Recently I came across an interesting problem which is to do with data regulation and blockchains: what are the regulations surrounding storing data on blockchains? While there are very few regulations which are specific to blockchain technology it is worth considering which existing laws already apply to blockchain technology. Governments, and their associated regulatory institutions, …
Quick post: it is worth taking your credit / debit card receipt when paying by contactless. Why: if you take the receipt you will notice that there is a card number displayed in full without the stars (“*”). Not everytime, but too many times. Personally, I think that is bad practice although not actually illegal …
At some point the security posture of a company will be of great interest to hedge funds and investment managers. That is to say that they will be interested in how secure other companies will be and whether that can affect their investments. The companies of interest are more likely to be a publicly listed …
As interesting as the techniques used in creating new malware are the people behind the code and the lengths they go to in order to hide themselves. The malware writers are a small but important piece of the puzzle however they are part of a wider category of cybercriminal. In this piece I explore some …
I’m losing track of all the leaks that have happened at US government agencies. It seems that yet another load of information has been shared to Wikileaks. This batch of data supposedly carries hacking tools. It seems there is a lot of policy and procedure documents including checklists for secure development. Wikileaks Vault 7 — …
An interesting revelation was dropped in the news this week about Uber implementing a mechanism to provide some level of protection from law enforcement in cities where Uber is prohibited (if I have understood correctly). It would seem that the mechanism affords the driver a level of anonymity. Bruce Schneier wrote a comment on the …
Integrity is an important consideration for security assurance. In this article I will explore the importance of hash functions and an associated type of function known as a Key Derivation Function (KDF). Fast hash functions In an digital setting we would like to know that if we are given a particular file that it is …
I’ve written a few articles already about the need for better passwords and the necessity of using a password manager. In this article I will point out why I think a local password manager is better. Local A local password manager is one that sits upon one device and does not back up to the …
A key idea in security is that of unpredictability. If I can’t guess your password then it ought to be secure. This is almost true, except the problem isn’t about whether I (as a human) can guess your password but whether a computer can iterate through all possible passwords and find your particular password within …
The topic of strongly encrypted communication has been receiving a lot of press coverage over the last few years and is a politically sensitive issue. Adding the possibility of making such communication anonymous makes it more sensitive. This work is based upon the thesis that I submitted for my MSc. The layout of the sections plus …