Posts Tagged ‘design’

java logo drawn

Bumper security update for Java released

Bumper security update for Java released

oracle java logo

Oracle has released a bumper update package for Java that closes lots of security holes in the software.

The update fixes 51 separate security bugs in Java, which owner Oracle says is used on billions of devices.

About a dozen of the bugs were serious enough to allow attackers to take remote control of a compromised system, researchers said.

Java is one of the most popular targets for cyber-thieves and malware writers seeking to hijack home computers.

In its advisory about the update, Oracle urged customers to patch the software as soon as possible “due to the threat posed by a successful attack”.

Programming language Java has proved popular because software written with it can easily be made to run on many different types of computer.

Twelve of the holes in Java addressed by the update topped the table that ranked the severity of security weaknesses in software, wrote Qualys security expert Wolfgang Kandek in a blogpost.

If these bugs were exploited, attackers could bypass ID controls and take over a target system, he added.

He said those seeking to exploit Java would probably seed web pages with booby-trapped links in a bid to catch vulnerable machines.

Security glitches in Java are favourites among those that write and run so-called “exploit kits” that seek to compromise vulnerable websites and other systems.

Security blogger Brian Krebs said if people needed to run Java, it was well worth taking time to apply the update.

Those that did not need the software should consider disabling it altogether, he said.

“This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants,” he wrote.

The update is available via the main Java website and has prompted follow-up action from other electronics firms. Apple has released an update to the version of Java that runs on its computers. This update points people towards the official version of Java from Oracle instead of that supplied by Apple.

In the past, Apple has faced criticism over the speed with which it updated its version of Java.

This article originally appeared on the BBC News website

Irish Web Design – Bumper security update for Java released

black hole

Suspected Malware Criminal Arrested

Blackhole malware exploit kit suspect arrested

Russian police have reportedly arrested a man on suspicion of masterminding two infamous hacking tools.

He is suspected of being the man behind the alias Paunch – the nickname used by the creator of the Blackhole and Cool exploit kits, sold to cybercriminals to infect web users with malware.

The Russian authorities have not confirmed the details.

But security firms said they had already detected a decline in the programs’ use.

A spokesman for the law enforcement agency Europol told the BBC: “Europol and the European Cybercrime Centre has been informed that a high-level suspected cyber criminal has been arrested.

“We can only refer you to the Russian authorities, they are the ones who should speak about this topic.”

The Russian police’s press office said it had nothing to add at this time.

However, Alexander Gostev, chief security expert at the Moscow-based internet protection provider Kaspersky Lab, said the arrest had been confirmed to him by “anonymous sources”.

Blackhole software The Blackhole kit offered an interface used to manage malware attacks

 

Spreading malware

The Blackhole kit, released in 2010, dominated the crimeware market throughout 2012 and the start of 2013, according to Fraser Howard, a researcher at the anti-virus company Sophos.

He said the code had been sold for an annual licence of $1,500 (£940) or could be rented from its creator for $200 (£125) for one week’s use, among other price plans.

The software targeted a range of vulnerabilities in the Java programming language, Adobe’s Flash media player, Windows software and PDF files.

It had two ways of doing this:

  • adding malicious code to hundreds of thousands of legitimate websites, which then copied malware to visitors computers
  • creating links in spam messages to specially created sites that infected PCs
Blackhole email
Sophos said that Blackhole was used to send links that directed users to sites that downloaded malware

Among the malware downloaded was:

  • fake anti-virus software that falsely claimed the PC was infected and urged the user to pay a fee to remove viruses
  • Trojans that attempted to steal financial records stored on the PC
  • the ZeroAccess rootkit, which downloaded other software that hijacked the PC for use in a botnet – a facility used to overwhelm websites with traffic and force them offline
  • key loggers that took a record of what was typed on the PC
  • ransomware that attempted to blackmail the PC owner

Although Mr Howard said Blackhole was once the biggest threat of its kind, he added that in recent months it had been overshadowed by rival kits, including Sweet Orange and Neutrino.

According to the researcher, the Blackhole and Cool kits put together were only involved in about 4% of all malware detected by Sophos in August, down from 28% the previous year.

The figure had since dropped to 2% in recent days, he added.

Another independent security blogger stressed that the arrest was still significant.

“If it’s true that the brains behind the Blackhole has been apprehended it’s a very big deal – a real coup for the cybercrime-fighting authorities, and hopefully cause disruption to the development of one of the most notorious exploit kits the web has ever seen,” said Graham Cluley.

“However, it’s worth remembering that nature abhors a vacuum, and there would surely be other online criminals waiting to take their place, promoting their alternative exploit kits and malicious code.”

Mikko Hypponen, chief research officer at F-Secure, agreed.

“If indeed it is Paunch that they arrested, that is a major arrest – he is a big deal,” he told the BBC.

“He was clearly the biggest player in providing exploit kits – not just by selling them, but also renting and leasing them to online criminals.

“Both Blackhole and its successor Cool have been very popular.

“Users didn’t have to be very technical to operate them – there was a manual that came with them – they just had to get them running and be able to break into a high-profile website, or create a new one from scratch, to install something bad on your computer.”

This story appeared on the BBC News Technology Section

Suspected Malware Criminal Arrested – Irish Web Design

silk road caravan

Clandestine Silk Road online marketplace closed

The value of bitcoins has dropped after the closure of the clandestine Silk Road online marketplace.

The FBI seized bitcoins worth approximately $3.6m (£2.2m) on Tuesday.

The price of a bitcoin, a virtual currency for use online, fell steeply after the arrest of suspected website administrator Ross Ulbricht.

Investor confidence may have been shaken by the association of bitcoins with illegal activity, according to a security expert.

silk-road-marketplace-seized
Visitors trying to access the Silk Road are now presented with a seizure notice

“When there’s a big bust, that’s going to knock people’s confidence in investing,” said Rik Ferguson, a senior researcher at security company Trend Micro.

“The more a currency is associated with illegal activity, the more people will be nervous about using it,” he said.

Silk Road, which allowed users to trade in illegal drugs, required transactions to be made using the virtual currency.

silk road closed down

US authorities believe that 29-year-old Ross William Ulbricht, arrested on Wednesday, is Dread Pirate Roberts (DPR) – the administrator of the notorious Silk Road online marketplace.

 

It was an underground website where people from all over the world were able to buy drugs.

In the months leading up to Mr Ulbricht’s arrest, investigators undertook a painstaking process of piecing together the suspect’s digital footprint, going back years into his history of communicating with others online.

The detail of how the FBI has built its case was outlined in a court complaint document published on Wednesday.

The search started with work from Agent-1, the codename given to the expert cited in the court documents, who undertook an “extensive search of the internet” that sifted through pages dating back to January 2011.

The trail began with a post made on a web forum where users discussed the use of magic mushrooms.

In a post titled “Anonymous market online?”, a user nicknamed Altoid started publicising the site.

“I came across this website called Silk Road,” Altoid wrote. “Let me know what you think.”

The post contained a link to a site hosted by the popular blogging platform WordPress. This provided another link to the Silk Road’s location on the so-called “dark web”.

Records obtained by Agent-1 from WordPress discovered, unsurprisingly, that the blog had been set up by an anonymous user who had hidden their location.

But then Altoid appeared in another place: a discussion site about virtual currency, bitcointalk.org.

Altoid – who the FBI claimed is Mr Ulbricht – was using “common online marketing” tactics. In other words, he was trying to make Silk Road go viral.

Months later, in October, Altoid appeared again – but made a slip-up, granting investigators a major lead.

In a post asking seeking to find an IT expert with knowledge of Bitcoin, he asked people to contact him via rossulbricht@gmail.com.

With a Gmail address to hand, Agent-1 linked this address to accounts on the Google+ social network and YouTube video site. There he discovered some of Mr Ulbricht’s interests.

Among them, according to the viewing history, was economics. In particular, Mr Ulbricht’s account had “favourited” several clips from the Ludwig von Mises Institute, a renowned Austrian school of economics.

Years later, on the Silk Road discussion forums, Dread Pirate Roberts would make several references to the Mises Institute and its work.

Covering tracks

According to the court complaint document, it was the discovery of the rossulbricht@gmail.com email address that gave investigators a major boost in their search.

Through records “obtained from Google”, details of IP addresses – and therefore locations – used to log into Mr Ulbricht’s account focused the search on San Francisco, specifically an internet cafe on Laguna Street.

Furthermore, detailed analysis of Silk Road’s source code highlighted a function that restricted who was able to log in to control the site, locking it down to just one IP address.

As would be expected, Dread Pirate Roberts was using a VPN – virtual private network – to generate a “false” IP address, designed to cover his tracks.

Google Streetview image of Hickory Street, San Francisco
Mr Ulbricht said to have been running Silk Road from Hickory Street in San Francisco

However, the provider of the VPN was subpoenaed by the FBI.

While efforts had been made by DPR to delete data, the VPN server’s records showed a user logged in from an internet cafe just 500 yards from an address on Hickory Street, known to be the home of a close friend of Mr Ulbricht’s, and a location that had also been used to log in to the Gmail account.

At this point in the investigation, these clues, investigators concluded, were enough to suggest that Mr Ulbricht and DPR – if not the same person – were at the very least in the same location at the same time.

Fake IDs

The court complaint went into detail about further leads that followed.

In July of this year, by coincidence, a routine border check of a package from Canada discovered forged documents for several fake identities all containing photographs of the same person.

It was headed to San Francisco’s 15th Street. Homeland security visited the address, and found the man in the photographs – Mr Ulbricht.

He told officers that the people he lived with knew him simply as Josh – one housemate described him as being “always home in his room on the computer”.

Around the same time, investigators working on the Silk Road case later discovered, DPR had been communicating with users privately to ask for advice on obtaining fake IDs – needed in order to purchase more servers.

Further activity attributed to Mr Ulbricht took place on Stack Overflow – a question-and-answer website for programmers – where a user named Frosty asked questions about intricate coding that later became part of the source code of Silk Road.

In another apparent slip-up, one of Frosty’s messages initially identified itself as being written by Ross Ulbricht – before being quickly corrected.

“I believe that Ulbricht changed his username to ‘frosty’ in order to conceal his association with the message he had posted one minute before,” lead prosecutor Christopher Tarbell wrote in court documents.

“The posting was accessible to anyone on the internet and implicated him in operating a Tor hidden service.”

HOW BITCOINS WORK

Bitcoin is often referred to as a new kind of currency.

But it may be better to think of its units as being virtual tokens that have value because enough people believe they do and there is a finite number of them.

Each bitcoin is represented by a unique online registration number.

These numbers are created through a process called “mining”, which involves a computer solving a difficult mathematical problem with a 64-digit solution.

Each time a problem is solved the computer’s owner is rewarded with bitcoins.

To receive a bitcoin, a user must also have a Bitcoin address – a randomly generated string of 27 to 34 letters and numbers – which acts as a kind of virtual postbox to and from which the bitcoins are sent.

Since there is no registry of these addresses, people can use them to protect their anonymity when making a transaction.

These addresses are in turn stored in Bitcoin wallets, which are used to manage savings. They operate like privately run bank accounts – with the proviso that if the data is lost, so are the bitcoins contained.

Price drop

News of the closure was followed by a rapid drop in the price of bitcoins, according to figures from the Mt. Gox bitcoin exchange.

The going rate for the virtual currency dropped from more than $140 (£86) to around $110, before climbing back up to $123 (£75).

Investors may have been concerned about the FBI’s ability to confiscate bitcoins, said Mr Ferguson.

“Knowing that a currency could be seized or shut down could pressure people to look for alternative investment vehicles,” he said.

The FBI seized the virtual currency by getting hold of encryption keys for the bitcoins, according to Jerry Brito, George Mason University’s technology policy director.

The keys were made available through seized computer equipment, Mr Brito said in a blog post.

The FBI then transferred the bitcoins to an address controlled by the US government, according to the seizure order.

The content of this article originally appeared on the BBC News website and BBC News Technology

Clandestine Silk Road online marketplace closed – bitcoin seized – Irish Web Design

Royal Baby Nursery

Royal Baby Malware Attacks

Scammers wasted little time after Prince William and his wife, the former Kate Middleton, announced the birth of their son, who’s now third in line to the British royal throne.

Royal Baby

“Because it is such big news, it didn’t take long for malicious elements to misuse it,” said Kaspersky Lab security researcher Michael Molsner in a Wednesday blog post, noting that the company’s spam traps had already intercepted an email promising regular “Royal Baby” updates.

The message also included a “watch the hospital-cam” link, which appeared to resolve to a legitimate site that had been compromised.

Although the site appears to have since been cleaned, it was serving malicious JavaScript files designed to infect browsers with the Blackhole infection kit.

Irish Web Design –  Royal Baby Malware Attacks

This story appeared on the Information Week Website

kimberley cookies

Irish Cookie Regulations

Irish Cookie Regulations – Update

This article was writted by Philip Nolan, Head of Commercial Law Department and Partner MH & C and Oisin Tobin, trainee, MH & C. Philip Nolan is a Partner in the Commercial Contracts and Outsourcing Department at Mason Hayes & Curran.

kimberley biscuits cookies

The Irish Regulations transposing the new European rules on cookies have come into force. While website operators will need to exercise care to ensure that they are complying with the new regime, these new rules are less onerous and disruptive than originally anticipated.

Cookies, or small items of code placed on a user’s computer by a website, are vital to the functioning of the modern web. Cookies allow website operators to determine how users browse their sites and are a technical prerequisite for the operation of more advanced websites, such as those which require their users to log-in. Cookies can also be used, more controversially, to monitor user behavior for the purpose of targeting advertisements.

The rules governing cookies are being overhauled across Europe at present due to an EU Directive adopted in 2009. While all Member States are obliged to implement the Directive, they are given a certain degree of freedom as to the exact manner in which they chose to do so. The Irish measures which implement the Directive, and which have just come into force, seem to minimize the potential negative impact of the Directive for websites and web businesses based in Ireland.  As a result, it would seem that the new Irish regime may prove to be an additional attraction to international web based businesses considering Ireland as their EU base.

Under the new regime, all websites must have user consent before they place a cookie onto the user’s computer.  The Irish rules do not require that this consent be explicit and therefore, it would seem that consent may be implied.  In addition, they must provide the user with clear, comprehensive, prominently displayed and easily accessible information about the cookie, particularly as to its purpose. While this regime is somewhat tougher than the previous rules, which required that websites give a user the ability to “opt-out” of the cookie being used, these new rules contain a number of provisions which should ensure that websites can become compliant without having to radically overhaul their design.  The regulations note that the methods of providing information and giving consent should be as user friendly as possible. In certain circumstances users may be able to give consent via their browser settings and many consider that the use of browser settings for consent may become a popular means of managing consents. Cookies which are technically required to operate the site are exempt from these new rules.

Notably, a provision in an earlier draft of the Irish regulations, prohibiting the current practice of providing the relevant disclosures about cookie use in a privacy policy, has not made it into the final regulations.   This means that privacy policies may continue to be used, once user friendly and prominently displayed, to provide information about cookies in compliance with the new rules.

In summary, it would seem the Minister for Communications has struck quite an effective balance between the privacy concerns of web users in relation to the use of cookies and the concerns of industry in relation to over-regulation of the internet.

Attribute to Philip Nolan, Head of Commercial Law Department and Partner MH & C and Oisin Tobin, trainee, MH & C. Philip Nolan is a Partner in the Commercial Contracts and Outsourcing Department at Mason Hayes & Curran. For more information, please contact Philip at pnolan@mhc.ie or + 353 1 614 5000. The content of this article is provided for information purposes only and does not constitute legal or other advice. Mason Hayes & Curran (www.mhc.ie) is a leading business law firm with offices in Dublin, London and New York. © Copyright Mason Hayes & Curran 2011. All rights reserved.

Irish Web Design – Irish Cookie Regulations

Gremlins poster

The dreaded Blackhole Exploit Kit is back

The dreaded Blackhole Exploit Kit is back!

Gremlins attack websites

The last week has seen a resurgence of this malicious software appearing on websites around the globe.

Visitors to the sites who have AVG Anti Virus software installed on their systems receive a warning about the infection.

Website owners who do not act quickly to deal with the infection and clean up their websites may find Google blocking access to their websites.

The Blackhole Exploit Kit and it’s many variations was developed by some of the most skilled computer criminals in the world.

It is thought that these gangs originate in Russia or Eastern Europe.

The Blackhole exploit kit is now the most prevalent web threat globally.

The criminals make the software available as a kit on an outright sale or licence basis and each version is tweaked to suit the ‘end user’ criminal’s particular purposes.

In general, the kit uses hidden code to analyse the software on the computer it attacks to find any vulnerabilities.

When it finds some software which can be exploited, it will then run another piece of software, which often in the form of a pop up window.

This appears to be a warning about a malware or virus infection when in point of fact, it is a malware!

The  computer is now under ‘remote control’ by the hackers, who can return and take over running the machine at any time.

What is particularly worrying about this infection is that there is at present no ‘magic bullet’ or simple cure.

Irish Web Design – the dreaded Blackhole Exploit Kit is back AKA Black hole exploit kit.

Captcha Security Check Image 2

Is Captcha security a good idea?

Captcha security test questioned

Is Captcha security a good idea? is a question has been raised as a result of problems with a White House petition.

The fact that Ticketmaster dumped the Captcha from their website casts further doubt on the need for this security measure.

 

Captcha Security Check Image Is Captcha security a good idea?
Captchas can be used in a graphic and in an audio form but both can be difficult to interpret

Is Captcha security a good idea?

The National Federation for the Blind in the USA has stated that its members are unable to sign an e-petition which is collecting support for demands that printed material should be more accessible to those who are visually impaired because of “Captcha” security on the website.

A Captcha is a graphic of a random word or numbers users must key in to show that they are human.

There is an equivalent audio version on most websites that feature the Captcha.

Captcha comes from ‘Completely Automated Public Turing Test to Tell Computers and Humans Apart’, so one could argue its two or three t’s short of an accurate Acronym.

The White House Washington USA Logo

The White House Washington USA Logo

The White House whose website it is says that it complies with official US accessibility standards although it has received just 8,200 signatures.

Chris Danielsen of the American Federation for the Blind said “We had asked people to sign the petition and we’re getting these emails saying that people can’t”

He told the Politico website that he realised there was a problem after he began publicising the petition.

The editor of the BBC’s ‘Ouch’ blog (for people with disabilities) Damon Rose said that “Captcha graphics are a nightmare – visually impaired people use screen readers to interpret their computer rather than their eyes and the screens can’t manage them.

“Ironically if I see an audio capture I tend not to bother with it because it’s usually such a poor experience… some of them sound like aliens talking and they put weird background noises over them. They are a bit of a joke in the blind community. I’ve spent half an hour on some and had to give up.”

Mr Rose added that a result of this was that many visually impaired people found that, on messageboards and blogs they could not contribute to discussion and debate.

ticketmaster logo

ticketmaster logo

Earlier the year Ticketmaster the international event ticket service removed the Captchas from its sales website.

Aaron Young of Bunnyfoot, the user experience consultancy said “It is generally speaking the one of the most hated pieces of user interaction on the web,”

In the view of Irish Web Design it is worth weighing up the value of the added security versus the irritation to users that Captcha causes.

Your business may be losing customers who simply give up when confronted with the frustration of a difficult to read Captcha.

So in response to the question: ‘Is Captcha security a good idea?’ Irish Web Design feels that in many cases it is not necessary, and therefore is not a good idea.

Captcha Cartoon Is Captcha security a good idea?

Captcha Cartoon

This article uses material that originally appeared on the BBC News Website

Is Captcha security a good idea? – Irish Web Design

American Cowboy

Your Domain Name Robbed

Irish Web Design issued a warning this week as yet another client had his preferred domain name robbed from under his nose.

highwayman stand and deliver

We were in the process of securing the preferred .ie, .net and .com domains our client had settled on. It came as a nasty surprise to discover that the rather unusual  .com domain name had been registered just days previously.

It transpired the client had been checking possible names for his new website some days previously and checked the preferred option on one of the many sites that appear at the top of Google.

There are many stories on the internet where people claim that the giant American company godaddy.com engage in this practice.

It appears that as soon as he logged out of the site automated software registered the domain name he was searching for.

The company who registered the site have no use for it, but they now own the name the client wanted.

The domain is available but first the client would need to appoint a company to negotiate for him, which is $69 to start with. Then he has to state in advance how much he is willing to pay. It is not uncommon for companies to demand thousands of Euro in order for them to hand over “your” name. If successful the ‘agent’ then adds another 10% on  top

Back in the days of the James brothers you knew you were dealing with robbing low-life bandits, but this form of robbery is corporate extortion on a massive scale.

You have no idea what the connections are between the agent, the company who registered the site and the company on whose site you first carried out the search.

The only thing you can be certain of is that you have been well and truly screwed.

The moral of the story?

Under no circumstances should you check the availability of domain names unless you know exactly what you are doing.

If you fail to heed this advice it may end up costing you thousands of Euro as you are subjected to information highway robbery.

american bandits

Your Domain Name Robbed an article by Irish Web Design

 

supermarket cctv footage

Secure your CCTV

This is an interesting article that Irish Web Design found on the BBC News Features and Analysis Section.

The subject of securing your systems from outside access applies to virtually every computer.

Those businesses with security systems that can be accessed on the web or by mobile phone should pay particular attention to how their system is secured.

cc tv camera

How to hack a nation’s infrastructure

By Mark Ward Technology correspondent, BBC News

I’m watching a live video feed of people visiting a café in London.

It’s a small, busy place and is doing a good trade in tea, coffee and cakes. That woman has dropped some money. A child is running around. Later, another customer thinks they have got the wrong change.

Nothing too gripping, you might think, except that the feed should be private, seen only by the cafe’s managers. Somebody forgot to click a box so now anyone who knows where to look can watch.

That CCTV feed is just one of many inadvertently put online. Finding them has got much easier thanks to search engines such as Shodan that scour the web for them. It catalogues hundreds every day.

“Shodan makes it easier to perform attacks that were historically difficult due to the rarity of the systems involved,” Alastair O’Neill from the Insecurety computer security research collective told the BBC. “Shodan lowers the cost of enumerating a network and looking for specific targets.”

It is not just CCTV that has been inadvertently exposed to public scrutiny. Search engines are revealing public interfaces to huge numbers of domestic, business and industrial systems.

Mr O’Neill and other researchers have found public control interfaces for heating systems, geo-thermal energy plants, building control systems and manufacturing plants.
Remote work

The most worrying examples are web-facing controls for “critical infrastructure” – water treatment systems, power plants and traffic control systems.
Industrial plant Many industrial systems are networked because they are in remote locations

“There’s a tremendous amount of stuff out there right now,” said Kyle Wilhoit, a threat researcher from Trend Micro who specialises in seeking out those exposed systems and helping them improve their defences.

Mr Wilhoit said such control systems, which often go by the name of Scada (supervisory control and data acquisition), get put online for many different reasons. Often, he said, the elements of such critical systems were in far-flung places and it was much cheaper to keep an eye on them via the internet than to send an engineer out.

It’s not just finding these systems that is a danger. Security experts are finding lots of holes in the software they run that, in the hands of a skilled attacker, can be exploited to grant unauthorised access.

“For attackers, the potential pay-off for compromising these systems is very high,” said Mr Wilhoit.

Governments are turning their attention to increasingly public vulnerabilities in such critical systems. The US Department of Homeland Security has established a computer emergency response team that deals solely with threats to industrial control systems. In the UK, government cash has been made available to help intelligence agencies and law enforcement deal with cyberthreats.
Continue reading the main story
“Start Quote

“The threat is there – it might not be biting you yet but you had better be ready for the day it does”

Jeff Parker ICSPA

A Cabinet Office spokesman said cyber-attacks were one of the “top four” threats to the UK’s national security.

“Billions of pounds are being lost to the UK economy from cybercrime each year, including from intellectual property theft and cyber-espionage,” he said. “Industry is by far the biggest victim.”

The spokesman added that government was working with industry to harden critical infrastructure against attack, and had set up a series of initiatives to share information about threats and the best way to tackle them.
Bad decisions

The number of web-facing industrial and critical systems that these search engines find is only going to grow. That could introduce a whole new problem if the work of Greg Jones from security firm Digital Assurance is any guide.

Mr Jones bought several smart electricity meters from eBay and took them apart to see how well they protected the information within them. The models he bought are the same as those likely to be used as the UK converts its relatively dumb electricity grid to a smarter alternative.

A few days of work saw Mr Jones and his colleagues extract the passwords from the small chunk of memory inside the meter.
Warning text Many of the systems found by Shodan should have a restricted audience

“They had the same credentials in them – factory default passwords.” In addition, he said, basic steps to stop people fiddling with the hardware, or at least reveal tampering, had not been taken.

The traffic the devices swapped with utilities looked like it would be easy to spoof. If smart meters are rolled out in large numbers this could mean problems as it would give any attacker a way to trick that smart grid into making some catastrophically bad decisions.

“There are some really good standards out there governing smart meters,” said Mr Jones. “Our evidence suggests that those suggestions are not being followed.”

This is despite the government body that advises on security, based at GCHQ in Cheltenham, drawing up standards for validating the security, or otherwise, of the meters. The UK was already supposed to be well on the way to making the grid smarter but the project has been delayed because of worries about the central control system.

What is clear is that critical infrastructure and industrial plant control systems are coming under more scrutiny from both attackers and defenders.

That has its upside, said Jeff Parker, one of the directors at the ICSPA, which advises governments and businesses on cyber-protection.

“Is that a benefit? If it raises awareness of vulnerabilities, then, yes, it can help,” he said. However, it might take a lot of work to harden systems and ensure they were adequately protected.

“The threat is there,” he said, “It might not be biting you yet but you had better be ready for the day it does.”

Read the original article here: http://www.bbc.co.uk/news/technology-22524274

Secure your CCTV – Irish Web Design

darby o gill and the little people

Tourism Ireland Website

IIA STATEMENT IN RESPONSE TO TOURISM IRELAND AWARDING CONTRACT TO LONDON BASED COMPANY

In response to the Tourism Ireland decision to spend €2.5million on the development of the new Tourism Ireland website www.Ireland.com the Irish Internet Association on behalf of its members would like to express its serious disappointment that an agency of the state have preferred to employ the services of a London web development company over an Irish one.

paddywhackery begosh begorrah

There are a number of points that need to be addressed. Firstly, as a country in a job crisis we should be doing everything in our powers to support jobs locally. On principle as well as in practice, this ethos should be of highest importance for government agencies leading by example. In this specific instance, IIA members were shortlisted for this tender and we know that domestic rates are far more competitive that those reportedly paid. In accepting that price is not the only factor and that technical merit was the other criteria used, it is worth noting that on the subjective yet technical issue of design and user experience, the general view is that there are already some basic user experience shortcomings with this site.

Secondly, we must look at the broader ramifications of this decision. The majority of global technology companies have elected Ireland as their European base given the high quality of talent here. Beyond the specifics of this particular case, the political message that this decision is sending out to the world is counter-productive and anti-jobs. On the one hand, we have the IDA and Government Ministers working to increase foreign direct investment with a strong focus on the technology industry. On the other hand, in this single decision, we have a state agency saying that it is not possible to secure high quality and good value web design and development services here.

Tourism Ireland is responsible for attracting visitors to Ireland. Holiday tourism is important but so too is business and education tourism. They are asking people to visit a vibrant and welcoming country but is it also one that is so insecure about itself, so lacking in faith in its own people that when given the choice they will partner with a foreign company rather than an Irish one? The argument that this spend represents less than 10% of its total budget for the year is reminiscent of boom years when pockets were deep. The measure of value in these straitened times should surely not be that they got it for a small % of a large amount but rather that they got it for the very best possible price and in doing so factored in the multiplier effect of keeping those jobs in Ireland and promoting the world class standards that exist within our country.

Tourism Ireland’s new website was designed by Hugo and Cat — a creative agency for a digital world.

To quote their own website:

“Creativity from Insight

Consumer engagement. Conversion. Advocacy. A full house in buzzword bingo – but they’re what our clients come to us for.

We’re a digital creative agency specialising in content marketing, experience design and technology, underpinned by strategic planning. We’re all about big ideas without a big attitude, so you’ll get to know the people creating the work that gets your audience talking.

Why not stop by and say hello?”

Originally published on the IIA website

Bock The Robber had an amusing take on the whole farce:

At first glance it appears that the cat did most of the work, and a very well paid cat he is indeed, while Hugo did most of the talking. But what a talker Hugo is, persuading the Tourism Ireland management that a website should cost €2.5 million to design and build.

How appropriate for this pantomime.

Hugo and Cat

Let’s say the cat is on a hundred grand a year, which is good money by any standards in a time of austerity, especially when all you need to survive is the odd fish-bone. This means that the moggy needed to spend 25 years working on the project, which, you’ll agree, uses up several of his lives.

Two and a half million buckaroonies for a website isn’t chickenfeed. but hold on. A man like Hugo would have no ordinary cat. Any feline in his world would be the very cream of cat programmers, so let’s say he’s on a grand a day, because he’s worth it. That means he spent 2,500 days developing this website. Giving him weekends off to prowl the rooftops flashing the dosh at the lady cats — Loadsamoney!! — he still spent a full ten years on the job. That must be a hell of a website, wouldn’t you think?

Well, yes, you would think so, but you’d be wrong. This is the most confused, ill-functioning website you might ever have seen. It starts nowhere and it goes nowhere. It looks like somebody stole it and crashed it into a wall. If there’s a wrong way to do it, a right way to screw it up, nobody does it like us, and so, in their wisdom, the authorities awarded the contract to a London-based firm, rather than a local developer, even though their tender was not the lowest. Not that there’s anything wrong with a firm simply because it’s based in London, but since there’s no shortage of developers in Ireland, it seems surprising that Tourism Ireland couldn’t find a single one that came within a whisker of Hugo and his feline friend. Nobody was up to scratch.

ireland

Of course, the formidable managerial intellects at Tourism Ireland weren’t satisfied with spending the two and a half million on Hugo’s cat. They also decided that they should buy the domain name ireland.com from the Irish Times for half a million euros.

For some reason, they felt it was better to have an American domain representing Ireland than our own .ie extension.

Why?

I don’t know. This doesn’t seem like a decision based on professional advice, but of course, as usual, I might be wrong. I’d be very interested to hear what professional advice they had when they drew up the request for proposals. Were any web professionals involved in preparing the tender documents? What factors persuaded Tourism Ireland to award the contract to a company whose tender was not the lowest? What personnel prepared the detailed specification ? Did any external consultants assist in completion of the specification? Did any external consultants assist in evaluation of the completed design to ensure compliance with the brief? If so, who did these consultants work for?

So many questions.

One question has finally been answered, of course.

We now know that a cat can most certainly laugh.

Originally published on Bock

Irish Web Design notes that the website does not perform very well on mobile devices and smart phones.

Visit Us On TwitterVisit Us On FacebookCheck Our Feed