Open Security News week 23-2023

There are many myths about security, and how difficult it is. Cyber security is a complex domain. There is no perfect solution. Never. However there are simple solutions that do work. Often the best cyber security solutions are open well known solutions which everyone can use. Good solutions are not subject to a hype. Open solutions are transparent, so everyone can use and improve these solutions. 

Continue reading “Open Security News week 23-2023”

FOSS Machine Learning News week 20-2023

GPT-4 has brought a storm of hype and fright. Is it marketing froth, or are we watching a fast revolution? Most people who have played with ChatGPT and used other tools in the past (e.g. Google to help with schoolwork) are overwhelmed. The fact that ChatGPT can automatically generate something that reads like human-written text was unexpected. The impact on society and companies will be unknown for the long term. The rapid use of the tools created by the company Openai was unexpected. However the company ‘Openai’ is not creating open tools and using open principles at all. The power that this kind of technology brings we should put more effort on developing open tools that are better and respect our privacy.

Continue reading “FOSS Machine Learning News week 20-2023”

Open Security News week 14-2023

Cyber security is not a solved problem. As technology continues to advance, so do the methods and techniques used by cyber criminals to breach security systems and steal sensitive information. I love new technology and love solving new cyber challenges that come with new technology. So I asked GPT-4 what kind of security challenges we need to manage in the near future. I was surprised by the accuracy of the answer:

GPT-4 could be used to generate highly convincing phishing emails, fake news articles, deepfake videos which could be used to deceive individuals and organizations into divulging sensitive information or taking harmful actions. This could result in data breaches, financial losses, or reputational damage. Most cybersecurity issues with GPT-4 are not yet known.”

So think if a good cyber awareness course is on your agenda for this year. GPT-4 generated hacks and content will harm you sooner or later. Be prepared!

Continue reading “Open Security News week 14-2023”

Open Security News week 9-2023

Complexity has become a significant issue for cyber security. Senior engineers and experts in the cyber domain with years of experience have developed a troubled sight on what is simple and what is complex. My personal core believe is that hard to solve security problems should be fixed through simple solutions. But remember: Simple is not easy. But finding a simple solution is one of my core principles when solving problems. Elegantly simple designs don’t happen by accident. They’re the result of difficult decisions and discussion. A good cyber simple solution does not reinvent the wheel.

Continue reading “Open Security News week 9-2023”

Open Security News week 5-2023

Threats develop constantly as criminals advance their techniques and new vulnerabilities are discovered every day. Therefore, mitigation measures should be continuously developed and updated. However many organisations are depending too much on vulnerable vendor solutions that over promise but under deliver. Taking simple measures at scale, such as applying a security by design approach for all new projects is often lacking. There are no silver bullets when it comes to cyber security. It’s just doing the hard work. Daily.

Continue reading “Open Security News week 5-2023”

Open Security News week 1-2023

This is an unusual post. This time, I want to emphasize the urgent need for reducing cybersecurity risks. We are on a tipping point. Security is required for safety and privacy. We are increasingly dependent on IT: Cars, trains, hospitals, medicines, energy, transportation are not possible today without IT. Without digital technology our world stops. But cyber security has become complex and is poisoned with solutions were transparency is lacking. It is time to stop reinventing the wheel. Simple solutions are often still the best. Make use of solid solutions that do work. There is no magic tool.

Continue reading “Open Security News week 1-2023”

Open Security News week 49-2022

We are all humans. For severe cyber security problems we fall in love with so called ‘Holy Grail’ products. The product capabilities of these product are outlined with vague and difficult marketing buzz. So perfect for managers who lack a solid technical background. But deploying these products can be compared with deliberately installing a large backdoor in your trusted environment. Security by obscurity is a bad security principle. Demand openness and full transparency.

Continue reading “Open Security News week 49-2022”