Security News > 2020 > December > Bitter war of words erupts between UK cops and web security expert over alleged flaws in Cyberalarm monitoring tool
A war of words has erupted between the National Police Chiefs' Council and a British web security pro after a senior cop declared it would be "a waste of public money" to keep discussing security flaws in the body's Cyberalarm product.
Paul Moore says he uncovered what he described as a number of serious flaws in Cyberalarm, a distributed logging and monitoring tool intended to be deployed by small public-sector organisations.
In its current state the tool itself is probably not an unintentional backdoor for criminals, though the war of words between Moore, police and Pervade perhaps serves as a reminder of how not to handle independent security research.
Moore told The Register he had downloaded a copy of Cyberalarm out of curiosity to see what it did and how it was done after following a link in a PDF about the tool sent to him by his local police force.
That in itself is not evil: there is a difference between GCHQ-style snooping on network traffic and deploying a logging tool that sends alerts back to Cyberalarm Towers when it detects suspicious inbound connections and does some basic vulnerability scanning.
News URL
Related news
- AI’s impact on the future of web application security (source)
- Here's what happens if you don't layer network security – or remove unused web shells (source)
- Novel phising campaign uses corrupted Word documents to evade security (source)
- Novel phishing campaign uses corrupted Word documents to evade security (source)
- Shape the future of UK cyber security (source)
- UK Cyber Risks Are ‘Widely Underestimated,’ Warns Country’s Security Chief (source)