch and where, when and how I like to do so. That said, using such data to find search spikes which do not correlate with spikes in box office takings (or vice versa) and the looking at the causes might indeed be an intersting exercise. The value of using search engine analyses should not be under-estimated - even though this example has been over-hyped.
When I ran the NCC Microsystems Centre (New Fetter Lane 1982 - 4) he was almost the only journalist who took nothing on trust - he checked it all out. A great source of knowledge and also very discrete on his sources. He never quoted any of my youngsters on anything not cleared by myself or one of my consultants. He independently checked what we gave him to use from our tests when we were not willing to be quoted. He was also happy to sit beside the youngsters explaining what he was looking for and showing them how he looked for it. A lovely man - and a very good, and patient, teacher.