Gânduri Eclectice – Eclectic Thoughts

Time flies when you're having fun. Measure spiders when you're not.

Category: Security

  • Strong Ciphers, Weak Assumptions

    The best laid plans of mice and men… A lot of attention has been paid to the design and implementation of messaging apps. Signal usually comes out as being considered the most trustworthy of the bunch by people who worry about detail, but there are other apps with real end-to-end encryption too. Of course, subverting…

    Read more

  • Where have all the data gone?

    Where have all the data gone?Long time passingWhere have all the data gone?Long time agoWhere have all the data gone?Compromised and exploited, every oneOh, when will you ever learn?Oh, when will you ever learn? — After Pete Seeger Joined up security is not rocket science, but you might think that it was, based on widespread…

    Read more

  • PQC Planning: Don’t Put It Off Any Longer…

    …but it might not be as onerous as you imagine. Let’s dive right in; there is no time like the future! Why plan now if we cannot implement yet? This is the crux of the matter. And the answer isn’t necessarily obvious. However, consider data that you hold now for which the C&I requirement may…

    Read more

  • Extension of CVSS-B

    Extension of CVSS-B

    The CVSS “Base” Scores (identified since v4 of the definition), or CVSS-B, range from 0 to 10 with 10 being the most severe. Until today, that is.

    Read more

  • Keep Your Friends Close, But Keep Your Enemies Closer

    Anyone who follows my musings will have seen me write about trust and trusting people; about Insider Risk and the impact of Vetting/Clearance processes upon this. One of the problems with trying to understand or characterise Bad Actors – even statistically – is that of getting hard data. Those with the hard data are often…

    Read more

  • Starlink: Hidden Security Risk

    “For the busy, a TL;DR: If you are using Starlink and various home networking devices in their default configurations, you may well be exposing your internal network directly to Evil Internet h4x0rs without even realising it”

    Read more