Tried, Tested and Proven


Ransomware is a very topical threat to many organisations and individuals in today’s connected world. Recent high profile attacks on US hospitals have highlighted the damage this simple tactic can cause, along with the moral dilemma posed to the executives of the affected organisations. Whether you agree or disagree with some of the decisions made by the affected organisations, we can all conclude that ransomware poses some extremely complex moral and ethical questions for the victims themselves. Lets take a look at some of these complexities. Continue reading

We have all heard a great deal, for some time now, about the Internet of Things (IoT) revolution. To my simple mind IoT means machines talking to one another.

I Googled it and apparently the phrase was first coined by a Brit called Kevin Ashton in 1999. He is a tech entrepreneur who designs remote sensors and came up with the term to distinguish between data which is created by humans and then entered into computers, as opposed to computers collecting and swapping data without any need for our involvement. In the intervening years, IoT has rapidly taken shape with gadgets from phones to fridges and integrated itself into our daily lives.

Continue reading

For all the talk of foreign states hacking various organisations, criminal gangs seeking to monetise information and hacktivist groups, the truth is that most security incidents are caused by organisations’ own staff and normally they are trying to do something good for their employer. It is not malicious, it is just misguided and often is in line with company practice, culture or policy. Generally these incidents are small or near misses, but there are enough big ones to cause concern. Continue reading

It was honest of Sarah Thornton to suggest that the traditional approach of sending a police officer to the scene of every crime, after the event, may need to become a thing of the past.


As Chair of the National Police Chiefs’ Council and former Chief Constable of Thames Valley she speaks from experience and should not be dismissed just because what she has to say doesn’t go down well with the chattering classes. She recognised that the steep growth in cyber-crime is going to force the police to reallocate limited resources to fight it. Different priorities will need to be made and policing will need to revolutionise the training of cyber-skills. This certainly provoked a negative reaction from the media.

Continue reading

Earlier this year some enterprising blaggers hit upon an excellent scheme. One bright spark noticed that there was a postal service concession in their local supermarket. Nothing terribly unusual about that right? Of late, postal companies have eschewed dedicated retail outlets in favour of lower-footprint concessions in larger stores. The problem (for the supermarket, at least) was that, not only did they sell groceries and pub-price-busting booze, but also envelopes and Blu-ray discs, games and all manner of other things.

I bet you can see where this is going, right? Well, just in case you can’t, I will take you through the whole scenario.

Continue reading

The controversy surrounding the Ashley Madison website rolls on. For those who have just emerged from a catatonic state, last week, hacktivists called The Impact Group gained access to the client list of a dating website specifically directed at people who want to cheat on their partners. They possess the unique strap line: Life is Short. Have an Affair. The hackers subsequently published several samples of the 37 million customer details they claim to have stolen via the web host Github. So far, Avid Life Media Inc., who own Ashley Madison, have had these lists taken down using the powers of the Digital Millennium Copyright Act. Presumably not before others have copied them.

Continue reading

Image1Portcullis has been conducting paid research for a number of years and we have performed studies across all aspects of our industry, often with interesting and thought provoking results. The motivations behind our passion for research stem from a number of areas: our long standing commitment to making contributions to the hacking community, as a whole, in the form of technical blogs and tools, our own curiosity as to how far we can push the limits of our industry and the desire to answer the technical questions that we encounter through the daily activities of ourselves and our clients.


Continue reading