Ransomware: How to Protect Yourself
by Chris Fairey on May 15, 2017
The massive cyber attack unleashed on the world on Friday (in the form of the WannaCry ransomware worm) caused major disruption to thousands of people around the world. The effects of the attack will be felt for some time to come and one question remains: how do you protect yourself from ransomware?
E-Mail Security: Sending Newsletters
by Chris Fairey on May 10, 2016
Recent reports of health clinics breaching the Data Protection Act through user error have highlighted a problem with the use of mass e-mail.
New Website Is Live!
by Chris Fairey on April 2, 2015
It's taken nearly 6 months of work, but the new and improved DigiPest website is finally live.
MS14-066: Microsoft's 'Heartbleed'
by Chris Fairey on November 12, 2014
Microsoft's November 'Patch Tuesday' contained quite a few critical updates. Here's one you really need to take notice of. MS14-066 is an identified remote code execution vulnerability in SChannel (the portion of Windows responsible for secure communications, including SSL/TLS).
Critical 'Shellshock' Bug Affects Millions of Devices
by Chris Fairey on September 25, 2014
A critical security vulnerability, dubbed 'Shellshock', in one of the most widely used programs, Bash (Bourne Again Shell) could topple the recent Heartbleed vulnerability as the most severe issue to affect the Internet.
If You Build It, They Will Come
by Chris Fairey on July 25, 2014
A recent news report about a travel services company who has been fined £150,000 by the Information Commissioner's Office for a breach of an 'internal' system, hosted on the same server as their main e-commerce website (that lead to the compromise of over 1.1 million credit/debit card details) has driven me to write this post, […]
CryptoLocker Takes Out Company Data
by Chris Fairey on June 3, 2014
In light of the recent news reports of the take over of the Command and Control servers for the Gameover Zeus botnet - and the potential resurgence of CryptoLocker. I thought it may be a good idea to publish this case study about just how devastating it can be if you find yourself a victim […]
eBay Breach Analysis & Thoughts
by Chris Fairey on May 29, 2014
eBay announced on Wednesday 21st May 2014 that they had suffered a significant breach of their user details database, which resulted in the personal details and hashed passwords of eBay users being compromised. It has since been revealed that the breach occurred between February and March 2014.
The Danger of the Internet of Things
by Chris Fairey on March 6, 2014
Like it or not, the so called Internet of Things is here, and it's only just beginning. You can now buy Internet-connected versions of many major household appliances including your kettle, refrigerator, smoke alarm, thermostat and (if you've got the money to spare) systems for controlling your entire house.
New Year - New DigiPest
by Chris Fairey on January 7, 2014
We hope everyone had a good break and end to 2013. We're excited to announce that 2014 is going to bring some rather radical changes to DigiPest.
Be Wary of Last-Minute Christmas Shopping Scams
by Chris Fairey on December 20, 2013
As people scramble to find those last-minute gifts for their loved ones, cyber criminals are likely to attempt some sophisticated, wide-reaching scams in an attempt to part desperate shoppers from their money.
Apple OS X 'Developer Mode' Hoax
by Chris Fairey on December 18, 2013
We have recently (within the last couple of hours) been alerted to a set of instructions that appear to be circulating on parts of the Internet telling people how to supposedly enable 'Developer Mode' OS X.
Re-Claim Your Data (Part 1: Run Your Own Storage Cloud)
by Chris Fairey on October 12, 2013
In this first of a series of posts about re-claiming your private data from 'the cloud' I will explore how you can achieve all the functionality of services like Dropbox, while ensuring you know exactly where your data is.
The Adobe Hack & Why I Think It Happened
by Chris Fairey on October 4, 2013
On October 3rd 2013 Adobe (the world's largest supplier of software and services for the design and media industries) discovered unauthorised access had been made to their systems, leading to the compromise of some 2.9 million user accounts (including encrypted credit/debit card details) and the source code for their web application server - Cold Fusion. Update […]
Apple's iCloud Keychain - Should You Use It?
by Chris Fairey on September 19, 2013
Apple announced an interesting feature they are adding to the latest version of OS X and iOS at their World Wide Developer Conference this year: iCloud Keychain. Now that iOS 7 is out, I thought I would give you my opinion as to why you should probably not use it. Edit (19/09/2013 13:01): iCloud Keychain is […]
Do You Really Need Access to Everything from Anywhere?
by Chris Fairey on August 8, 2013
As devices you install in your offices start to become ever more connected, there is a temptation to throw caution to the wind and take advantage of the 'Access your device anywhere' claims plastered all over the outside of the box. Don't.
What to do if Your Server is Compromised
by Chris Fairey on May 16, 2013
Towards the end of last week, I was made aware that some websites hosted on a server operated by one of my clients had been hacked. The initial compromise targeted just the websites running PHP, replacing all .php files with code to re-direct visitors to a website hosting malicious code, thus causing Google to flag […]
How Encrypting Your Laptop Can Save Your Business
by Chris Fairey on March 18, 2013
You may have noticed the numerous news stories over the past few years about laptops with sensitive information being left on trains, in taxis and even those that were stolen from people's homes.
RBS Computer System Issues (and why they shouldn't happen)
by Chris Fairey on March 15, 2013
On Wednesday 6th March, Royal Bank of Scotland customers found themselves unable to use their debit/credit cards, access their accounts through online banking, or make withdrawals from cash machines. RBS has stated that they will compensate customers who were affected by the issue, but it really shouldn't have happened in the first place.
ICO Fines Sony £250,000 for 2011 PlayStation Network Breach
by Chris Fairey on January 28, 2013
On 14th January, the Information Commissioner's Office, the government agency responsible for enforcing the Data Protection Act, issued a Monetary Penalty Notice to Sony Computer Entertainment Europe (SCEE) for £250,000 in relation to the security breach of the PlayStation Network in 2011 that resulted in the compromise of the records of millions of UK PlayStation […]
Failure is Success
by Chris Fairey on January 10, 2013
Penetration Testing is often sold as the mechanism to highlight when security doesn't work. By contrast, it can also serve to highlight when it does.
Small Businesses "Weak Link" to Hackers
by Chris Fairey on January 9, 2013
Malicious hackers are continually turning to Small Businesses for targets for a very simple reason, they're easier to attack.
The Hidden Costs of Windows 8
by Chris Fairey on November 12, 2012
Windows 8 has been out for just over 2 weeks, and has received mixed reviews from the technology industry.
The EU Cookie Law: What It Means for Your Website
by Chris Fairey on November 5, 2012
In May 2012, the 12-month grace-period the Information Commissioner’s Office imposed before they would begin taking action against websites for non-compliance with the new EU Privacy Directive expired.
The Importance of Updates
by Chris Fairey on August 17, 2012
The recent news that the Reuters News Agency's blog has been compromised for the third time in a month has got me wondering exactly what process the administrators went through after the first attack.
Protect Your Source Code: Part 1
by Chris Fairey on August 15, 2012
I recently spent the weekend in Brighton, at the first PC and Indie Games Conference, Rezzed. During the weekend, I went to various developer sessions where games developers talked about the processes they used to develop their games, the next titles they were working on, or how their latest game was born.
Setting Up Google 2-step Verification
by Chris Fairey on August 9, 2012
The recent article in Wired Magazine (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/) relating to a sophisticated attack against a specific individual that led to the closure of their GMail Account, compromise of their Twitter account, Amazon Account and Apple iCloud Service (which the attacker then used to wipe the data from the victim's iPhone, iPad and Mac), highlights the need […]
Why Strong Authentication Systems Matter
by Chris Fairey on June 20, 2012
The recent attack on, and compromise of LinkedIn and their password data has highlighted the need for strong authentication practices, and a lack of awareness among certain developers of security best-practice.
The Potential Threat of State-sponsored Cyber-attacks
by Chris Fairey on June 6, 2012
With its ever-increasing number of users, the Internet has become the primary communication mechanism for many individuals around the world. Governments who wish to maintain the ability to protect their citizens from harm need to develop evermore sophisticated methods of capturing and analysing data flowing through the ever-increasing numbers of social networks, online chat and […]
Why I Think Every Site Should Use CloudFlare
by Chris Fairey on May 25, 2012
A couple of days ago, you may have noticed that our website was offline. The site itself was still running (the servers were still up), it was just that our domain registrar, 123-reg had suffered a Distributed Denial of Service (DDoS) atttack, which they attempted to stop by making various changes to their core network […]
My Plea to Wireless Router Manufacturers
by Chris Fairey on May 11, 2012
I had an interesting experience last week - I was asked if I could help someone figure out their wireless network key. I started thinking that I would need to crack the key (as they couldn't remember it, and didn't have it recorded anywhere), then I thought "it's probably stored in the administration interface somewhere, […]
Too Many Passwords? Use a Password Manager
by Chris Fairey on October 27, 2011
The more websites we sign up to, the more passwords we have to remember, this often causes us to use the same password multiple times, which can cause major problems if, for example, you use the same password for your Online Banking and Facebook accounts. A simple way to remove the problems associated with remembering […]
What the RIM Server Failure Teaches Us
by Chris Fairey on October 11, 2011
Monday's complete failure of Research in Motion's (RIMs) UK BlackBerry Internet Service servers has highlighted just how reliant we have become on services offered by third parties. Because of the failure of a group of servers in a UK datacentre, all of RIMs customers across the whole EMEA region were unable to access any of […]
Why Acting on Virus Hoax E-Mails is Dangerous
by Chris Fairey on October 3, 2011
We've all seen them, an e-mail arrives from someone you know telling you about a new, highly dangerous and undetectable virus and asks you to forward the message on to everyone in your address book. Not surprisingly, most people who get these e-mails do exactly that.
Is SSL Still Safe?
by Chris Fairey on September 12, 2011
SSL (Secure Socket Layer), the technology that protects everything from your online banking activities, to all your purchases on Amazon or the iTunes store has come under fire recently thanks to the actions of a small group of individuals who claim to have broken into the servers that issue the certificates that websites use to […]
Why Small Businesses Need Security Policies
by Chris Fairey on April 6, 2011
You may see the title of this post, and think that you may be too small to think or worry about security policies, however, they can be an extremely useful tool to remind you of things you should consider whenever you are using your computer systems.
Reasons to Control USB
by Chris Fairey on April 4, 2011
Your business could have invested in state-of-the-art firewalls, anti-virus software and connect all your remote users via VPNs, but if you fail to control the use of removable storage devices, you could be exposing your data to unnecessary risks.
Top Security Oversights in Small Businesses
by Chris Fairey on March 16, 2011
This blog post aims to highlight the top security issues we encounter when asked to perform security tests, or just stopping by for meetings, in the case of WiFi issues.
Welcome
by Chris Fairey on March 1, 2011
Welcome to the DigiPest Blog, this blog will be used to provide details about security issues that we feel important to disclose to our customers. It will also be used to provide advice and information.
