Gânduri Eclectice – Eclectic Thoughts

Time flies when you're having fun. Measure spiders when you're not.

Category: Uncategorized

  • Two Names, One Career: Why You’ll See Me as Both Sophie and Robert

    In a professional world that prizes consistency, it might feel unusual to come across the same person under two names, unless they happen to be working undercover or as a spy, that is! 🕵🏻‍♀️🥸 I work in cyber security — assessing and auditing systems & processes across government, policing, and nuclear domains. It’s fascinating and

    Read more

  • Strange DeepSeek Output

    Or should I say more strange DeepSeek output, since I’ve already captured it telling me that it is effectively necessary to dismantle the Chinese political system here. Whilst challenging its disappearing messages, DeepSeek denied that what I had seen was possible. I offered to play it the video of it happening, and DeepSeek came up

    Read more

  • Peeling the Censorship Onion

    Lots of people have been having fun with DeepSeek, a fascinating new AI from China. Whilst many have been probing its censorship – try asking about Tianamen Square 1989, some have been managing to bypass its output filters by requesting the output in forms such as like leetspeak or similar encodings. Input and output filtering

    Read more

  • Eat your (security) vegetables!

    I heard this phrase at the București Cybersecurity Conference 2024. Maybe it’s the (possibly slightly unusual) way my mind works, but it instantly made perfect sense to me, and now seems like an obvious thing to tell people. So many projects only set their sights on the dessert: sweet tasty new features that make them

    Read more

  • Book Review: HEAT

    HEAT is a not particularly well-known book by Arthur Herzog, published in 1978 and which I first read around 1980. This book made quite an impression on my (much!) younger self, and having unearthed it from a dusty bookshelf I gave it a fresh read. Herzog’s better known works include Earthsound and The Swarm –

    Read more

  • Whatever happened to “Defence in Depth”?

    Today starts with reading about a couple of very old fashioned exploits from earlier in the week. So very old-fashioned that one is left thinking “Really?” Hard coded default credentials. Are we back in the 1990s again suddenly? A short, maybe slightly rant-y item here today. Critical default credential bug in Kubernetes Image Builder allows

    Read more

  • Security Theatre: Rage, rage against the dying of the light.

    If there is one thing guaranteed to annoy me, it is SECURITY THEATRE; things which are done in the name of security but have little if any actual value because of the naïve way in which they have been implemented. Sometimes this is because of lack or thought or actual naïveté. Sometimes it is through

    Read more

  • Non cogito, ergo non sum…?

    Every now & then something new and exciting-looking comes along. And it isn’t always obvious, without looking into it dispassionately and in great detail, just how revolutionary it really is. Or isn’t. Blockchain, for example, was supposed to solve all manner of problems. Many specialist blockchain companies sprang up. Some of them even still exist,

    Read more

  • Password Guidance from NIST

    At the end of August 2024, NIST issued some new guidance documentation (SP-800). Of specific interest is their recommendations around passwords (in SP-800-63B) – because it conflicts with what many organisations actually do, and addresses a few bugbears of mine. Even with widespread adoption of Multi-Factor Authentication (MFA), passwords are not dead & buried yet.

    Read more

  • Complexity: enemy of Security

    There is a lot to be said for the old maxim of KISS: “Keep It Simple, Stupid”. The complexity of modern systems often masks flaws that the creators of those systems do not notice, especially when several separate systems interact in complex ways. But someone may find them eventually, and if you’re lucky then it

    Read more