The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo—all keen cryptographers—initially thought the batch of encoded documents related to Italy, because that was how they were filed at the Bibliothèque Nationale de France.
However, they quickly realised the letters were in French. Many verb and adjectival forms being feminine, regular mention of captivity, and recurring names—such as Walsingham—all put them on the trail of Mary. Sir Francis Walsingham was Queen Elizabeth’s spymaster.
The code was a simple replacement system in which symbols stand either for letters, or for common words and names. But it would still have taken centuries to crunch all the possibilities, so the team used an algorithm that homed in on likely solutions.
When Ubiquiti suffered a hack the world assumed it was just a regular security breach, but the truth was much stranger… why are police happy that criminals keep using end-to-end encrypted messaging systems… and why is the Apple Watch being accused of crying wolf?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Plus don’t miss our featured interview with SecurEnvoy’s Chris Martin.
Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers.
The collective security/security engineering team mindset is also that of a builder, quite different from that of a penetration tester or third-party risk management assessor. This presents a challenge to security leaders. As security engineering teams continue to grow in prominence, CISOs need to be intentional with their structure and development.
The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are building about a potential adversarial nation.
The physical threat posed by this balloon and the collection platform that dangled below it was negligible unless the balloon fell from the sky and landed in a populated area. It did not. When it met its demise, it was shot down by a US F-22 Raptor and fell into US territorial waters off the coast of South Carolina.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
