Download as PDF
Blog Article
The Board of European Regulators of Electronic Communications (BEREC) have now released the final version of their net neutrality guidelines, following a public consultation that received nearly half a million responses. These seem to have resulted in clarifications of the draft version, rather than any significant change of policy.
Blog Article
The latest announcement from the Article 29 Working Party on the US-EU Privacy Shield also suggests that there shouldn't be any short-term surprises for those using the other justifications for exporting personal data to the USA.
Blog Article
[UPDATE: the Directive has now been published, with Member States required to transpose it into their national laws by 9 May 2018]
Blog Article
A new EU law, created earlier this year, requires public network providers to ensure "network neutrality" – roughly, that every packet be treated alike unless there are legitimate reasons not to.
Blog Article
With the number of data breaches still increasing, all organisations should be making plans for their response when, not if, it happens to them. At the FIRST conference, Jeff Kouns of Risk Based Security suggested learning from examples where the organisation’s response, or lack of it, had made the consequences of a breach much worse, both for the organisation and its customers.
Blog Article
At the FIRST conference, Eireann Leverett and Marie Moe discussed a number of areas where incident response teams and insurers could usefully collaborate.
Blog Article
At the FIRST conference, James Pleger and William MacArthur from RiskIQ described a relatively new technique being used to create DNS domain names for use in phishing, spam, malware and other types of harmful Internet activity. Rather than registering their own domains, perpetrators obtain the usernames and passwords used by legitimate registrants to manage their own domains on registrars' web portals.
Blog Article
Information sharing is something of a holy grail in computer security. The idea is simple enough: if we could only find out the sort of attacks our peers are experiencing, then we could use that information to protect ourselves. But, as Alexandre Sieira pointed out at the FIRST conference, this creates a trust paradox.
Blog Article
Last month the Government published a draft Investigatory Powers Bill for a period of pre-legislative scrutiny before a full Bill is introduced, expected to be in the Spring of 2016. Various Parliamentary committees are considering different aspects of the Bill.
Blog Article
It's relatively common for incident response teams, in scanning the web for information about threats to their constituencies, to come across dumps of usernames and passwords. Even if the team can work out which service these refer to [*], it's seldom clear whether they are the result of current phishing campaigns, information left over from years ago, or even fake details published by intruders who want to inflate their claims.
