Nigel Stanley on IT-Analysis.com

The Craziness of Passwords

Nigel Stanley, Bloor Research — Tue, 16 Mar 2010 07:00:00 +0100

For many users, one of their only interfaces with information security is via their passwords. Once successfully logged into a system little of the security infrastructure that surrounds them isor... [Read More...]

Database Activity Monitoring Part 4 - Compliance and Technical Architecture

Nigel Stanley, Bloor Research — Fri, 12 Mar 2010 07:00:00 +0100

This article explores the role of database activity monitoring in an overall compliance solution. Database Activity Monitoring and ComplianceOrganisations deploy DAM solutions for a number of... [Read More...]

Database Activity Monitoring Part 3 - Other Common Attacks

Nigel Stanley, Bloor Research — Thu, 04 Mar 2010 07:00:00 +0100

This article will explore how database activity monitoring deals with other types of data attacks. Temporary Accounts Temporary accounts have a perfectly legitimate part to play in any... [Read More...]

Database Activity Monitoring Part 2 - SQL Injection Attacks

Nigel Stanley, Bloor Research — Fri, 26 Feb 2010 07:00:00 +0100

If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational... [Read More...]

Database Activity Monitoring Part 1 - An Introduction

Nigel Stanley, Bloor Research — Thu, 18 Feb 2010 07:00:00 +0100

We are inundated with new technologies and products designed to help make our organisations safe from hackers and other malcontents. One technology that has gained ground over the past few... [Read More...]

Conficker grounds police checks

Nigel Stanley, Bloor Research — Mon, 08 Feb 2010 07:00:00 +0100

According to this article, Greater Manchester Police (GMP) have been struck down by an instance of the Conficker virus. The effect has been immediate, with systems taken off line preventing... [Read More...]

Common passwords 123456 and qwerty finally exposed

Nigel Stanley, Bloor Research — Fri, 22 Jan 2010 14:00:00 +0100

A report by database security firm Imperva has highlighted the most common consumer passwords. The study was based on an analysis of 32 million passwords exposed in the recent Rockyou.com breach.The... [Read More...]

Encryption gets a Battering - Part 2, RSA

Nigel Stanley, Bloor Research — Wed, 20 Jan 2010 07:00:00 +0100

RSA is an algorithm used in public key cryptography, and its discovery by Rivest, Shamir and Adleman (hence RSA) was a momentous development in the world of encryption. Subsequently RSA is used... [Read More...]

Cracking a 768-bit RSA key

Nigel Stanley, Bloor Research — Tue, 19 Jan 2010 08:55:00 +0100

As computing power has increased, the available horsepower to brute force crack RSA algorithms has grown as well. The most recent announcement, in December 2009, was that a group of mathematicians,... [Read More...]

ICO Grows some Teeth

Nigel Stanley, Bloor Research — Tue, 19 Jan 2010 07:00:00 +0100

After years of being an enforcement also-ran the Information Commissioner's Office (ICO) is finally going to get some teeth to deal with those that contravene data protection principles-see the... [Read More...]

Encryption gets a Battering - Part 1, Mobile Phones

Nigel Stanley, Bloor Research — Mon, 18 Jan 2010 07:00:00 +0100

The end of 2009 and the first couple of weeks of 2010 has seen the world of cryptography, and more specifically data encryption, thrust into the media spotlight.News of Secret codes being hacked that... [Read More...]

DDOS without the D. Are we doomed then?

Nigel Stanley, Bloor Research — Mon, 18 Jan 2010 07:00:00 +0100

I was recently sent a link by my friend Steve Gold highlighting the work of a hacker who goes by the name Jester. Apparently this hacker has found a way of initiating a DDOS attack without relying on... [Read More...]

Application Whitelisting - Worth a look?

Nigel Stanley, Bloor Research — Wed, 09 Dec 2009 12:00:00 +0100

I recently had an interview with Lumension chatting about whitelisting. Is it coming of age?Application whitelisting, which is the notion of only allowing pre-determined applications to install and... [Read More...]

Application Whitelisting - Worth a look?

Nigel Stanley, Bloor Research — Wed, 09 Dec 2009 12:00:00 +0100

Joining the Dots Between Security and Compliance

Nigel Stanley, Bloor Research — Tue, 24 Nov 2009 07:00:00 +0100

Until fairly recently, information security people were buried away in server rooms configuring firewalls and patching servers. With the sudden influx of compliance and regulatory requirements being... [Read More...]

Are IT audits like an MOT test for a car?

Nigel Stanley, Bloor Research — Fri, 20 Nov 2009 07:00:00 +0100

Here in the UK, after the second world war, lots of people were driving cars which were in pretty bad repair - brakes were poor, lights were damaged and steering was often ropey. This lead to... [Read More...]

Are IT audits like an MOT test for a car?

Nigel Stanley, Bloor Research — Wed, 18 Nov 2009 16:00:00 +0100

Interested in application (code) security?

Nigel Stanley, Bloor Research — Tue, 17 Nov 2009 10:00:00 +0100

Recent European research gives a good idea of the state of secure application coding practices in Europe. When I heard about BSIMM I let out a cheer-at long last a practical guide for those... [Read More...]

Interested in application (code) security?

Nigel Stanley, Bloor Research — Sat, 14 Nov 2009 16:00:00 +0100

Recent European research gives a good idea of the state of secure application coding practices in Europe.When I heard about BSIMM I let out a cheer-at long last a practical guide for those that... [Read More...]

Intrusion Prevention, Detection and Unified Threat Management

Nigel Stanley, Bloor Research — Fri, 06 Nov 2009 07:00:00 +0100

When I first began my IT career the only computer link we had to the outside world was a modem hooked up to the telephone which plinked away when dialling and broadcast a bunch of white noise around... [Read More...]

Database Key Management - an Introduction

Nigel Stanley, Bloor Research — Thu, 05 Nov 2009 07:00:00 +0100

Speak to IT security experts and ask questions about what they consider to be one of the most difficult challenges they face and coming quite close to the top of the list, along with user education,... [Read More...]

Symantec - is our future yellow?

Nigel Stanley, Bloor Research — Mon, 19 Oct 2009 07:00:00 +0100

Over the years I have watched as Symantec has turned itself into a $6 billion worldwide business employing over 17,000 people. But where is Symantec heading and is it on track for success? The... [Read More...]

Is Database Encryption Worth it?

Nigel Stanley, Bloor Research — Thu, 15 Oct 2009 07:00:00 +0100

Encrypting a database does have a superficial appeal. The rise of native encryption technologies, embedded into the database by the various vendors, have made encryption easier today than ever... [Read More...]

Generating Maximum Value from your IT Security Spend - An Analyst's Perspective

Nigel Stanley, Bloor Research — Tue, 06 Oct 2009 07:00:00 +0100

Of course times are tough and budgets are under increasing scrutiny. Even politicians, after months of denial, have admitted that public expenditure is under threat. There is no escaping the... [Read More...]

Public Sector Data Breaches - Where do we go from here?

Nigel Stanley, Bloor Research — Thu, 01 Oct 2009 07:00:00 +0100

My data is very personal to me so, like many other people, I take great exception when it is lost or stolen by incompetent organisations. If data is lost by a private sector company I can vote with... [Read More...]

And Fran makes the complete set ...

Nigel Stanley, Bloor Research — Thu, 01 Oct 2009 07:00:00 +0100

The security practice at Bloor Research has recently seen some changes and we now have two additional analysts working in the team. Peter Cooke joins with over 20 years experience in the IT... [Read More...]

And Fran makes the complete set ...

Nigel Stanley, Bloor Research — Wed, 30 Sep 2009 07:00:00 +0100

What is SQL Injection? Understanding this Important Threat Vector

Nigel Stanley, Bloor Research — Fri, 18 Sep 2009 07:00:00 +0100

In August 2009 3 people were charged with the theft of 130 million credit card numbers. This theft was carried out using SQL injection techniques. What is SQL injection and why should you be bothered about it? [Read More...]

Trustwave Acquires Vericept

Nigel Stanley, Bloor Research — Tue, 15 Sep 2009 07:00:00 +0100

News emerged the other day that Trustwave had acquired the data loss prevention player Vericept. [Read More...]

McAfee Names Dangerous Celebs

Nigel Stanley, Bloor Research — Wed, 26 Aug 2009 09:00:00 +0100

Websites hosting celebrity photos and gossip are strewn with malicious code waiting to catch out the innocent browser. [Read More...]