ITsecurity
twitter facebook rss

Cryptography and quantum computing

Posted by Rob Slade on September 29, 2016

Yes, I know I complained about it at the beginning, and I’ve dealt with it elsewhere, but I suppose I really have to address it. (There actually are a number of issues about cryptography and quantum computing that the popular media never touches on.) A good deal of confusion exists about the possibility and capability […]

Security implications of quantum computing

Posted by Rob Slade on September 10, 2016

Recently there has been a spate of media articles on how quantum computing is going to destroy the security world as we know it. These articles are all based on one report that has estimated how long before quantum computers are effective at cracking RSA encryption. On the one hand, this isn’t news. We’ve known […]

China launches first quantum-enabled satellite

Posted by Rob Slade on August 17, 2016

(… or, maybe not) Aside from the fact that it allows me to make a quantum joke, this article allows me to rant about quantum cryptography. Ever since I have started to research the security implications of quantum computing, quantum crypto has bugged me. Yes, the theory is beautifully elegant, and (theoretically) allows us to […]

The Global Identity Foundation

Posted by Kevin on May 21, 2015

The basis of all information security is the protection of confidential information from unauthorised access. This requires the ability to differentiate between authorised and unauthorised subjects. For years passwords have done this. A unique password issued to the authorised subject has assured that only that authorised subject is granted access. But passwords are no longer […]

Pass the password, please

Posted by Kevin on April 26, 2015

We are told to use strong passwords โ€“ a long and random mix of uppercase, lowercase, numbers, punctuation and special characters. The reason is to make them difficult to crack. Well, that’s only half true. A password is a password is a password. It doesn’t need to be cracked. It’s what it is โ€“ it’s […]

Encryption in the Cloud

Posted by Kevin on April 4, 2015

The pressure to allow staff to use cloud storage is enormous. Not only are there strong economic arguments and business benefits, they’re going to do it anyway. So just saying No is not really an option — it’s better to have visibility into what is being used than to attempt to prevent it. But here’s […]

It’s time to ditch compliance because most companies simply ignore it

Posted by Kevin on December 11, 2014

Many security experts worry that compliance is driving security rather than the other way round. Being compliant doesn’t mean being secure. But faced with the choice between the minimum to be compliant rather than the minimum to be secure, companies tend to choose the former. That, at least, is current received opinion. And it just […]

Certificate-less authenticated encryption gets US patent

Posted by Kevin on July 1, 2014

Connect in Private (CIP) has made two announcements today. The first is that it has received a US patent for its Certificate-less Authenticated Encryption (CLAE). The second is that Alexander Hanff has joined the company as Chief Privacy Officer. CLAE Encryption, as we have been told by Edward Snowden, is our best defence against espionage; […]

CESG advice on securing Android in a BYOD environment

Posted by Kevin on June 10, 2014

CESG, the infosec arm of GCHQ, has released updates to its advice on the secure use of Blackberry, Android and Chrome, to cover the latest versions. The advice is aimed at public sector use of BYOD at OFFICIAL level โ€“ but it should be required reading for all businesses. It tries to square the circle […]

What’s with the TrueCrypt warning?

Posted by Kevin on June 1, 2014

TrueCrypt, the free open source full disk encryption program favoured by many security-savvy people, including apparently Edward Snowden, is no more. Itsย website now redirects to its SourceForge page which starts with this message: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This page exists only to help migrate existing data […]