security

Engineersecurityvoip

Announcing ITSPA trefor.net VoIP security workshop at Convergence Summit South 8th October

By: Trefor Davies | Wednesday, 17 September, 2014

trefor.net is teaming up with ITSPA, the Internet Telephony Service Providers’ Association, to produce a twice yearly VoIP security workshop. The first one is during the Convergence Summit South show at Sandown Park on October 8th, Read on to find out more. Announcing the ITSPA/trefor.net VoIP security workshop Telecom Fraud – Part 1 – A Case Study for the Channel...

0
Bad StuffEnd Userpiracysecurity

Website Blocking Report

By: Trefor Davies | Friday, 4 July, 2014

See if your website is being blocked by ISPs using the Open Rights Group (ORG) website blocking Blocked resource. Had an interesting tweet this morning from @boggits pointing me at blocked.org.uk, specifically this link. It shows, as is seen in the header screenshot, that three mobile networks: 3, O2 and EE have blocked users access to trefor.net. My only prior...

0
End Usersecurity

Lock screen strategy – show your home phone number

By: Trefor Davies | Friday, 20 June, 2014

Showing your home phone number on your lock screen could avoid a lot of problems if the phone is lost. I’ve always had “Tref’s phone” as text on the lock screen on my phone. Once when the phone was accidentally left on the bar at the cricket club it was returned to me immediately. V handy. The other day...

0
securityvoip

Wot? No Password?

By: Peter Cox | Tuesday, 20 May, 2014

UM Labs Ltd. Founder and CEO Peter Cox’s post is based on a presentation given at a recent ITSPA workshop on the risks of auto provisioning. Everyone understands the need for security on the Internet. We all know the importance of using strong passwords and — painful as it may be — regularly changing those passwords. As such, would...

0
Businessonline safetysecurityvoip

Voice Fraud – You Need to Act!

By: Simon Woodhead | Wednesday, 7 May, 2014

Trefor.net welcomes VoIP guest contributor Simon Woodhead, CEO of wholesale voice provider Simwood. In February, we published VoIP Fraud Analysis, a white paper that details Simwood’s three years of operating a Honeypot, coloured in by many years of real-world experience servicing wholesale voice clients of all sizes and seeing them compromised. Our research has been very well received in...

0
Engineersecurity

Oops – was that the red button? Nuclear near uses

By: Trefor Davies | Wednesday, 30 April, 2014

Following last week’s post in which we discussed the precautions taken by Nominet to withstand nuclear attack we beginning to realise how sensible this was. A Chatham House Report Too Close for Comfort: Cases of Near Nuclear Use and Options for Policy describes thirteen incidents of near nuclear use. It’s almost like reading the notes used in preparation for a...

0
Bad StuffEnd Useronline safetysecurity

Heartbleed – a pain in the proverbial

By: Trefor Davies | Thursday, 10 April, 2014

Big fuss doing the rounds over the Heartbleed bug. Google it. Every man and his dog1 is saying it is really bad and offering advice which basically says change your passwords oh and btw it might not make sense to change it yet because your specific service might not have patched their SSL. Now this is the problem. I...

0
ecommerceEngineersecurity

New Joules shop opens – queue remains calm, Bruce Schneier signs book

By: Trefor Davies | Thursday, 27 February, 2014

Could hardly contain my excitement walking to work this morning. A new shop has opened on Lincoln High Street! I wouldn’t have notice were it not for the fact that a woman got in my way trying to take a photo of the queue. I too like to take photos (of queues) so I reversed in my tracks, whipped...

0
BusinesssecurityspamUC

Selling your contact information – who does it?

By: Trefor Davies | Wednesday, 19 February, 2014

One of the things I’ve been looking forward to in life post Timico is having a cleaner inbox. I don’t get spam using Gmail and the platform very kindly filters most commercial mails in to a tab called “Promotions”. This I love. I do look occasionally and note that the mails are typically from rewards membership accounts and their...

0
Engineersecurityservers

Lloyds Bank – 2 out of 7 servers “down”

By: Trefor Davies | Monday, 27 January, 2014

Problems with Lloyds Bank & TSB cashpounts attributed to failiure of 2 out of 7 servers by BBC. Interesting article on BBC Radio 4 Today Prog this morning. Apparently last night some Lloyds & TSB customers were unable to use their debit cards for a couple of hours or so. Not me. I was at home. The point is...

0
End Usersecurity

Intro & Password Pain by @LindseyAnnison

By: Lindsey Annison | Wednesday, 15 January, 2014

I’m grateful to Tref for leaving the corporate treadmill and embarking on this new venture.  Although he never appeared to hate, or even dislike, his day job as some others in the industry seem to (in fact, having seen him in situ in the Timico offices several times, he seemed to positively revel in it!), I am very much...

0
Businessonline safetysecurityspam

Gmail update – Google+ comment

By: Trefor Davies | Sunday, 12 January, 2014

Got an email yesterday from Google about a change to Gmail. Everyone probably got the same mail. Certainly the mainstream media made big news of it, in the tech sections. When you are sending an email from a gmail account you will now be offered Google+ account holders as recipients of the mail. One site, whose name is oft...

0
End Useronline safetysecurity

Eventbrite security really on the ball – Adobe hack

By: Trefor Davies | Monday, 18 November, 2013

Had an email from Eventbrite yesterday with the subject “Keeping your account protected”. Fair play to them. Eventbrite have looked at the 3 million user name email addresses recently hacked at Adobe and cross referred them to any in use on the Eventbrite platform. They have then let the Eventbrite users with these identical email addresses subs. I was...

0
Engineerpeeringsecurity

Team Cymru – the correct pronounciation

By: Trefor Davies | Monday, 4 November, 2013

On a completely different note whilst I was at the Euro-IX conference last week someone gave a talk that included something about Team Cymru. Team Cymru are a top bunch of guys in the cyber security space. However there is something that urgently needs addressing about the organisation and that is how you pronounce their name. I’ve been hearing...

0
Businessonline safetyRegssecurity

Government Minister responsible for leaking secrets to enemy spies?

By: Trefor Davies | Thursday, 17 October, 2013

I note that old Francis Maude, Cabinet Office minister, has taken his communications services into his own hands and  installed a WiFi connection. The Telegraph article doesn’t go into any great detail as to what the WiFi is connected to. You get the impression he has ordered a separate broadband line to his office. I was pondering on a...

0
Engineersecurity

Is Huawei in your network a national security concern?

By: Trefor Davies | Tuesday, 23 July, 2013

I am reminded that yesterday’s post on how would Huawei spy on your network has an additional dimension in the UK in that a significant chunk of BT’s 21CN infrastructure is based on the Chinese vendor’s kit. I hadn’t noticed that this hit the headlines a couple of months ago. The BT Huawei deal would have been based on...

0
End Userinternetsecurityvoip

How to tell if a phone call is going to be a scammer

By: Trefor Davies | Tuesday, 23 July, 2013

Most people have picked up scam phone call at sometime in their recent short lives. I’ve noticed that they all have similar characteristics in that when you pick up the phone there is always a second or two of silence followed by a foreign voice saying “can I speak to Mr Davies please?” (replace Davies with your own name...

0
End Userinternetonline safetysecurity

The return of the “virus on your Microsoft PC” scam #speedytechies @TeamViewer

By: Trefor Davies | Monday, 22 July, 2013

The “you have a virus on your Microsoft PC” scam is back. I thought they had locked up the people responsible and this was dead. Like everything related to the internet crime – spam, botnets they always find a way back. I got home from work on Friday and took a call from Anna of http://speedytechies.com/. They apparently have...

0
Engineerinternetonline safetysecurity

How would Huawei spy on your network?

By: Trefor Davies | Monday, 22 July, 2013

Last week the talk was about a story about former head of the CIA and the NSA, Michael Hayden, who thinks Huawei are spying on networks that have installed their kit. Link here to the Register story though it appeared in a lot of places. One has to think about how Huawei might do this without the network operator...

0
End Usersecurity

Privacy on London Underground Metropolitan Line #googleglass

By: Trefor Davies | Friday, 10 May, 2013

The Metropolitan Line on London Underground has nice newish interconnected carriages and you can walk from one end of the train to the other. As we wound our way to Kings Cross for me to catch the train back north I noticed that the carriages were making interesting snake like movements. Very artistic I thought. I’ll video it. I...

0
EngineerNetsecurity

The Fortigate100D firewall & MPLS networks

By: Trefor Davies | Tuesday, 26 February, 2013

I find it profitable to sit around the development teams. Someone always says “hey Tref come and see this”. On this occasion it was a couple of Fortigate100D firewalls. Now the cynics amongst you will say so what? A firewall? What’s so interesting about that? I realise that there can be few readers of this blog of that disposition...

0
Businesssecurityvoip

How to make your VoIP secure #fraud

By: Trefor Davies | Thursday, 24 January, 2013

It’s a pretty simple process to set up your own VoIP phone system. Google “free VoIP server” and you will find links to 3CX or Asterisk. Download their free software and install it on a computer in your office. Sign up for a few SIP trunks from an Internet Telephony Service Provider (eg Timico) and you can be up...

0
Engineeronline safetysecurity

How to achieve a PCI Compliant network

By: Trefor Davies | Thursday, 17 January, 2013

A lot of effort goes into achieving PCI compliance for a network. Without going into huge detail I thought some of you would like to know the type of work we had to do to get the badge. Implementation of secure LDAP cluster This consists of a master server and three read-only slaves, the master server is locked down...

0
BusinessRegssecuritysurveillance & privacy

The Report of the Joint Select Committee on the Draft Communications Data Bill

By: Trefor Davies | Tuesday, 11 December, 2012

The Report of the Joint Select Committee on the Draft communications Data Bill was issued this morning at one minute past midnight. It’s been in the news this morning with the deputy Prime Minister Nick Clegg calling on ministers to rip up their plans and go to “back to the drawing board“. The 105 page Report concludes that “there...

0
End Userscamssecurity

Great phishing season

By: Trefor Davies | Wednesday, 28 November, 2012

All you anglers out there will appreciate this little phishing effort from “Lloyds Bank”. I picked it up from our spam filter – pleasing to see that it works. I do wonder what percentage of recipients of this kind of email actually fall for it. This one isn’t a bad attempt though as is the nature of these things...

0
End Usersecurityspam

Automated spam calls to mobile – what to do

By: Trefor Davies | Friday, 23 November, 2012

The scam business continues. Just got what I think was another PPI mis-selling call via automated call to my mobile. The originating number was 07588034908. I was expecting a call and was just trying to figure out if this was it at the same time as answering the phone so I missed the first half sentence. I just caught...

0
End Usersecurity

Payment Protection Insurance – are you eligible for £7,500 compensation?

By: Trefor Davies | Wednesday, 17 October, 2012

Just had a phone call from an Indian sounding gent called Harry Connor. Actually he wasn’t totally sure what his name was because when I asked him again at the end of the call he said it was Sean Connor (not sure how he spells Sean – could be Shaun or Shawn – sorry). Perhaps he flips between both...

0
BusinessRegssecurity

Now where did I leave that important information? #commsdatabill

By: Trefor Davies | Monday, 8 October, 2012

You will of course recall my recent post on Big Data in which I related how many laptops are left in the back of taxis. 10,857.14 of them every year to be precise. Well I was wrong. Not only did I underestimate how many cabs there are in London but the average number of laptops left in them every...

0
End UserRegssecurity

your password here? oh dear! #LinkedIn

By: Trefor Davies | Wednesday, 6 June, 2012

I note from the Daily Telegraph that LinkedIn has had 6.5 million passwords stolen and published on a Russian website. When did you last sort out your passwords> Have you got a password policy? Worth getting one I’d say. This is a perfect example of why we shouldn’t let the government collect data about us. It is going to...

0
End Useronline safetysecurity

Should you worry about your own personal information security – yes – notes from Infosec2012

By: Trefor Davies | Friday, 27 April, 2012

I spent a day at Infosec2012 this week. I could easily have spent another day there as I only met a fraction of the people that would have been good to talk to. It’s not often I say that about a trade show. I stopped by the Sophos stand for a looksee. James Lyne, Director of Technology Strategy of...

0
  • Coming soon

  • Date for your diary

    trefor.net Xmas bash Thursday 11th December
  • Events at trefor.net
  • © Copyright 2014 Trefor.net