Meeting Notes 21/11/2018

The Guest Speaker questions panel

Melanie Oldham, CEO and Founder of Bob’s Business begins the presentation with a brief introduction then hands over to the first guest speakers.

Joe Daley and Roland Spencer from Sheffield Hallam University talk about the benefits of the Apprentice Degrees the University provides, and how it can be beneficial for the employer and student, being incredibly cheap and useful for both. This reduces education fees and the government supply somewhere around 90% of the apprentice’s pay.

Lots of Universities are beginning to roll out similar programs but SHU are quickly leading the group.

  • Government will pay for 90% or more of the wages for someone older than 18
  • Will pay up to 100% of the salary for someone straight from school
    • Not just for younger people though, can be for anyone
  • Applicable as long as they are in a job that meets standards set by experts in that field
  • Large cybersecurity pathway dedicated for that one sole purpose
  • Some examples of organisations (SMEs) that have already implemented the system:
    • Wicker Pharmacy
    • NHS
    • House of Play

Tom from Bob’s Business gives a quick overview of the latest Cyber Security related news:

  • Child’s Smart Watch, easily hackable and spoofable.
    • Can giver hackers access to location data
    • Can give hackers access to the microphone
    • Can give hackers access to the exact location of the child
    • Can allow hackers to make unauthorised calls from the device
    • Some retailers, notably eBay have refused to sell the device
  • Instagram “Passwordgate”
    • New “Download your data” feature stored the passwords of users in plaintext in the URL bar and on Facebook’s servers
    • Instagram claim the issue has been resolved and those few affected are being notified.
  • The UK is “unprepared for a cyber attack”
    • The threat of organised criminal gangs is as large as a state
    • The NCSC and other Cyber Security Firms tasked with defending the country are being asked by the government to do work they simply cannot afford to do
    • An attack is now “when, not if”
    • Needs to be a larger focus of funding into cybersecurity

Introductions from everybody in the room, some of the organisations include:

  • Plusnet
  • Cyber Security Blinds
  • Once Compliance
  • NHS
  • The Leap
  • Global Private Bank
  • Cyber Security Defense
  • YHROCU
  • Cornerstone Education
  • Egress
  • Barnsley Council
  • CRK Consulting
  • Sheffield Hallam University
  • Security Architect

Melanie mentions the new Cyber 101 scheme by Digital Catapult.

Also mentions that the NCSC Cyber Accelerator program is launching in January again.

Final slide before guest speakers is statistics from various police forces around yorkshire regarding different cyber crimes, and how often some of them have been reported in the last month.

Representatives from Newfox give a quick overview of what they do as a penetration testing company, and demo a live hack into a Windows Domain Controller using a mix of traditional methods and phishing. This includes the anatomy of an attack:

  • Reconnaissance
  • Planning
  • The Attack
  • Clean Up

Tools used include:

  • Netcat
  • Nmap
  • Nessus

Jeremy Newman from New Mobile Identity gives a talk on the drawbacks of traditional passwords, and showcases a new system whereby the user logs into an account not by identifying who they are, but by identifying who isn’t them. Some of the outlines of the presentation are as follows:

  • Fundamentally, to a computer there is no difference between the right and wrong person inputting a password
  • With people putting more and more information on Social Media it’s becoming easier and easier to steal passwords
  • So why not use a password that relies on 2 billion years of evolution – Manifest Identity
  • The plan is not to identify who you are, but to identify everyone who isn’t you

Demonstrated system:

  • Uses a form of “video selfie” of a the person reading words that are generated then and there to verify who they are, like 3d, motion based facial recognition.
  • If the computer is unsure it will crowdsource the question “Is this person the same as this person [The picture taken when you first sign up for the service].
  • If this fails, it gets passed to that person’s close family / friends / relatives for final identification
  • Use within organisations:
    • Organisation provides the context for the login
    • Device shows the person
    • Person is the identity

 

Final question panel and update for next meeting. Next meeting is 16th January, location TBC. Melanie opens up the hosting to anyone willing.