Categories
Articles

Directive on Attacks on Information Systems

The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on Activities that must be considered crimes; Effective sentences for those convicted of the crimes (including higher maximum sentences for aggravating circumstances such […]

Categories
Articles

Janet CSIRT conference (#CSIRT2012)

There was an excellent line-up of speakers at Janet CSIRT’s conference this week. Lee Harrigan (Janet CSIRT) discussed how the team are now monitoring Pastebin for signs of security problems affecting Janet sites. Pastebin can be a useful place to share large files, however some users apparently don’t realise that things posted to the site […]

Categories
Closed Consultations

EU Network and Information Security legislation

I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, […]

Categories
Presentations

Cooperation between CERTs and Law Enforcement

I participated in an interesting discussion last week at ENISA’s Expert Group on Barriers to Cooperation between CERTs and Law Enforcement. Such cooperation seems most likely to occur with national/governmental CERTs but I’ve been keen to avoid recommendations that they be given special treatment, not least because of the risk that such treatment might actually […]

Categories
Articles

EU considers “Hacking Tools” offences

The  European Commission seems to be revisiting ground covered by the UK’s 2006 amendment to the Computer Misuse Act, attempting to criminalise certain acts relating to devices/tools used for committing offences against information systems. The problem is that many computer programs – for example for identifying vulnerable computers, monitoring wireless networks or testing password strength […]

Categories
Articles

IETF on Botnet Detection

A bot is a program, maliciously installed on a computer, that allows that computer and thousands of others to be controlled by attackers. Bots are one of the major problems on the Internet, involved in many spam campaigns and distributed denial of service attacks, as well as allowing attackers to read private information from the […]

Categories
Articles

Phishing trends

Some interesting analysis was presented by Pat Cain at the FIRST conference on trends from APWG (Anti-Phishing Working Group) data including their six-monthly surveys of domain names used in phishing campaigns. There is evidence that concerted campaigns against phishing can be effective – the .hk domain used to be one of the most commonly used […]

Categories
Closed Consultations

All-Party Internet Group enquiry into the Computer Misuse Act 1990

This is JANET(UK)’s response to the All Party Internet Group’s enquiry into the Computer Misuse Act 1990. JANET(UK) is the not-for-profit company that runs JANET, the UK’s education and research network, connecting universities, colleges and research establishments in the UK to each other and to the public Internet. JANET also provides inter-connection between schools networks […]