Tried, Tested and Proven


How safe is my iCloud?

With the recent compromise of celebrity accounts on Apple’s iCloud, most likely due to a vulnerability that allowed unlimited brute forcing, there is understandably some debate about how such services can be used securely. Whilst as security professionals we inevitably come back to the point that no technology will ever be 100% secure, it does appear that in this instance the attack was relatively trivial in nature. What made it so effective was that victims (and many users alike) were unfamiliar with Continue reading

Portcullis regularly gets contacted by organisations seeking help with regards to cyber attacks. Motivation varies, with some taking a proactive stance against a perceived threat, others may have been warned of imminent threats to their organisation and some may consider themselves to be under attack. Are traditional security measures capable of handling many cyber attacks?What constitutes a ‘cyber attack’ varies, and I’m not going to try to define it here (nor do I much like the term), but at Portcullis we are exposed to client’s challenges relating to; state sponsored espionage, hacktivism, criminal gangs, malware, SCADA, DDoS, etc. My role in Portcullis sees me working with clients to design and manage our response to the client’s requirements in this space.

Some organisations demonstrate a good security posture and the route to meeting their security goals is comparatively straight forward. However, we find that good number of organisations demonstrate poor security posture; for whatever reason, they have managed to survive with security someway-off good practice. We encounter cultural issues, where security is a low priority, poor patching, no segregation, lack of assurance, poor monitoring, unsupported legacy systems and more. Continue reading