Gânduri Eclectice – Eclectic Thoughts

Time flies when you're having fun. Measure spiders when you're not.

Tag: Security

  • Strong Ciphers, Weak Assumptions

    The best laid plans of mice and men… A lot of attention has been paid to the design and implementation of messaging apps. Signal usually comes out as being considered the most trustworthy of the bunch by people who worry about detail, but there are other apps with real end-to-end encryption too. Of course, subverting…

    Read more

  • Where have all the data gone?

    Where have all the data gone?Long time passingWhere have all the data gone?Long time agoWhere have all the data gone?Compromised and exploited, every oneOh, when will you ever learn?Oh, when will you ever learn? — After Pete Seeger Joined up security is not rocket science, but you might think that it was, based on widespread…

    Read more

  • Eat your (security) vegetables!

    I heard this phrase at the București Cybersecurity Conference 2024. Maybe it’s the (possibly slightly unusual) way my mind works, but it instantly made perfect sense to me, and now seems like an obvious thing to tell people. So many projects only set their sights on the dessert: sweet tasty new features that make them…

    Read more

  • Security Theatre: Rage, rage against the dying of the light.

    If there is one thing guaranteed to annoy me, it is SECURITY THEATRE; things which are done in the name of security but have little if any actual value because of the naïve way in which they have been implemented. Sometimes this is because of lack or thought or actual naïveté. Sometimes it is through…

    Read more

  • Complexity: enemy of Security

    There is a lot to be said for the old maxim of KISS: “Keep It Simple, Stupid”. The complexity of modern systems often masks flaws that the creators of those systems do not notice, especially when several separate systems interact in complex ways. But someone may find them eventually, and if you’re lucky then it…

    Read more

  • Key (un) Safes

    You may have seen a few previous articles of mine on locks; this and this talk about one type of mechanical keysafe. This talks about master keying systems and their inherent vulnerabilities. I find locks fascinating from an information point of view. And today I’m looking at the human side of these common devices. You’ll…

    Read more

  • Supply-Chain Subversion

    How well do you know your supply-chains? It was only a couple of days ago that I was commenting online about supply chain assurance. And now, today, we have a real and dramatic demonstration of what a supply-chain attack can achieve. Maybe it will encourage some better consideration of supply-chain risks throughout industry. All sorts…

    Read more

  • Novel Training Techniques: The “Remember” Command

    “Experience varies directly with equipment ruined” was a useful mantra for getting through undergraduate physics labs. And it can be applied in other areas too. Back in the 1990s I ran a few classes to teach people about Linux. They needed to rapidly understand that with power came immense destructive capability, so with each student…

    Read more

  • PQC Planning: Don’t Put It Off Any Longer…

    …but it might not be as onerous as you imagine. Let’s dive right in; there is no time like the future! Why plan now if we cannot implement yet? This is the crux of the matter. And the answer isn’t necessarily obvious. However, consider data that you hold now for which the C&I requirement may…

    Read more

  • Quis custodiet ipsos nubem?

    Microsoft is not having a very good time right now. Their not-so-recent breach (2024-01-19 report) turned out to be a mega-breach (2024-03-08 report), and now seems to have been even more serious (2024-03-11), without clear assurance that the intruders really have been evicted completely, uncertainty over what might have been exfiltrated, and uncertainty over what…

    Read more