For all the talk of foreign states hacking organisations, criminal gangs seeking to monetise information and hacktivist groups, the truth is that most security incidents are caused by organisations own staff. Normally they are trying to do something good for their employer. It isn’t malicious, it is just misguided and often in line with company practice, culture or policy. Often they are small or near misses, but there are enough big ones to cause concern. Continue reading

Another year, another 44CON, a technical highlight in the security consultant’s calendar. Portcullis sent some of the Team to keep up to date on the latest attack vectors presented and to add to the pool of knowledge. Portcullis Penetration Tester James talks through his time at 44CON 2015. Continue reading

It was honest of Sarah Thornton to suggest that the traditional approach of sending a police officer to the scene of every crime, after the event, may need to become a thing of the past.


As Chair of the National Police Chiefs’ Council and former Chief Constable of Thames Valley she speaks from experience and should not be dismissed just because what she has to say doesn’t go down well with the chattering classes. She recognised that the steep growth in cyber-crime is going to force the police to reallocate limited resources to fight it. Different priorities will need to be made and policing will need to revolutionise the training of cyber-skills. This certainly provoked a negative reaction from the media.

Continue reading

Earlier this year some enterprising blaggers hit upon an excellent scheme. One bright spark noticed that there was a postal service concession in their local supermarket. Nothing terribly unusual about that right? Of late, postal companies have eschewed dedicated retail outlets in favour of lower-footprint concessions in larger stores. The problem (for the supermarket, at least) was that, not only did they sell groceries and pub-price-busting booze, but also envelopes and Blu-ray discs, games and all manner of other things.

I bet you can see where this is going, right? Well, just in case you can’t, I will take you through the whole scenario.

Continue reading

By Clive Room

The controversy surrounding the Ashley Madison website rolls on. For those who have just emerged from a catatonic state, last week, hacktivists called The Impact Group gained access to the client list of a dating website specifically directed at people who want to cheat on their partners. They possess the unique strap line: Life is Short. Have an Affair. The hackers subsequently published several samples of the 37 million customer details they claim to have stolen via the web host Github. So far, Avid Life Media Inc., who own Ashley Madison, have had these lists taken down using the powers of the Digital Millennium Copyright Act. Presumably not before others have copied them.

Continue reading


Portcullis is proud to announce our part in a new cyber insurance service with a unique cyber risk helpline. The offering was launched on Tuesday by Markel Insurance in response to increasing awareness within the insurance space of cyber threats and data security issues. This cyber risk cover is a new addition to their existing products.

Continue reading

The Crown Commercial Service has awarded Portcullis a place on G-Cloud 6.

G-Cloud is the digital marketplace designed to be a key plank of Her Majesty’s Government’s (HMG) strategy to help departments find the services and technology they need to deliver digital projects in the public sector.

Continue reading