Ben joined Virya Technologies back in 2009 as a freelance contractor, providing support to our IT clients around Suffolk and Essex.  He joined our team on a full-time basis in February 2012 and leads up the IT Support team.  Ben has also been key in moving our business processes towards a completely Open Source setup, and is a frequent contributor to several open source projects.

Virya Technologies are delighted to announce that we have been awarded the Suffolk Carbon Charter at Bronze level - demonstrating the commitment to reducing our impact on the environment, and introduce different ways of working which will reduce our carbon footprint.

How do you know if you're using the most up to date version of Joomla! - for many people who come to us they don't even know what version they are running, let alone whether it's secured against the latest reported vulnerabilities!  

Introduction

On 25^th May 2011 a new European Union law came into effect relating to the use of cookies on websites, which has taken many by surprise and drawn attention to the data protection and privacy issues surrounding the storage of cookies by web browsers.

The Information Commissioner’s Office has given organisations in the United Kingdom one year in which to be fully compliant with this law, on the condition that they are actively taking steps towards achieving compliance.  This analysis looks at what cookies are, why we need them, the different types of cookies that are used, and what this law actually means.

We were approached by a company who had received an email from an individual suggesting that several areas of their ASP e-commerce website and Windows Server were vulnerable to attack, and provided details of how information from their database could be retreived by following certain processes.

How do you know if your Joomla! website is being run effectively?  Have you had a Joomla! site created but not sure whether the security is up to scratch?  This article aims to give some tips to check against your website, which are drawn from standard security and 'best practice' guidelines.  If you have any other points you think we should add, please leave a comment!

 

The Internet is awash with speculation following allegations that the IPSEC cryptographic stack in OpenBSD was furnished with a backdoor at the behest of the Federal Bureau of Investigation (FBI).

The allegations were made by Gregory Perry in an e-mail to one of the founders of NetBSD - Theo De Raadt – and were published on the BSD mailing lists so that a code audit can be undertaken by those with an interest in doing so.

If such a backdoor does exist, it could allow the FBI (and conceviably others) to decrypt communications between servers, whether those communications take place over a Virtual Private Network (VPN) or over a Secure Shell Connection (SSH).

This whitepaper will examine the precedents for this allegation as well as the potential impact that such a revelation could have on businesses around the world.

Password theft is a fast growing business, in the age of the internet a singular word or phrase is often all you need to verify your identity. Unfortunately this token is all that is needed for someone else to adopt your identity, and potentially commit fraud or criminal acts in your name.

While many automated network penetration scanning systems exist, the value of having trustyworthy and reliable 'real people' to put your systems to the test cannot be underestimated. 

Staying ahead of the hackers

While automated scanners can look for certain exploits and holes, they are only looking for what they already know about.  Automated scanning systems can't think like the people who are potentially trying to get access to your systems.  They don't come up with the new ways for circumventing security systems - the hackers do! 

Sometimes it can be as much as three months before automated systems are updated with news of new vulnerabilities, potentially leaving you open to significant risks. 

Is that a risk you're willing to take?

Proactive protection

Virya Technologies employ a team of specialist "white hat" hackers who can run an entire system penetration test, or just against one particular server or piece of software. 

Attacks don't always come from outside...

Whether you are looking for black box testing (where we have no prior knowledge about your network infrastructure or 'way in') or white box testing (simulating an attack from within the company), or perhaps somewhere in between, you will receive an detailed analysis of the tests which have been run, any vulnerabilities which were detected along with a traffic-light rating of the potential severity associated with leaving these vulnerabilities unchecked.  Our specialists are also able to suggest ways in which you can resolve any issues that might have been identified, and can carry out remedial work as required.

For complete piece of mind, Virya Technologies recommend that automated scanning is used in conjunction with regular network penetration tests, to ensure that your organisation remains compliant with it's security policies and protected.  We can advise on a range of automated scanning systems appropriate to all sizes of business.

Hard drive encryption