Security

CallamMcMillan.com > Security

Information Security or Cyber Security, whatever you call it, this is where you’ll find it.

Want to work in Infosec? Impress me!

10/10/2018 0 Comments

So, you’ve decided that information security (Other titles are available) is the career for you, now you just need a job. Firstly, congratulations! You’ve made an excellent choice. The threat to companies and individuals from cybercrime and cyber-enabled crime is ever growing, creating a pressing demand for skilled individuals to help protect our information, more than ever in the age of GDPR. Before you can get started in security however, you’ll have to come through someone like me – the hiring manager. Whether you’re an IT professional that wants to move into security; it’s your first security job; or you’re…
Read more

Share

Management, Security

,

Why everybody should be using HTTPS

08/01/2017 0 Comments

Using HTTPS on a website has historically been a pain, and therefore reserved only for e-commerce sites. In order to use HTTPS you would need to first purchase certificates which had a cost associated; then you would need them installing, which your hosting provider would need to support. As a result adoption of HTTPS for ‘regular websites’ was low. Last week, I took the opportunity to secure this website. The best part was doing so cost nothing, and it took just 10 minutes! This led to the conclusion – there’s no excuse not to use HTTPS. What is HTTPS? When using…
Read more

Share

IT, Security

, ,

WordPress Security: Some useful tools

31/05/2016 0 Comments

Look to the right of the page and you’ll see the effect various personal issues have had on my free time. Couple that with needing to do a load of work on the house, and my capacity for looking after this website has become near zero. The problem is that administrative overhead didn’t go away – comments still needed to be moderated, and the number of failed login attempts was starting to become a worry. So one lunchtime at work I decided to look at some WordPress security tools. Ultimately I came up with two plugins and a useful website…
Read more

Share

IT, Security

,

Time for a new approach to password security?

13/12/2015 0 Comments

The password. It’s been used for thousands of years and today represents the key security token in modern computer systems. Despite its ubiquity, the password is not well loved. Attitudes towards passwords vary from apathy to downright contempt. Very few people would ever stand up and argue that the password is a good method of securing a system. IBM predicted back in 2011 that the password would be dead within five years. However, while the giants of the technology industry are rushing to consign passwords to the dustbin of history, nobody seems to be asking whether the problem is with passwords…
Read more

Share

Security

,

Physical Security: How to cause mayhem!

01/12/2015 0 Comments

I have a number of rules I use in a professional and sometimes personal capacity. This is number 1: Always assume the worst about everything. You’ll rarely be disappointed. When you apply it in a security context, it means given a choice, users will always choose the stupid option. Take passwords, if you don’t mandate a certain password quality, then they’ll choose crap passwords (No, Pa55w0rd does not could as a good one!) If you make the password rules too difficult, well… With a little patience and technical expertise though, it is possible to secure your systems effectively. Password policies,…
Read more

Share

Security

TalkTalk: Words fail me

28/10/2015 0 Comments

On Friday, as the whole TalkTalk hacking was blowing up in a big way, I sat down to write an article about the fiasco, if fiasco is a strong enough word to describe the mess TalkTalk find themselves in. The problem is that every time I managed to write a bit the story had once again changed. As with many things however, the more you sit and watch it, the more you recognise patterns. Two such patterns that have come out of this debacle are: Here’s another company that has failed to invest in Information Security; The CEO – Dido…
Read more

Share

Management, Security

,

Protecting a website against spammers and robots – CallamMcMillan.com

07/07/2014 0 Comments

This post was originally going to be a talk about what I did with CallamMcMillan.com to stop comments, followed by another article on how I dealt with a robots problem on the article voting system. After re-reading the article though, I decided to explain the problem a bit better and make this article somewhat informative so that you can use it on your own websites. If you’re like me then you’ll enjoy getting feedback on your work. The feedback may not always agree with my point of view, or it may suggest that my technical solutions are lacking, but at…
Read more

Share

IT, Security

What the latest Java exploits teach us about security

03/09/2012 0 Comments

I contributed earlier to a disucssion on an article in The Register (Link) on dealing with malware caused as a result of security vulnerabilities in Java. The article discusses how to go about cleaning up the various pieces of Malware downloaded and requires the use of multiple security tools covered in 12 steps. As I and others suggested at this point, given an infection of this magnitude, going for a clean-up should be the last resort. Virus removals are my least favourite computer repair job since it can be virtually impossible to totally rid a system of a virus, and…
Read more

Share

Security

Fail: Telephone “Computer Virus” Scam

09/02/2012 2 Comments

The other day I received a phone call from 01234 765093. If you get a call from them, unless you have experience with computers and you fancy wasting their time, then you should ignore them and under no circumstances do what they suggest. Failure to heed this advice is likely to lead to your computer being held ransom pending payment of a large amount of money. Others have reported this as being close to £200 GBP. First you will get a phone call, claiming to be from somebody like Microsoft, or another big company. Lets get one thing straight, they…
Read more

Share

Security