Earlier today I read an article about Monzo leaking PINs of their customers into operational logs. Bad. What’s worse – this is the second Monzo’s technical problem I came across within last 12 months.
Continue reading Monzo and Challenger Banks’ SecurityCategory Archives: governance
Intruder – Automated Pen Testing for SMEs
I met Chris Wallis last week for a cuppa and to talk shop as we both have been doing start-ups for a while. He’s ahead of me and it’s incredible he pulled it off.
Continue reading Intruder – Automated Pen Testing for SMEsKeyChest – Getting Rid of Broken Padlocks
We all have seen it – I go to visit an interesting blog, DEFCON website, or pay for your parking on the go. But I can’t – the website or web service has an expired certificate and the “damn security wouldn’t let me do it”.
CyberSec is Janitorial
Point of discussion: “… No matter how much we rapture on about the virtues of Cyber Security, to The Business, we might as well be explaining the function of the U-bend. …”
ROCA vulnerability impact on Gemalto IDPrime .NET smart cards
We have reasonable grounds to believe that all Gemalto IDPrime .NET smart cards generate weak RSA keys vulnerable to the recently published ROCA vulnerability (CVE-2017-15361, VU#307015). Gemalto stopped selling these cards in September 2017, but there are large numbers of cards still in use in corporate environments. Their primary use is in enterprise PKI systems for secure email, VPN access, and so on.
Continue reading ROCA vulnerability impact on Gemalto IDPrime .NET smart cards
Is cloud security all about emotional marketing?
I still find it interesting that when I mention “hardware security” to someone, my “pitch” is over, done, finished. Like if no-one realized that every cloud needs physical servers to run on. Everything cloud is marketed as “secure”, but are we really in control of our data?
Continue reading Is cloud security all about emotional marketing?
Unbreakable Encryption with Secure Hardware and Geopolitics
From supercomputers to IoT – processors (or chips) are everywhere. Computer chips protecting our privacy and security would first travel the world to get designed, fabricated, and personalized. Even if we had an unbreakable encryption algorithm, it may be defeated by its manufacturing. Let’s exploit superpowers and their influence to create a practical unbreakable encryption.
Continue reading Unbreakable Encryption with Secure Hardware and Geopolitics
“Progress and research in cybersecurity” by The Royal Society
“Encryption is a key technology that underpins trustworthy computing. As digital technologies become ever more central to our lives, encryption becomes more important, and any weaknesses in its implementation become greater risks. Governments must commit to preserving the robustness of end- to-end encryption, and promoting its widespread use.”
Continue reading “Progress and research in cybersecurity” by The Royal Society
Software Reliability
It seems I have to deal with a question of who to trust – our new product or an established software package – way too often. Answers make me question what is the level of testing in open-source software and what is the reliability of software in general. Continue reading Software Reliability
A Long Dark Tea-Time of The Soul
You may know the mood when all seems to be done but new tiny issues keep cropping up every day … until they eventually disappear without you realizing it. The title has kind of sprung to my mind.
A lot has happened since my previous post and I indeed lived and breathed Enigma Bridge. While we kept focussing on a particular market segment we decided to make our products easier to test by smaller companies – a new test/staging instance of Enigma Bridge service will be launched within days. We did a good progress business-wise as well. But one thing I want to mention in particular is an ASIRTA tool – a baseline profiler for data governance. Continue reading A Long Dark Tea-Time of The Soul