Last updated: 
4 days 2 hours ago
Blog Manager

I'm the Information Security Manager at Janet and through this blog I'll be sharing some of my experiences, ideas and thoughts on information security topics.

Blog Article
Encryption is a powerful security tool, but one that is very easy to misuse and implement poorly. The past years have seen several vulnerabilities and events that we have had to respond to HEARTBLEED, BEAST, POODLE, the retirement of SHA1 certificates, and PCI DSS mandating TLS 1.1. 
We have spent a lot of time and effort ensuring that our own systems are well managed, and it is important that our suppliers are able to keep pace with changes in how we want to use encryption. This has led us to start including requirements for encryption within procurements.
Blog Article

HTTP Strict Transport Security (HSTS) allows a site to specify that not only should all future references and requests to the site use HTTPS rather than HTTP, but that if any failures to encrypt traffic to or from the site occur, access to the site should be completely blocked by the browser. Even with manual intervention, the user is unable to click past the errors and continue to the site.

Blog Article

In the week since the TalkTalk breach there's been commentary on encryption of data, particularly with their CEO's comments that they were not legally required to encrypt data. Of course encrypting the storage of data at rest is a common sense control against a range of threats such as physical theft or loss of the storage device.

Prev | Next