Tuesday 2 October 2018

Blog recommendation

Another blog that you might like to follow: https://blog.cryptographyengineering.com/
at No comments:
Labels: ,

The September 2018 Azure South Central US Incident

The Microsoft analysis and post-mortems, followed by some press coverage of the Azure South Central US 'incident'.
As an experiment, here's a prediction: 2020 is going to be a difficult year.
at No comments:
Labels: , ,

Bad Security is getting harder and harder to deny

Bad Security is getting harder and harder to deny:
at No comments:

Quantum Computing and Security

Here's a reasonably accessible piece on Quantum Computing from a security viewpoint. Having seen the mass of misinformation about Blockchain, this might be useful for when people ask about Quantum Computing... (And yes, it is from the Schneier blog, as usual!)

https://www.schneier.com/blog/archives/2018/09/quantum_computi_2.html
at No comments:

B R U C E ' S - B L O G - M O N T H L Y - S U M M A R Y

B R U C E ' S - B L O G - M O N T H L Y - S U M M A R Y

Reading the Bruce Schneier blog can be daunting - there's a lot of information in there!

For something lighter and quicker to skim through, then Bruce also publishes a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit Crypto-Gram's web page: https://www.schneier.com/crypto-gram/
at No comments:

Backdoor found (not really news at all!)

Announced at the BlackHat conference in August 2018, a backdoor in x86 VIA C3 Nehemiah chips made in 2003:

https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html

A four byte command gives you root access.

Of course, there's no way that stuff like this exists in more modern processors... :)
at No comments:

Bad Domains

From the ever-useful Bruce Schneier blog, this recent article from Ars Technica is quite informative on finding bad domains

https://arstechnica.com/information-technology/2018/08/how-to-win-or-at-least-not-lose-the-war-on-phishing-enlist-machine-learning/

It contains a lot of information on state-of-the-art activity in finding malicious domains etc.

https://censys.io et al look like they could be interesting as auditing/foresight tools… 

at No comments:

Cryptocurrency and Blockchain skepticism

Cryptocurrencies and Blockchain - quite news-worthy at the moment!

From an article in the ACM Journal, here's an alternative skeptical viewpoint:


And from Medium.com, a similarly cautionary take:


at No comments:

Getting security right

Getting security right is difficult. A Bruce Schneier blog post from July 2018 contains a good example:

https://www.schneier.com/blog/archives/2018/07/defeating_the_i.html

and the low-cost defeat (which is actually an interesting article in itself):

https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/

But it also contains a link to 'Schneier's Law' which is useful reading to anyone who thinks they are good at hacking things:

https://www.schneier.com/blog/archives/2011/04/schneiers_law.html

...and I have to admit that I hadn't heard of the Dunning-Kruger effect:

https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
at No comments:

Securitytiruces

Securitytiruces is just security forwards and backwards.

People and security are interesting challenges. It is very easy to be completely wrong and approach it from totally the wrong direction, with the result that instead of security you get ytiruces and people say: 'You've got it all backwards!'

In this blog, I am going to try and put some brief  thoughts, observations and useful snippets about security and ytiruces into captivity.
at No comments:
Subscribe to: Posts (Atom)

NULLCON 12, Berlin, April 2022

Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!).  The NULLCON 2022 b...