Posts Tagged: security

Cyber Essentials Certification Body

We’re pleased to announce that Ambersail is a Cyber Essentials Certification Body and we can help you achieve either Stage 1 or Stage 2 compliance as required. Cyber Essentials is a UK Government-sponsored scheme open to organisations of all sizes.  It includes a formal certification showing adherence to a basic set of information security controls. It is… Read more »

Apple Secure Coding Guide

We note that Apple has just released a document entitled “Secure Coding Guide” and it covers OSX and iOS development. >From the intro: “Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you… Read more »

The Impotence of Passwords

cyber security

No, that’s not a typo. More evidence has emerged that millions of people  choose poor quality passwords.  This is perhaps less surprising than it is disappointing. Why are we still having this discussion? Why is the most widely-deployed authentication factor in the world so poorly implemented? Unfortunately, the truth lies in the fact that, if… Read more »

Security & The Short Road To Legacy Systems

“Information security means working with how things are, rather than how you want them to be.”     We’ve all heard the apocryphal tale about the lost traveler asking for directions in a remote country village. You know the one: our traveler is hopelessly lost, the streets are empty. Just as his frustration seems complete, an elderly… Read more »

Payment Cards are Dead. Long Live Payment Cards.

PCI DSS compliance logo credit cards

Any payment technology analyst will tell you that the payments market has exploded over the last few years. An explosion sounds great, but it also suggest fragmentation. Which is another way of saying that the customer has a confusing array of choices. Not that confusion is anything new. Everyone has, at some point, fumbled through a stack… Read more »

5 Constraints To Security Innovation

“We now have a massive security industry, and hacking and data loss is a bigger issue than ever before”   The great thing about the information security field is that it constantly re-invents itself, or at least it tries to. In truth, real innovation is rare, and recyling is common. Developments in information security are… Read more »

Security News Roundup: Defending The Indefensible

Here’s a data security conundrum. The news that anonymous DNA sample data has been used to personally identify the original donor sounds, at first, like an information security problem. The reality is, it isn’t.  A team of geneticists has shown there is a systematic weakness in the way that this data is handled. It turns out… Read more »

Cheat Sheet: Virtual Web Application Patching

Do you operate public-facing web applications in your card data environment? Here’s a pointer to a great source of information from the Open Web Application Security Project (OWASP) on the subject of virtual patching. What is virtual patching? Within the context of web vulnerabilities, this refers to the practice of applying a defensive layer to intercept… Read more »

Security News Roundup: Can You Hear Me Now?

Sometimes, the price of success is unwanted attention. Witness the apparently stratospheric rise in malware on the Android mobile platform. With mobile usage continuing to explode, coupled with the vast array of valuable data we store and access from our phones, it should come as no surprise that the  bad guys want a piece of… Read more »