The kettle of doom
My thanks to Charlie Stross for alerting us all to the unfortunate incident of the Russian kettle, bugged with malware intended to find unsecured Wi-fi networks and co-opt them into a zombie bot net...
View ArticleLooking at safety with our security glasses on
Separation of privilege and the avoidance of unpleasant surprises Another post in an occasional series on how Saltzer and Schroeder’s eight principles of security and safety engineering seem to overlap...
View ArticleStarving the Turing Beast…
Linguistic security, and the second great crisis of computing Distributed systems need to communicate, or talk, through some sort of communications channel in order to achieve coordinated behaviour...
View ArticleiOS7 meets Saltzer & Schroeder
What iOS 7’s SSL/TLS security patch release tells us While the commentators, pundits and software guru’s pontificate over Apple’s SSL/TLS goto fail bug’s root cause, the bug does provide an interesting...
View ArticleCuckoos in the Nest
More speed bumps on the road to the Internet of Everything Nest, the popular smart thermostat and member of the IoE club is apparently hackable on the hardware side according to a team of researchers...
View ArticleiVote meets Saltzer and Schroeder
The best defence of a secure system is openness Ensuring the security of high consequence systems rests fundamentally upon the organisation that sustains that system. Thus organisational dysfunction...
View ArticleWhy safety does not equal security
Safety versus security There is a certain school of thought that views safety and security as essentially synonymous, and therefore that the principles of safety engineering are directly applicable to...
View ArticleProtocols, security layers and backdoors
It is a common requirement to either load or update applications over the air after a distributed system has been deployed. For embedded systems that are mass market this is in fact a fundamental...
View ArticleThe IoT, Botnets and Drone strikes
A clank of botnets More bad news for the Internet this week as a plague of BotNets launched a successful wave of denial of service attacks on Dyn, a dynamic domain name service provider. The attacks...
View Article