geordiepingu.co.uk

Category: Security

  • Why does software development need zero trust?

    Why does software development need zero trust?

    Disclaimer: The following article is a blog post I wrote for Nexor, based on things I’ve been working on over the past few years. The last few weeks have continued to demonstrate the impact of a compromised software supply chain – whether that’s realised by malicious threat actors or lack of software quality control. CrowdStrike,…

  • Are we approaching AI’s trough of disillusionment?

    Are we approaching AI’s trough of disillusionment?

    The internet has criticised – jestfully – the capability of AI for several years now. It started with computer vision capabilities in their youth, where cats were often identified and inferred as dogs, when blockchain was still the hype for Y Combinator candidates and investors with more money than technical prowess. A flow chart that…

  • How do you trust artificial intelligence? (draft)

    How do you trust artificial intelligence? (draft)

    (This is a blog I am drafting for Nexor, and seeking wider thoughts and comments on before publication) Recent events in the news have us pondering a fundamental trust issue with AI models, whether that’s trusting the data with which we train them, or the result of which they infer. Large Language Model (LLM) poisoning…

  • Zero Trust is not just an architecture

    Zero Trust is not just an architecture

    Zero trust is not a magic black box product either. Those that know me are aware that I’m very much a “let’s go back to first principles” kind of person, and often that has saved me from going down rabbit holes, or has found overlooked flaws in previous enterprise architectures and highlighted a clearer path…

  • DevSecOops: 3CX Hack – Supply Chain Attack

    DevSecOops: 3CX Hack – Supply Chain Attack

    Very recently, 3CX, a VOIP and PBX software developer was compromised. According to their website, over 600,000 businesses globally use 3CX solutions to power voice communications in their business. Some customers include the NHS, Air France, PWC, just to give some context. Policy For Suspected Attacks My jaw hit the floor and bounced back, causing…

  • SecOops: Arnold Clark

    SecOops: Arnold Clark

    Recently, Arnold Clark became one of the latest victims of note to Play ransomware. Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com) This has huge implications for customers of Arnold Clark, never mind Arnold Clark themselves with the potential GDPR fines involved. Customer data not only has been stolen, but presumably…