The LAPSUS$ cybercrime group which deleted 50TB of patient data from Brazil’s Ministry of Health have this week disclosed breaches on both Microsoft and Okta. LAPSUS$ are threatening to publish leaked data from Microsoft (source code) and Okta (clients) unless a ransom is paid. LAPSUS$ claim NVIDIA, Samsung, and Vodafone as targets that they have… Continue reading SIM Swapping Prevention
Category: Identity Management
How do Covid-19 tracing apps work and how do they comply with EU-GDPR?
The UK is trialling its Covid-19 contact tracing application which tracks human interactions. The app uses Bluetooth Low Energy (BLE) communications between smartphones for registering handshakes' duration and distance. This data is then uploaded to a centralised database so that if a user self-registers as Covid-19 positive, the centralised service can push notifications to all… Continue reading How do Covid-19 tracing apps work and how do they comply with EU-GDPR?
Mobile Network Operators and UK Open Banking
Mobile Network Operators have an opportunity to provide a secure UK Open Banking Service using their location services, 5G Network Slicing and Password-less Multi-Factor Authentication
Some Questions After Quad-Play
I work as an architect at a big telco that has recently become a quad-player. Part of my job is to think of what services come next. My previous interest has always been distributed computing, either networking or large data-sets. Also as part of my job I attend IT conferences on the internet of distributed… Continue reading Some Questions After Quad-Play
Security Best Practice for Protecting Against Memory Scraping Malware in Target & Home Depot
Credit and debit cards stolen from bricks-and-mortar stores sell on the black market for at least ten times the price of cards stolen from online merchants. There are plenty of TOR accessible card shops that will happily buy the cards from hackers and resell them on the open market. A card stolen from a bricks-and-mortar… Continue reading Security Best Practice for Protecting Against Memory Scraping Malware in Target & Home Depot
BSS for the IoT: You Don’t Have To Be A Mobile Network Operator To Do It
The Internet of Things is not predicated on mobile or fixed-line operators. It is predicated on the value derived from the interplay between different sensors and actuators. In the history of mobile telecommunications it was the mobile network operators who provided a service that brought together radio waves and handset manufacturers. The success of mobile… Continue reading BSS for the IoT: You Don’t Have To Be A Mobile Network Operator To Do It
A Scottish Safe Harbour for Identity Management Update: RBS, Lloyds to move south if Scots vote for independence
Reuters are reporting that the Royal Bank of Scotland and Lloyds Bank will both relocate to England if Scots vote for independence next week. The Royal Bank of Scotland, which employs 11,500 staff in Scotland, announced that it had taken the option to relocate to England because a vote for independence would create uncertainties which could impact… Continue reading A Scottish Safe Harbour for Identity Management Update: RBS, Lloyds to move south if Scots vote for independence
A Scottish Safe Harbour for Identity Management
The Data Protection Directive (officially Directive 95/46/EC) regulates the processing of personal data within the European Union and also provides the criteria for Safe Harbour privacy for companies operating within the European Union. The Safe Harbour regulations forbid sending of customer's personal data to countries outside the European Economic Area unless there is a guarantee that it… Continue reading A Scottish Safe Harbour for Identity Management
Some Identity Standard Factoids
The following are some interesting security factoids that point towards the benefit of a mobile 2FA (Over the Air or Wireless Public Key Infrastructure) federated identity model: The most commonly used password in the English speaking world is '123456'. Previously it was 'password' An average UK internet user has five different username and password combinations… Continue reading Some Identity Standard Factoids
Single Identity Repository for Internal Staff, Partners & Customers and Security Zones of Control
It is not impossible to have a single user directory tree for internal users / staff, partners and customers. All that is required is unique identifiers and different levels of permission normally managed through group membership. However pretty much every organisation quite rightly separates these groups as independent trees. These independent trees are normally realised… Continue reading Single Identity Repository for Internal Staff, Partners & Customers and Security Zones of Control
API Crazy 