About Sophie

Trials & tribulations of my increasingly full-time girl-mode.

sophie @ baskerville.net

Tag: cybersecurity

  • Resilient Assurance: A Failure-Assumed Approach to Confidence and Control

    “Mature assurance is not the pursuit of perfect prevention. It is the disciplined management of inevitable failures” Limits of Classical Assurance Traditional or classical Assurance tends to make assumptions; that controls are implemented, that controls operate correctly, and thus that risk is reduced. In practice, things are not generally so simple. Controls decay. Environments change…

  • I Was Attacked, Linux Was Rooted, and GPT Emitted Too Many Goblins

    A mixed week, overshadowed by the fact that I was the target of a violent hatecrime on Wednesday evening. Bruised, bloodied, and quite badly shaken. Not an ideal week overall for me. Linux Local Pwnage: Copy-Fail CVE-2026-31431 “Copy-Fail” is powerful & remarkably reliable local privilege escalation to UID 0. It was found using a specialised…

  • Strong Ciphers, Weak Assumptions

    The best laid plans of mice and men… A lot of attention has been paid to the design and implementation of messaging apps. Signal usually comes out as being considered the most trustworthy of the bunch by people who worry about detail, but there are other apps with real end-to-end encryption too. Of course, subverting…

  • “Left of Bang”

    The term “Left of Bang” may be familiar to those with military background or experience, especially if that includes experience of the US military. But the concept is simple enough. There’s even a decade-old book all about it with the same title (ISBN-13: 978-1936891306, published June 2014, easily obtainable). What is “Left of Bang”? Once…

  • How will Quantum Vulnerable Encryption (QVE) unravel?

    I’ve written a little recently (and less recently!) about Post Quantum Encryption and how action is needed NOW. How the timeline of QVE’s unravelling and collapse will take place is almost impossible to say. But we might usefully draw some lessons from the collapse in confidence of the MD5 hashing algorithm. Let’s look at the…

  • [***NOT REDACTED***]

    Or “Redaction Failures”. There have been many high-profile redaction failures over the years[1]. So it may help to briefly classify[2] them into some different types. Context & Inference That last category is rarely talked about. After all, techies love technical failures or clever technical workarounds. Context & Inference is terribly boring in comparison – but…

  • Post Quantum Worries

    Look, I don’t like to be the bearer of  bad tidings, but hardly anyone I have talked to is doing anything about it at all, claiming it isn’t needed yet. Or as I like to term it “Don’t wait, procrastinate NOW”. TL;DR I wrote about it over a year ago, here. It isn’t a long…

  • Aaand it’s Amateur Phishing Night on LinkedIn!

    There is quite a lot going on over on LinkedIn. Some of it is even validly business-related and useful, but a significant amount is not. This has worsened with its continued slide towards becoming more & more like facebørk, a deliberate strategem by its owner. There is phishing, impersonation, social engineering… If you are female…

  • Supporting Future Leaders and Players in Cybersecurity

    There is a significant shortfall in the number of cybersecurity practitioners required across the world, and specifically of concern to me, in Europe[1]. It’s not merely numbers either – we need both greater numbers but also highly skilled and experienced practitioners. These do not grow on trees… they must be encouraged and nurtured, and I…

  • Do you think ransomware is scary? It will be.

    Ransomware attacks have been in the news a lot recently; M&S, Co-op, Jaguar Land Rover, Heathrow Airport & other airports. But compared with what I’m expecting to come these are all relatively harmless. Don’t misunderstand me; they all cause harm, and real harm to real people, but this is caused indirectly. My fear is that…