Paul Robertson

Director, Cyber Security


Wearables in the Workplace, Get the Policy Right Today

Posted on: 17 Jun 2014

Do your workplace policies cover wearable devices? Many commercial and Government facilities ban cameras and cellular phones with cameras, but having such policies and not enforcing them can hurt you in the wake of a successful attack. If you routinely ignore a security policy and someone violates it, then you may be left holding the bag — I’ve…

Thermal Imaging Attacks; Research Heats Up!

Posted on: 19 Dec 2013

We’ve all had or seen server room doors protected by combination locks. Most safes these days are protected by electronic keypads, like the ones used to safeguard on-site backup tapes. Using digital keypads, one’s fingers transfer a minute amount of heat to each key pressed. This heat can be read by thermal imaging cameras for a…

Sometimes Your Employees Go Home; The Case for Securing Home Users

Posted on: 21 Nov 2013

Bring your own devices (BYOD), USB flash drives, signing into compromised personal web-based accounts from work, and shared passwords. These are some of the reasons for information security professionals to train their employee user base, even when it’s about apparent non-work related computing resources. Becoming visible to your non-security enterprise end users as a security resource…

Software Defined Radio: A Hacker’s Dream

Posted on: 11 Nov 2013

Wireless cameras, RFID key cards, keyboards, cordless phones, just about every wireless technology that isn’t light- or sound-based will attract a hoard  of researchers (and attackers) looking at ways to exploit  them. Are you prepared? It is now known that your car’s GPS, toaster and medical devices are vulnerable to attack.  For the most part, built without…

Can’t Touch This? Researchers Successfully Eavesdrop on Contactless Cards

Posted on: 06 Nov 2013

Contactless card transactions are becoming increasingly popular in the United States, Europe and Asia. In the United Kingdom alone there are some 34.5 million cards in issue with contactless functionality according the UK Cards Association. With contactless payments no signatures or PINs are required for authorization.  This makes transactions under approximately $35 dollars quick, occurring…

Firmware Attacks on the Uptick

Posted on: 04 Nov 2013

Firmware attacks are growing increasingly popular among software hackers. Despite efforts to issue patches for firmware, reported attacks are on the uptick. For instance, Ruben Santamarta, a security researcher at IOActive, recently posted a blog in which he describes how he directed the firmware of a counterfeit money detector to force the system to literally accept any piece of…

MIT Researchers Uncover Security Flaws in C and C++ Software

Posted on: 01 Nov 2013

MIT researchers have produced a new paper that uncovers security flaws in C and C++ software, generated by compiler optimizations that discard ambiguous code or code, which produce undefined behavior. Some of that code includes security-relevant checks and the paper includes examples of null pointer checks and pointer overflow checks that the GCC compiler optimizes away, leaving…

Wormiversary!

Posted on: 01 Nov 2013

November 2, 2013 is the 25th anniversary of the Morris Worm. In the intervening years, we have not solved the problems of buffer overflows, reusable single-factor credentials, peer-to-peer trust or password reuse. What then have we learned from this incident? 1. Access to some files should be restricted. No more world-readable password files. Shadow files in…