Gânduri Eclectice – Eclectic Thoughts

Time flies when you're having fun. Measure spiders when you're not.

Tag: technology

  • Peeling the Censorship Onion

    Lots of people have been having fun with DeepSeek, a fascinating new AI from China. Whilst many have been probing its censorship – try asking about Tianamen Square 1989, some have been managing to bypass its output filters by requesting the output in forms such as like leetspeak or similar encodings. Input and output filtering

    Read more

  • Whatever happened to “Defence in Depth”?

    Today starts with reading about a couple of very old fashioned exploits from earlier in the week. So very old-fashioned that one is left thinking “Really?” Hard coded default credentials. Are we back in the 1990s again suddenly? A short, maybe slightly rant-y item here today. Critical default credential bug in Kubernetes Image Builder allows

    Read more

  • Security Theatre: Rage, rage against the dying of the light.

    If there is one thing guaranteed to annoy me, it is SECURITY THEATRE; things which are done in the name of security but have little if any actual value because of the naïve way in which they have been implemented. Sometimes this is because of lack or thought or actual naïveté. Sometimes it is through

    Read more

  • Non cogito, ergo non sum…?

    Every now & then something new and exciting-looking comes along. And it isn’t always obvious, without looking into it dispassionately and in great detail, just how revolutionary it really is. Or isn’t. Blockchain, for example, was supposed to solve all manner of problems. Many specialist blockchain companies sprang up. Some of them even still exist,

    Read more

  • Novel Training Techniques: Public Key Exchanges

    I’ve run a few training courses with novel techniques for getting memorable lessons across. Here’s another. Nancy Pierpan: You trust me. Why on earth would you trust me? Johnny Worricker: Because that’s the job. Deciding whom to trust. That’s what the job is. — Page 8 Knowing whom to trust is difficult. If it wasn’t,

    Read more

  • PQC Planning: Don’t Put It Off Any Longer…

    …but it might not be as onerous as you imagine. Let’s dive right in; there is no time like the future! Why plan now if we cannot implement yet? This is the crux of the matter. And the answer isn’t necessarily obvious. However, consider data that you hold now for which the C&I requirement may

    Read more

  • Extension of CVSS-B

    Extension of CVSS-B

    The CVSS “Base” Scores (identified since v4 of the definition), or CVSS-B, range from 0 to 10 with 10 being the most severe. Until today, that is.

    Read more

  • Quis custodiet ipsos nubem?

    Microsoft is not having a very good time right now. Their not-so-recent breach (2024-01-19 report) turned out to be a mega-breach (2024-03-08 report), and now seems to have been even more serious (2024-03-11), without clear assurance that the intruders really have been evicted completely, uncertainty over what might have been exfiltrated, and uncertainty over what

    Read more

  • Keep Your Friends Close, But Keep Your Enemies Closer

    Anyone who follows my musings will have seen me write about trust and trusting people; about Insider Risk and the impact of Vetting/Clearance processes upon this. One of the problems with trying to understand or characterise Bad Actors – even statistically – is that of getting hard data. Those with the hard data are often

    Read more