European Central Bank (ECB) Hack

Retail Fraud  Magazine investigated this latest attack and interviewed our Managing Director Colin Tankard;

ECB database ‘only partially encrypted’

27/07/2014: The news of The European Central Bank (ECB) being hacked, with the attackers stealing both email addresses and contact data from the organisation’s public website, is the latest data breach in a line of many.

The ECB announced the breach yesterday saying that the details only emerged when the hackers tried to extort money in return for the stolen data on Monday. Around 20,000 email addresses and some addresses and phone numbers were stolen from the public part of the ECB website that dealt with conferences and visits.

According to data security company, Digital Pathways, whilst the ECB says that no market sensitive data was compromised it also said that most of the data – not all – was encrypted.

Colin Tankard of data security company Digital Pathways says, “ As only a part of the database seems to have been encrypted it looks as if they were only encrypting a row or column ‎and were probably using an encryption programme as part of the database offered by the database vendor.

‘Often only data such as credit card numbers are encrypted but this hack shows that this method is not good enough and that the whole database should be encrypted in order to secure all of the personal private data contained within it.

‘Relying on a vendor’s single column encryption is only doing part of the job and is often seen as the easy route as companies think it is the only way to hide data from their database administration people.

‘ However, what is needed is the encryption of the total database which will also protect shadow copy and password files within it. Strong access control should be applied to either user or application access to ensure only authorised people or applications can touch the data. Then, independent logging of the database needs to be implemented so that all ‎access to the data, or changes by database administrators, is held outside of the database administrator’s control. In this way, they have nowhere to hide if they touch the database. A common technique is to switch off auditing in the database while the Hack is being done and then switching it on again thus stopping any alerts.

‘Companies really must separate duties between database administration and security management. This is always the best practice.’

To Read the full article click here

Logistics Business IT Magazine

News of perhaps the largest ever cyber-attack to date with hackers accessing Ebays database of over 233 million customers’ personal data is another in a long line of data losses in recent times.

In this case the hack was a phishing attack on the system administration accounts that were compromised providing access to the database.

Says Colin Tankard, Managing Director of data security company Digital Pathways, ‘ It seems to me that Ebay had encrypted the passwords but all other information was in the clear. Why they only went part way in the protecting the data is not clear. It would have been better if they had encrypted the whole file structure and added better authentication to the system administration accounts as a minimum.’

Read the full article here

Global Security Magazine

End Point Security: Beware use of IPads and Tablets

Our comments on the issue of iPad security and BOYD in general has been picked up by Global Security magazine. The full article is here.

Barclays Data Loss

Our release on the Barclays data loss is now in Info Security Magazine, to read the article click here

Also  Global Security Magazine picked us up. Read the article here

Sunday Times

The Sunday Times published a article titled Banks Bid To Foil The Fraudsters on 2nd February 2014.

We were referenced in regard to using strong passwords and ways to stop a Man-in-the-middle attack. Have a look at the article at http://raconteur.net/technology/banks-bid-to-foil-the-fraudsters

The Password Issue

Business Matters Magazine published our thoughts on the issue of Passwords. Read the full article here

BYOD: An increasing security challenge

Business Matters magazine has published our article on this sensitive subject. To read the full article click here