Nationwide systems failure of the electricity transmission grid is unlikely, but what are the risks? What happens in a black start? Could space weather cause data loss? How do you access knowledge without electricity?
Balancing security, privacy and convenience is not easy. I've spent quite a lot of time figuring out how to configure my various computer systems with this goal in mind. Computers are supposed to make our lives more convenient and you sometimes have to trade privacy for convenience e.g. Outlook processing emails to allow you to … Continue reading Configuring for security, privacy and convenience
Many incidents of fraud occur not through cards being physically stolen, but through breaches in security at the shops we buy products from. Should companies be required to publish security reviews?
Email is insecure. Anything of any importance should be saved somewhere else. It's not a good database, so shouldn't be treated like one.
When it comes to insurance, it’s the same as locking up and installing an alarm
Unlimited attack surfaces. Users not paying attention to basic security practices. Vague vendor promises. It looks like a very immature landscape where things are just getting started.
Everyone should have an expectation of being able to communicate with someone else in a verifiably secure manner. I have a particular fascination with secure communications and encryption and I’ve spent a lot of time thinking through my own pragmatic approach to secure messaging. This is my write up of the current state of things … Continue reading The state of secure, encrypted messaging
This is my response to the UK Home Office consultation on the Draft Investigatory Powers (Technical Capability) Regulations 2017, not published online. The draft regulations imply that, once passed, there will be a legal requirement for communication providers to build backdoors into encrypted or otherwise secured systems so that the security services can access messages in real … Continue reading Home Office Investigatory Powers regulations consultation response on encryption backdoors
There's no predicting when a cyber attack might come, whether it be in the form of a DDoS, a virus, malware, or phishing. It's therefore important to be constantly vigilant, and prepared for incidents when they do occur.