29 January 2015 at 9:32am
Tilmann Haak's presentation at this week's TF-CSIRT/FIRST meeting was on incorporating security requirements into software development processes using agile methods, but his key points seem relevant to any style of software or system development:
22 December 2014 at 12:07pm
The steady growth in the use of encrypted communications seems likely to increase next year given recent announcements on both web browsers and servers. That's good news for security people worried that their users may be sending sensitive information such as passwords and credit card numbers over the Internet.
18 December 2014 at 9:11am
Although it's now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we'll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming increasingly apparent.
29 August 2014 at 11:50am
A recent discussion got me thinking about what might be the right number of passwords. There are plenty of references that still say you should have a different password for every service, and breaches such as Adobe’s last year show why. If you use the same password on two different websites and one of those gets compromised, either by phishing or loss and cracking of a password file, then both accounts are put at risk.
26 June 2014 at 10:10am
Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.
24 June 2014 at 1:53pm
Having designed a redundant DNS infrastructure, one of the most common mistakes is failing to ensure that secondary nameservers can successfully replicate data for the domains it is hosting. The most common way this is done on the Internet is though zone transfers - the AXFR command. This command causes a DNS server to reply with all the data it knows for a domain.
24 June 2014 at 1:52pm
When providing DNS nameserver services a degree of redundancy is needed. In most cases the DNS records for a particular domain will be hosted by at least two nameservers, but is that enough by itself? When building a resilient system the risks involved with the failure modes of the system need to be considered and weighed up against the associated costs and overheads. As a common example - does having both DNS servers on the same local network segment provide you with protection against network failure? Probably not.
8 April 2014 at 9:38am
The security of computer, data and networks is now a matter of importance to everyone who uses them. Computers connected to a network, whether local or wide area, are exposed to many threats against their effective operation and the safety and privacy of the data they hold. Topics Covered
8 April 2014 at 9:20am
The 'Hands on Security Testing' live online learning course covers the basics of Security Testing, from port scanning using the freely available nmap tool, through to vulnerability exploitation using the metasploit tool. This course takes place over six sessions and involves some assignments.   
4 April 2014 at 2:32pm
Martin McKeay's presentation at Networkshop warned us of the risk of spiralling "security debt".
Subscribe to security