Skip to main content

Posts

Showing posts from December, 2016

Soft Guarantees

In "The Need for Strategic Security" Martyn Thomas considers some of the risks today in the the way systems are designed and built and some potential solutions to address the concerns raised. One of the solutions proposed is for software to come with a guarantee; or at least some warranty, around it's security. Firstly, I am (thankfully) not a lawyer but I can imagine the mind bogglingly twisted legalese that will be wrapped around such guarantees. So much so as to make them next to useless (bar giving some lawyer the satisfaction of adding another pointless 20 paragraphs of drivel to the already bloated terms and conditions..). However, putting this aside, I would welcome the introduction of such guarantees if it is at all possible. For many years now we've convinced ourselves that it is not possible to write a program which is bug-free. Even the simple program: echo "Hello World" has dependencies on libraries, the operating system; along with the millions

Not all encryption is equal

Shit happens, data is stolen (or leaked) and your account details, passwords and bank-account are available online to any criminal who wants it (or at least is prepared to buy it). But don't panic, the data was encrypted so you're ok. Sit back, relax in front of the fire and have another mince pie (or six). We see this time and again in the press. Claims that the data was encrypted... they did everything they could... blah blah blah. Humm, I think we need more detail. It's common practice across many large organisations today to encrypt data using full-disk encryption with tools such as BitLocker or Becrypt . This is good practice and should be encouraged but is only the first line of defence as this only really helps when the disk is spun down and the machine powered off. If the machine is running (or even sleeping) then all you need is the users password and you're in. And who today really wants to shutdown a laptop when you head home... and perhaps stop for a pint o