Subscribe to this list via RSS Blog posts tagged in security

Posted by on in Members

Suffolk Police is issuing a warning to Suffolk businesses following reports of a telephone scam.

A business owner in central Ipswich reported being contacted by a man purporting to be from Suffolk Constabulary, asking for money.

The caller asked the business for a payment of £299 to sign up to a discount initiative, which he said was set up in order to give discounted prices on goods and services to police officers and staff.

A Suffolk Constabulary spokesman says: "We would ask business owners and employees to be vigilant and aware of this approach, as Suffolk Constabulary does not contact businesses and ask for money to participate in discount schemes."

Businesses are asked to make employees aware and to report any incidents or attempted incidents directly to Action Fraud on their official website:

Further crime prevention advice and details of your local Safer neighbourhood Team can be found of the Suffolk Police webpage  

Hits: 1977

Posted by on in Members

The number of public Wi-Fi hotspots has grown massively in recent years. One report suggests the UK has one for every 11 people while worldwide there is one for every 150 people. It estimates there will be nearly 47 million public hotspots across the globe by the end of 2014.

While this coverage is a boon for an increasing number of users with smartphones, especially those in urban areas, this new age of open access has brought with it a number of security issues.

The biggest safety concern is that the data being transmitted over these public hotspots normally isn’t encrypted. This means that if someone is monitoring a particular hotspot they will be able to see everything an individual is typing, including valuable information such as usernames, passwords and bank account details.

And while using a reputable Wi-Fi provider, such as BT or O2, shouldn’t cause a problem, users have no guarantees of security.

Another current security concern about the plethora of free Wi-Fi access and public access points is that very little work has taken place to verify the identity of the organisations behind the access points. The reason this is important is because public hotspots are easy to mimic and a growing number of the trusting public are quick to use them. Casual passers-by are now used to finding free and open Wi-Fi and so are more likely to discover they have become the potential victim of criminals and those wishing to capture their information.

If criminals want to set up a scam it is straightforward to install an open wireless connection outside a café or other public space and give it a convincing name. All they then need is some software to monitor traffic and log everything that happens over that connection.

One recent experiment by IT security firm F-Secure saw the company set up a monitored public Wi-Fi hotspot in a busy London location for half an hour. In that time 33 users had connected to the service and 32MB of traffic had been collected including sensitive information from e-mails.

The answer to improving this growing problem is that a joined up approach from all stakeholders is required – device manufacturers need to make phones that are more secure while telecoms providers need to be more upfront about

what data is being taken from a customer‘s device in return for a Wi-Fi service over and above the terms and conditions.

Individual users can protect themselves in a number of ways – by adopting a Virtual Private Network (VPN), turning off the Wi-Fi on handheld devices when on the move and only using trusted Wi-Fi access points secured with a password.

Hits: 2639

Posted by on in Members

As many will now be aware, Google advised that they would be adding a new ranking signal to their algorithms - they would begin to favour (if only a small amount) encrypted sites using https over those which weren't using encryption - creating a lot of phone calls to web developers around the world I have no doubt!  But how do you implemented the forcing of SSL on your site, and what should you be aware of if you do?  

This article explains how to properly redirect your site to the encrypted version - assuming you have an SSL certificate set up and correctly configured - using an .htaccess rewrite.  It assumes you are running an Apache server with mod_rewrite enabled - if you're not sure about any of this, just send the link to your web developer and let them implement it!

Hits: 3373