Tuesday, 2 October 2018
Blog recommendation
Another blog that you might like to follow: https://blog.cryptographyengineering.com/
The September 2018 Azure South Central US Incident
The Microsoft analysis and post-mortems, followed by some press coverage of the Azure South Central US 'incident'.
- https://azure.microsoft.com/en-us/status/history/
- https://blogs.msdn.microsoft.com/vsoservice/?p=17405
- https://www.datacenterdynamics.com/opinions/hit-azure-outage-watch-out-hurricane-florence/
- https://rcpmag.com/articles/2018/09/11/microsoft-cloud-outage-postmortem.aspx
- ---
- https://www.theregister.co.uk/2018/09/17/azure_outage_report/
- https://www.zdnet.com/article/microsoft-south-central-u-s-datacenter-outage-takes-down-a-number-of-cloud-services/
- https://www.techrepublic.com/article/five-lessons-from-microsofts-azure-cloud-outage/
- https://hub.packtpub.com/why-did-last-weeks-azure-cloud-outage-happen-heres-microsofts-root-cause-analysis-summary/
As an experiment, here's a prediction: 2020 is going to be a difficult year.
Bad Security is getting harder and harder to deny
Bad Security is getting harder and harder to deny:
Quantum Computing and Security
Here's a reasonably accessible piece on Quantum Computing from a security viewpoint. Having seen the mass of misinformation about Blockchain, this might be useful for when people ask about Quantum Computing... (And yes, it is from the Schneier blog, as usual!)
https://www.schneier.com/blog/archives/2018/09/quantum_computi_2.html
https://www.schneier.com/blog/archives/2018/09/quantum_computi_2.html
B R U C E ' S - B L O G - M O N T H L Y - S U M M A R Y
B R U C E ' S - B L O G - M O N T H L Y - S U M M A R Y
Reading the Bruce Schneier blog can be daunting - there's a lot of information in there!
For something lighter and quicker to skim through, then Bruce also publishes a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit Crypto-Gram's web page: https://www.schneier.com/crypto-gram/
Reading the Bruce Schneier blog can be daunting - there's a lot of information in there!
For something lighter and quicker to skim through, then Bruce also publishes a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit Crypto-Gram's web page: https://www.schneier.com/crypto-gram/
Backdoor found (not really news at all!)
Announced at the BlackHat conference in August 2018, a backdoor in x86 VIA C3 Nehemiah chips made in 2003:
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
A four byte command gives you root access.
Of course, there's no way that stuff like this exists in more modern processors... :)
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
A four byte command gives you root access.
Of course, there's no way that stuff like this exists in more modern processors... :)
Bad Domains
From the ever-useful Bruce Schneier blog, this recent article from Ars Technica is quite informative on finding bad domains
https://arstechnica.com/information-technology/2018/08/how-to-win-or-at-least-not-lose-the-war-on-phishing-enlist-machine-learning/
It contains a lot of information on state-of-the-art activity in finding malicious domains etc.
https://censys.io et al look like they could be interesting as auditing/foresight tools…
It contains a lot of information on state-of-the-art activity in finding malicious domains etc.
https://censys.io et al look like they could be interesting as auditing/foresight tools…
Cryptocurrency and Blockchain skepticism
Cryptocurrencies and Blockchain - quite news-worthy at the moment!
From an article in the ACM Journal, here's an alternative skeptical viewpoint:
And from Medium.com, a similarly cautionary take:
https://medium.com/@jimmysong/why-blockchain-is-hard-60416ea4c5c
And a 'Bubble!' warning:
http://approximatelycorrect.com/2018/06/22/the-blockchain-bubble-will-pop-what-next/
And a 'Bubble!' warning:
http://approximatelycorrect.com/2018/06/22/the-blockchain-bubble-will-pop-what-next/
Getting security right
Getting security right is difficult. A Bruce Schneier blog post from July 2018 contains a good example:
https://www.schneier.com/blog/archives/2018/07/defeating_the_i.html
and the low-cost defeat (which is actually an interesting article in itself):
https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/
But it also contains a link to 'Schneier's Law' which is useful reading to anyone who thinks they are good at hacking things:
https://www.schneier.com/blog/archives/2011/04/schneiers_law.html
...and I have to admit that I hadn't heard of the Dunning-Kruger effect:
https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
https://www.schneier.com/blog/archives/2018/07/defeating_the_i.html
and the low-cost defeat (which is actually an interesting article in itself):
https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/
But it also contains a link to 'Schneier's Law' which is useful reading to anyone who thinks they are good at hacking things:
https://www.schneier.com/blog/archives/2011/04/schneiers_law.html
...and I have to admit that I hadn't heard of the Dunning-Kruger effect:
https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Securitytiruces
Securitytiruces is just security forwards and backwards.
People and security are interesting challenges. It is very easy to be completely wrong and approach it from totally the wrong direction, with the result that instead of security you get ytiruces and people say: 'You've got it all backwards!'
In this blog, I am going to try and put some brief thoughts, observations and useful snippets about security and ytiruces into captivity.
People and security are interesting challenges. It is very easy to be completely wrong and approach it from totally the wrong direction, with the result that instead of security you get ytiruces and people say: 'You've got it all backwards!'
In this blog, I am going to try and put some brief thoughts, observations and useful snippets about security and ytiruces into captivity.
Subscribe to:
Posts (Atom)
NULLCON 12, Berlin, April 2022
Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!). The NULLCON 2022 b...
-
In a world where fake news seems to be a major part of the news, then it is interesting to see just how easy it is to break the trust that p...
-
Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!). The NULLCON 2022 b...
-
Announced at the BlackHat conference in August 2018, a backdoor in x86 VIA C3 Nehemiah chips made in 2003: https://www.tomshardware.com/news...