I was struck recently by how often pairs crop up in things to do with security, and for how long this has been true. I’ll go into two similar old techniques to do with documents – indenture and chirograph, and an old pair-based object (the split tally) and then two things enabled by the current … Continue reading Pairs ancient and modern for security
Category: Security
The big and small idea
I was talking with a Cambridge University student recently, in particular about their University Card. It’s a very useful card, that in one way can be described very simply. As far as I understand, the card lets students, academics and staff across the university access rooms and services, by proving their identity electronically. That’s something … Continue reading The big and small idea
Random numbers to protect privacy in a pandemic app
A computer system, like a car or a coffee machine, is something designed to meet some requirements. These requirements usually force the designer to make a compromise, based on which requirements get more attention than others. (Which is the best car? It depends on whether speed, size, sustainability etc. are most important to you.) One … Continue reading Random numbers to protect privacy in a pandemic app
Security and a voice-controlled internet-connected cooker
I have seen adverts for a NEFF cooker that you can control with your voice via Alexa. This is spiffy, but I can also see potential security problems. I’m not advocating attacking Alexa or a NEFF cooker – this article is a standard-issue discussion of security problems, to help people improve security. I hope I’m … Continue reading Security and a voice-controlled internet-connected cooker
Authentication, authorisation and the chain of trust
I recently walked by my old college. There was a sign outside: Closed to visitors. I realised that two cards in my wallet would get me in, which made me think of some security concepts: the difference between authentication and authorisation, and the chain of trust. I’ll go into those a bit in this article, … Continue reading Authentication, authorisation and the chain of trust
Introduction to Single Sign-On using SAML
Disclaimer First, some important stuff: I am not a security expert. Please do not think that after reading this article you will know everything you need to before implementing Single Sign-On (SSO) using SAML. It is meant to be an introduction, so that you can have an easier job understanding the details when you get … Continue reading Introduction to Single Sign-On using SAML
A video with some practical security stuff
Another good Gotocon video, although the first few minutes are a bit bumpy until the speaker gets into the main part of the talk. The key points for me: Think about what security and risk mean for your system Add nasty strings from Fuzz DB to your existing tests Read OWASP Prepare for attacks and … Continue reading A video with some practical security stuff
Random Tech Thoughts 