Gânduri Eclectice – Eclectic Thoughts

Time flies when you're having fun. Measure spiders when you're not.

Tag: Security

  • Where have all the data gone?

    Where have all the data gone?Long time passingWhere have all the data gone?Long time agoWhere have all the data gone?Compromised and exploited, every oneOh, when will you ever learn?Oh, when will you ever learn? — After Pete Seeger Joined up security is not rocket science, but you might think that it was, based on widespread

    Read more

  • Eat your (security) vegetables!

    I heard this phrase at the București Cybersecurity Conference 2024. Maybe it’s the (possibly slightly unusual) way my mind works, but it instantly made perfect sense to me, and now seems like an obvious thing to tell people. So many projects only set their sights on the dessert: sweet tasty new features that make them

    Read more

  • Security Theatre: Rage, rage against the dying of the light.

    If there is one thing guaranteed to annoy me, it is SECURITY THEATRE; things which are done in the name of security but have little if any actual value because of the naïve way in which they have been implemented. Sometimes this is because of lack or thought or actual naïveté. Sometimes it is through

    Read more

  • Complexity: enemy of Security

    There is a lot to be said for the old maxim of KISS: “Keep It Simple, Stupid”. The complexity of modern systems often masks flaws that the creators of those systems do not notice, especially when several separate systems interact in complex ways. But someone may find them eventually, and if you’re lucky then it

    Read more

  • Key (un) Safes

    You may have seen a few previous articles of mine on locks; this and this talk about one type of mechanical keysafe. This talks about master keying systems and their inherent vulnerabilities. I find locks fascinating from an information point of view. And today I’m looking at the human side of these common devices. You’ll

    Read more

  • Supply-Chain Subversion

    How well do you know your supply-chains? It was only a couple of days ago that I was commenting online about supply chain assurance. And now, today, we have a real and dramatic demonstration of what a supply-chain attack can achieve. Maybe it will encourage some better consideration of supply-chain risks throughout industry. All sorts

    Read more

  • Novel Training Techniques: The “Remember” Command

    “Experience varies directly with equipment ruined” was a useful mantra for getting through undergraduate physics labs. And it can be applied in other areas too. Back in the 1990s I ran a few classes to teach people about Linux. They needed to rapidly understand that with power came immense destructive capability, so with each student

    Read more

  • PQC Planning: Don’t Put It Off Any Longer…

    …but it might not be as onerous as you imagine. Let’s dive right in; there is no time like the future! Why plan now if we cannot implement yet? This is the crux of the matter. And the answer isn’t necessarily obvious. However, consider data that you hold now for which the C&I requirement may

    Read more

  • Quis custodiet ipsos nubem?

    Microsoft is not having a very good time right now. Their not-so-recent breach (2024-01-19 report) turned out to be a mega-breach (2024-03-08 report), and now seems to have been even more serious (2024-03-11), without clear assurance that the intruders really have been evicted completely, uncertainty over what might have been exfiltrated, and uncertainty over what

    Read more

  • Time, Gentlemen

    It’s time to fix Police Vetting “It is obvious that Wayne Couzens should never have been a police officer. Whilst holding a position of trust, in reality he was a serial sex offender. Warning signs were overlooked throughout his career and opportunities to confront him were missed. We believe that Sarah died because he was

    Read more