AI and Social Engineering

Imagine the following scenario. You are the financial controller of a company, and receive a late night call to join a video chat. Upon joining it, you are met by the CFO, CEO and legal counsel, as well as a few unfamiliar individuals. Your CEO requests that you transfer 10 million dollars to an unknown account. As you observe the video chat, you see a discussion happening around an acquisition of a large company, and an intense debate between several of the individuals. To be respectful of the serious nature of the meeting, you proceed to make the financial transfer without interrupting the meeting. An hour later, you receive a call from your CEO asking why 10 million dollars were transferred out of the account. You explain what happened, and they tell you that they were out for dinner for the last 3 hours, and never invited you to a video call. This is the type of seemingly outlandish scenario that is a fast approaching reality thanks to the generative AI models that have evolved over the last several years.

Written on October 3, 2023

Read More

Elevating Data Security

The modern regulatory landscape frequently mandates the collection and retention of Personally Identifiable Information (PII) and other sensitive information. Financial institutions, in particular, must adhere to Know Your Client (KYC) and Anti-Money Laundering (AML) regulations. However, current regulations may lack prescriptive guidelines for data protection, leaving organizations vulnerable to breaches. This article presents additional data protection techniques that can supplement existing regulations, rather than replace them entirely.

Written on April 14, 2023

Read More

Two Factor Authentication (2FA)

If you haven’t read I Have a Password System, and you don’t feel confident with how you manage your passwords, I recommend reading that before you come back to read the rest of this. Two Factor Authentication (2FA) is when access to something is protected by more than just one factor of authentication, for example a password. When you use a username and password, as well as an additional factor of authentication, such as a code you receive via email or SMS, you’ve got yourself Two Factor Authentication (2FA). If you had more than two factors, technically that would be Multi Factor Authentication (MFA), but the two terms are usually used interchangeably, and I’ll just refer to it as 2FA going forward.

Written on November 1, 2022

Read More

I Have a Password System

Even though passwords are one of the most common and basic types of security mechanisms, few understand what makes a good password and how to deal with password management. I frequently come across individuals who have a “password system” they came up with. Usually they don’t reveal how it works exactly, but they proudly profess that they don’t need to remember all their passwords because they “modify” their main password based on the service it’s used for. Although to many this seems like a good practice, it is unfortunately a recipe for disaster, and the intuition as to why this doesn’t work isn’t immediately obvious. It’s better than using the same password verbatim, but not by a lot.

Written on October 11, 2022

Read More

Can Clicking a Link Get You Hacked?

How much damage can a malicious actor do by getting someone to click on a link? This blog focuses on exploring the different vectors of attack, across a number of browsers, to establish whether clicking a link is enough to result in compromise of a computer, and to further explore how severe the compromise can be.

Written on October 8, 2022

Read More

Why Visual Programming Doesn't Suck

I’m here to tell you that visual programming, and diagrammatic reasoning in particular, is a formidable tool-set if used the right way. That is, it only seems to work well if based on a solid foundation rooted in mathematics and computer science. We already abstract our code in order to make it easier to handle — doing it using visual methods such as diagrams is just another way of achieving this.

Written on August 30, 2018

Read More