Hahahahahahahahahahaha

Oh you really couldn’t make it up. Recent terrorist outrages have prompted various European politicians to call, with more or less complete technological illiteracy, for encryption to be weakened so that the security services can spy on us more effectively. I’ve written about this several times, pointing out why this is a criminally stupid suggestion, … Continue reading Hahahahahahahahahahaha →

Amber Rudd read History, but didn’t understand it

Those who do not understand history are doomed to repeat it[1]. And here I am, watching it repeat. This is my third post on this topic. Sorry. But it's important. Amber Rudd, the UK Home Secretary, suggested on Sunday that end-to-end encryption is “unacceptable”. She trotted out the usual excuses about terrorism and the need … Continue reading Amber Rudd read History, but didn’t understand it →

In or out – the tech perspective

Bremain or Brexit? This isn’t a political blog, but it’s worth reminding ourselves of June 23rd’s implications for IT & cyber-security. Privacy and personal data Even if we leave the EU, we’ll still have to implement the General Data Protection Regulation, only to have to re-invent it later. If we want to trade with the … Continue reading In or out – the tech perspective →

Let’s talk about encryption

Why are politicians sometimes such idiots? The French recently voted to criminalise bosses of tech firms who refused to decrypt user data when requested. Don’t worry, it’s not law yet, and likely won’t ever be, but you have to ask yourself how hard it is to understand how encryption works. The whole point of encryption … Continue reading Let’s talk about encryption →

How do you destroy a business?

Say I’m out to get you. I might be a disgruntled employee, or a business rival. What’s my best way of taking your business down? Let’s assume I can gain access to your network – easy enough if I’m an employee, after all. I could leak all your confidential information to your competitors – or … Continue reading How do you destroy a business? →

Roll up! Roll up! It’s a security round-up!

Apologies for the infrequency of recent updates. I’ve been busy – understanding the GDPR, doing some speaking engagements and (hush!) actually working for a living. So, without further ado, here’s what’s going on right now: Theresa May is trying to push the Snoopers Charter (aka the Investigatory Powers Bill) through Parliament despite plenty of expert … Continue reading Roll up! Roll up! It’s a security round-up! →

Encrypt data at rest

The Register reports this morning: American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Encrypted? Obviously not. Excuse? None. https://www.becrypt.com/uk/encryption http://buy.symantec.com/estore/clp/productdetails/pk/drive-encryption http://www.deslock.com/ https://www.checkpoint.com/products/full-disk-encryption/ http://windows.microsoft.com/en-gb/windows-vista/bitlocker-drive-encryption-overview BitLocker is even free. How hard … Continue reading Encrypt data at rest →