0207 183 5194

We are committed to providing a quality service and pride ourselves on the professionalism we offer to our clients.

Read More

Sony locks 93,000 user accounts after breach

Posted on: 12th October 2011
sony-logo

Sony has confirmed that a fresh attack on its networks has impacted 93,000 accounts.

According to a statement by Sony CISO Philip Reitinger, it detected attempts on Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE) services to test a massive set of identities and passwords against its network database.

He said the attempts appeared to include data obtained “from one or more compromised lists from other companies, sites or other sources”. Due to this, Sony determined that “the overwhelming majority of the pairs resulted in failed matching attempts; it is likely the data came from another source and not from our networks”.

Although Reitinger said that less than one per cent of the network’s users may have been affected, their accounts have been temporarily locked and, as a preventative measure, it is requiring secure password resets for the PSN and SEN accounts that had both a sign-in ID and password match. Those affected will receive an email prompting them to reset their password.

Reitinger said: “Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorised access and will provide more updates as we have them.

“Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users who we confirm have had unauthorised purchases made to restore amounts in the PSN/SEN or SOE wallet.”

He also confirmed that SOE accounts that have been matched have also been temporarily turned off.

“We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account,” he said.

Graham Cluley, senior technology consultant at Sophos, said the only silver lining for Sony is that this breach appears to be much smaller in scale than the attacks that hit it earlier this year. He added that hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords, which are believed to have been sourced from somewhere else.

“That suggests that the accounts which were broken into were using a non-unique password. In other words, you were using the same password on the Sony PlayStation Network as you were on website X,” he said.

Shape-shifting malware is the next threat

Posted on: 27th September 2011
email

Malware is being shape-shifted or downloaded from multiple sources.

According to Viorel Canj, head of BitDefender anti-virus lab, there is a false sense of both insecurity and security when it comes to web-based malware as it can often be well-disguised or repackaged, only executing once it is downloaded.

Stefan said malware is being re-packaged with layers and, because it is hosted for download, the most important vector is the URL. He said the main focus for anti-virus software should be to detect that.

He said: “Now you will get repackaged malware with a different packer. It does not need a rogue effort from a writer, you just use code that is downloaded; and you are not sure what you have downloaded.

“There are technologies that defend against it, but the end-user will see differences from what is originally created and it can be a botnet, a keylogger or something different.

“These are the challenges we are trying to overcome. The main challenge is in educating the user, and the industry is not successful at that.”

Stefan added that users are “never completely safe” due to vulnerabilities in security software and operating systems, and the industry cannot guarantee that users will not get infected.

Keeping your company secure is not a strategy

Posted on: 27th September 2011
security

Chief information security officers have to become business enablers and talk at board level if they want to retain their status.

Speaking at the Gartner security conference in London, Mark Brown, chief information security officer at SABMiller, said if CISOs do not engage their board then they could lose ‘chief officer’ from their job title within five years.

Brown, who was named SC magazine’s information security person of the year in 2011, said “keeping your company secure is not a strategy” and that CISOs have to be an “enabler to the business and understand what the organisation is”.

He said: “You need to raise your own profile to prove to the board who you are and be able to answer what questions come to you. You need to understand the extended environment and the organisation. To get to a strategic planning process, do not do it within IT – get out and speak to the business and come up with a technology plan.

“But remember one thing: no one likes techno-babble except IT, so keep it simple.”

He went on to say that IT people are often “not communicators” and find it difficult to ask for funding or explain the risks facing their business.

“This is not about relaying risk, it is about documenting a level of corporate governance – but you want to remove ‘un’ from unmanaged risk,” he said.

“The key questions are: how will it impact the business; and, what is important to the business? You have to look at the short term, but also mid- to long-term too.”

Brown claimed that by using these methods he has been able to secure a 1,200 per cent increase in funding.

Article from SC Magazine

Page 1 of 212

We offer a wide range of IT services with over 30 years experience.

Would you like to talk to us about our range of products and services.

Find out about our token ID security solutions for your business.