Cybersecurity can be hard. Even for the professionals. The end of last month saw the official launch of the UK Cyber Security Council, a government-backed consortium with a mandate to boost career opportunities and professional standards in the cybersecurity sector, attract more talent, and increase diversity in the industry.
Reading the announcement in the official press release it certainly sounds like the UK Cyber Security Council has good intentions and worthy aims.
But although there are no issues with the message contained inside the press release, there certainly were problems with the contact information it listed at the bottom. To the casual reader that looks fine. And maybe some journalists will have emailed [email protected] or even tried to visit the UK Cyber Security Council's website at ukcybersecurity.org.uk.
But anyone who did so, would have been disappointed.
Because whoever approved the press release before it was sent to the IT press, didn't double-check that the email address actually worked.
And worse than that, not only did the email address not work - but actually no-one had registered the ukcybersecurity.org.uk domain at all.
In other words, someone other than a representative of the UK Cyber Security Council could waltz in and scoop up the URL. Within a matter of minutes they could have created a malicious website or set up DNS records that would mean any emails sent to the council's published contact address would end up in someone else's hands.
Fortunately, ISP owner Adrian Kennard quickly stepped in to help - registering the domain and pointing it to a blog post where he explained what had happened. Kennard o ..
Support the originator by clicking the read the rest link below.
