Categories
Articles

Protecting Users and Systems in 2015

The steady growth in the use of encrypted communications seems likely to increase next year given recent announcements on both web browsers and servers. That’s good news for security people worried that their users may be sending sensitive information such as passwords and credit card numbers over the Internet. However it may also require an […]

Categories
Publications

Can CSIRTs Lawfully Scan for Vulnerabilities?

This paper looks at the UK’s Computer Misuse Act 1990 and how it might apply to the practice of vulnerability scanning. Where a scan has been authorised – either specifically or via a network security policy – there should be no problem. But there are some situations where we’d like to scan hosts for which […]

Categories
Articles

Protecting Information in 2015

Although it’s now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we’ll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming […]