Information Security Forum Topics

Guardian newspaper columnist [Dawn Foster](https://twitter.com/DawnHFoster) posted images on Twitter this weekend showing how she was able to login to the official Conservative party conference app as Boris Johnson, until recently the UK Foreign Secretary. Not only was there no password required to login to the app, all that was required was an email address, but once in all the details of user registration were accessible. So, in the case of Alexander Boris de Pfeffel Johnson (yes, that is his real name) that meant contact details such as his mobile phone number. It also meant that the logged in user could …

I've been writing about various security risks in the health sector for many years now. Usually my articles cover patient privacy, data protection and health provider network insecurity issues. Occasionally, they spill over into darker territory where the cyber risk morphs into a very real one as far as the health of the patient is concerned. Take my story at SC Magazine a couple of years ago which reported how researchers at Rapid7 had uncovered vulnerabilities in an insulin pump that had the potential to change the dosage supplied. Sure, the actual risk of exploit was low given that an …

A survey of attendees at Infosecurity Europe earlier this month showed 70 percent in favour of the dictionary definition (in this case the Cambridge Dictionary) of a hacker being amended. The amendment in question being to remove 'illegality' from the definition. The current definition of a hacker is "a person who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems". So what do you reckon, DaniWebbers? Is it time that hacker was reclaimed entirely (rather than relying upon black and white labels) and if so what word should replace it as …

I think the community in general will benefit from this discussion. I have an IT horror story I would like to tell everybody about. Additionally I have discovered some solutions to some IT problems, which may have been faced by others in the community. A few years ago I started going to college, and got wholluped by a gang of social engineers in the omaha/bellevue area. Unbenounced to me they were actually preforming skits on me in order to preform black mail attacks at a later date. Now you may believe that if you aren't doing anything wrong you should …

In case you missed it Google has a serious problem with Symantec SSL certificates and is removing their Greenbar status in Chrome as well as rolling out "not trusted" notices for sites using mis-issued certs by Symantec. https://techcrunch.com/2017/03/27/google-is-fighting-with-symantec-over-encrypting-the-internet/ In response to the problems Namecheap is offering free replacement of the certificates - you get whatever time is left on your Symantec SSL certificate on a Comodo SSL for free. https://www.namecheap.com/security/symantec-ssl-certificate-free-replacement.aspx