Gânduri Eclectice – Eclectic Thoughts

Time flies when you're having fun. Measure spiders when you're not.

Category: Uncategorized

  • Key (un) Safes

    You may have seen a few previous articles of mine on locks; this and this talk about one type of mechanical keysafe. This talks about master keying systems and their inherent vulnerabilities. I find locks fascinating from an information point of view. And today I’m looking at the human side of these common devices. You’ll

    Read more

  • What is “Cyber Assurance”?

    This is something I’m often asked about. The literal answer is simple, but not terribly helpful: it’s the process of providing assurance that an organisation’s digital assets are secure from threats. So what is “Assurance”? I tend to describe it thus: “Assurance is the difference between thinking you know something, and actually knowing it –

    Read more

  • Novel Training Techniques: Public Key Exchanges

    I’ve run a few training courses with novel techniques for getting memorable lessons across. Here’s another. Nancy Pierpan: You trust me. Why on earth would you trust me? Johnny Worricker: Because that’s the job. Deciding whom to trust. That’s what the job is. — Page 8 Knowing whom to trust is difficult. If it wasn’t,

    Read more

  • “Mine is the last voice that you will ever hear. Don’t be alarmed.”

    Ongoing events in supply-chain subversion involving high explosives, coupled with other world events, have awakened many Cold War memories for me. And here’s another one that has bubbled up to the surface: the quotation that is the title of this article. It appeared on some of the (many) mixes & remixes of Frankie Goes To

    Read more

  • Supply-Chain Subversion

    How well do you know your supply-chains? It was only a couple of days ago that I was commenting online about supply chain assurance. And now, today, we have a real and dramatic demonstration of what a supply-chain attack can achieve. Maybe it will encourage some better consideration of supply-chain risks throughout industry. All sorts

    Read more

  • Novel Training Techniques: The “Remember” Command

    “Experience varies directly with equipment ruined” was a useful mantra for getting through undergraduate physics labs. And it can be applied in other areas too. Back in the 1990s I ran a few classes to teach people about Linux. They needed to rapidly understand that with power came immense destructive capability, so with each student

    Read more

  • Scary Times; Cold War lessons from History

    Those of you lucky enough to currently be younger than mid-30s may have missed out on some fairly scary times in the 1960s/1970s/1980s. It might be a good time for the younger amongst us to get at least a glimpse into what those times were like. And also a good time for those of us

    Read more

  • Insider Risk: Not An Excuse!

    Avis are in the news with 299,006 customers’ information stolen & leaked. Such breaches are not uncommon, sadly. But the spin on this one has me concerned. Avis blame “Insider wrongdoing” for the breach, as if this is some acceptable explanation. To be clear: it is not. Risk management doesn’t stop at the front door.

    Read more

  • Exploding Electronics

    I’ve had this article in draft for some time, somewhat in despair of it ever seeing the light of day, but the change in legislation[1] around smart devices has some bearing upon it, so here it is finally. Some time ago whilst watching a program on iPlayer on a SmartTV, I was interrupted by a

    Read more

  • Freddie Starr Ate My Hamster; NCSC Bricked My Washing Machine

    As we get older, life gets generally both more complex and (it sometimes feels) less exciting. On 2024-04-29, NCSC published this item Smart devices: new law helps citizens to choose secure products. The thinking behind this is entirely reasonable; Internet-connected smart devices should have some basic level of default security, and some defined level &

    Read more