Articles by phewadm

Is a router a firewall? Routers allow data to move between computer networks. If you use a computer at home or work, your router will perform a fundamental job by forwarding data packets between your computers and the internet, in other words, they provide the means for your internet connectivity. They are still typically implemented as hardware, but are really just software or “firmware” systems connected to hardware data ports inside some kind of case or “chassis”. A firewall is a special type of router that is able to detect, block and report unwanted or malicious traffic trying to move

The Privacy Bill, currently being considered at Select Committee, is a long-awaited piece of legislation, which will repeal and replace the outdated Privacy Act 1993. All going to plan, New Zealand will have a new standard of privacy rules by the middle of 2019. The current Act regulates how personal information should be collected, used, disclosed, and stored in New Zealand. It includes 12 core information privacy principles, such as how, why and where personal information can be collected, how that information is stored or disclosed, and the rights that individuals have to access or correct information about themselves. However, the technology we

Right at the start of this year we had a crack at predicting what 2018 might hold in store.  Much attention at that time was on Meltdown and Spectre, whose shockwaves continue to reverberate through the industry, with numerous new variants helping to demonstrate that one of the main sources of CPU speed in recent decades came with quite fundamental security baggage that is going to be hard to jettison.  But while this was happening a new trend was also developing in more mainstream malware. Back in 2017, ransomware incidents were big news. Wannacry and NotPetya were among some of

When you’re running a business time is money, so taking time out to restore a website that’s gone down can cost you big. Just like having the company car serviced so you’re prepared for any future issues before they happen, giving your website a warrant of fitness doesn’t take long, but prepares you in the long run. “Since we launched in April 2017, we’ve seen small businesses and their websites being affected by a range of cyber security issues,” says Erica Anderson, Senior Incident Manager, CERT NZ. “While cyber security can sound pretty complex, or something that small businesses wouldn’t

What Small Businesses Are Saying In the first quarter of this year, SiteLock undertook a broad study of more than 10 million websites and surveyed 250 website owners.  Most of the website owners surveyed classified their businesses as being small businesses (ie with less than 50 employees), just the sort of operations that we see on the web and around us every day. The report provides us with an interesting insight into the trends, vulnerabilities, and risk factors that cause small business websites to be the target of cyber attacks. The study found that small businesses continue to be the target

What’s New Cert NZ has released its first quarterly report for 2018, and social engineering attacks feature heavily in the new statistics. The Cert NZ reports provide an interesting snapshot of recent cyber security incidents reported by both individuals and organisations. The number of reported incidents reached a peak of 506 in the first quarter of 2018, although the total of financial losses decreased slightly to around $3m. 41 per cent of all reported incidents involved organisations, as opposed to individuals (see Fig 1). The finance and insurance industry remains the biggest target for cyber crime with 44 per cent of all reported

Spectre and Meltdown You might have heard of Meltdown or Spectre in mainstream media since early Jan 2018. What are they and what’s it all about? Spectre and Meltdown are the brand names for a related set of vulnerabilities that go to the heart of how modern CPUs work. (Yes, vulnerabilities have brand names, logos and their own website these days!  Check it out here).  These two brand names refer to three related problems.  They share the same website but have different logos.  There are three CVEs (Common Vulnerabilities and Exposures numbers) covering three “variants” of a class. So how

(It’s that time of the year in New Zealand.  This little post was in draft just ahead of the summer holiday period and it has taken until now to hit “publish”.  Between then and now the industry has been rocked by the Meltdown and Spectre CVEs which are commanding the attention of IT departments, service providers and vendors globally.  We’ll be presenting some practical perspectives on these very shortly, but we’ll go ahead and hit “publish” on this one nonetheless.  These speculative execution exploits are big news and will continue to dominate security and IT news for months and years

CERT NZ recently released its Quarterly Report to 30 September 2017. The report summarises both incidents and trends observed by CERT NZ during the quarter along with a small amount of commentary and some case/malware studies.  One of the key take-aways is that the vast majority of incidents are initiated from inside the victim’s network.  It is not a good enough plan to “throw in a firewall” and hope the perimeter is secured.  Throwing in a firewall has never been a sufficient strategy by itself, but attackers very seldom target just the perimeter and the focus for businesses should now