Expanding (Dis)Trust - talk about compiler safety, determinism and StageX
This talk which was held in Montreal at the InCyber conference taking place Oct 29-30 2024, covers topics regarding bootstrapping compilers, deterministic builds, and stagex, a linux distribution which addresses a number of security risks current linux distributions do not.
Written on October 30, 2024
Read MoreProtecting Your Digital Life and Bitcoin
On this episode of Your Life, Your Terms podcast, Anthony and I dive into some best practices around personal security and how to safeguard your bitcoin!
Written on April 4, 2024
Read MoreAI and Social Engineering
Imagine the following scenario. You are the financial controller of a company, and receive a late night call to join a video chat. Upon joining it, you are met by the CFO, CEO and legal counsel, as well as a few unfamiliar individuals. Your CEO requests that you transfer 10 million dollars to an unknown account. As you observe the video chat, you see a discussion happening around an acquisition of a large company, and an intense debate between several of the individuals. To be respectful of the serious nature of the meeting, you proceed to make the financial transfer without interrupting the meeting. An hour later, you receive a call from your CEO asking why 10 million dollars were transferred out of the account. You explain what happened, and they tell you that they were out for dinner for the last 3 hours, and never invited you to a video call. This is the type of seemingly outlandish scenario that is a fast approaching reality thanks to the generative AI models that have evolved over the last several years.
Written on October 3, 2023
Read MoreElevating Data Security
The modern regulatory landscape frequently mandates the collection and retention of Personally Identifiable Information (PII) and other sensitive information. Financial institutions, in particular, must adhere to Know Your Client (KYC) and Anti-Money Laundering (AML) regulations. However, current regulations may lack prescriptive guidelines for data protection, leaving organizations vulnerable to breaches. This article presents additional data protection techniques that can supplement existing regulations, rather than replace them entirely.
Written on April 14, 2023
Read MoreNostrica Nostr Relay Panel
On this Nostrica panel we talk about Nostr relays, and their future.
Written on March 23, 2023
Read MoreCrushing Cyber Attacks & The Dark Web
On this episode of Your Life, Your Terms podcast, Anthony, Tom and I dive into some best practices around staying safe online!
Written on November 4, 2022
Read MoreTwo Factor Authentication (2FA)
If you haven’t read I Have a Password System, and don’t feel confident with how you manage your passwords, it’s recommended that you read that before you come back to read the rest of this. Two Factor Authentication (2FA) is when access to something is protected by more than just one factor of authentication, for example just a password. When a username and password is used, as well as an additional factor of authentication, such as a code received via email or SMS, you’ve got yourself Two Factor Authentication (2FA). This type of authentication is sometimes also refered to as Multi Factor Authentication (MFA), but the two terms are usually used interchangeably. I’ll refer to it as 2FA going forward.
Written on November 1, 2022
Read MoreI Have a Password System
Even though passwords are one of the most common and basic types of security mechanisms, few understand what makes a good password and how to deal with password management. I frequently come across individuals who have a “password system” they came up with. Usually they don’t reveal how it works exactly, but they proudly profess that they don’t need to remember all their passwords because they “modify” their main password based on the service it’s used for. Although to many this seems like a good practice, it is unfortunately a recipe for disaster, and the intuition as to why this doesn’t work isn’t immediately obvious. It’s better than using the same password verbatim, but not by a lot.
Written on October 11, 2022
Read MoreCan Clicking a Link Get You Hacked?
How much damage can a malicious actor do by getting someone to click on a link? This blog focuses on exploring the different vectors of attack, across a number of browsers, to establish whether clicking a link is enough to result in compromise of a computer, and to further explore how severe the compromise can be.
Written on October 8, 2022
Read MoreWhy Visual Programming Doesn't Suck
I’m here to tell you that visual programming, and diagrammatic reasoning in particular, is a formidable tool-set if used the right way. That is, it only seems to work well if based on a solid foundation rooted in mathematics and computer science. We already abstract our code in order to make it easier to handle — doing it using visual methods such as diagrams is just another way of achieving this.