This Wed I am teaching SANS SEC529: Quantum Security Readiness for Executives.

1 day, virtual, 3 hands-on labs.

Not a quantum hype session. This is the operational, practical course. Myth-busing, what you really have to do, how to build a practical migration plan, how to put together a budget.

Built for CISOs and security leaders who need to start moving now (i.e. everyone).

Register: https://www.sans.org/cyber-security-courses/quantum-security-readiness-executives

#infosec #quantumcomputing #pqc #postquantum #cybersecurity #SANS

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

DATE: March 11, 2026 at 07:34PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

How #Healthcare Can Get Started Addressing #PostQuantum Risk https://t.co/6787maq6ay

Here are any URLs found in the article text:

https://t.co/6787maq6ay

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

DATE: March 11, 2026 at 07:27PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#MedicalDevice Concerns for a #PostQuantum World https://t.co/6yFwJuGogB

Here are any URLs found in the article text:

https://t.co/6yFwJuGogB

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Most traditional systems of encryption were designed with current technology in mind. Change is a threat.

Quantumography is designed with tomorrow in mind, to help protect you from tomorrow's threats.

Insure tomorrow with Quantumography.

#Quantumography #FutureEncryption #PostQuantum #CyberSecurity #DataProtection #Neuronus

Researchers warn that advances in quantum computing could break current crypto wallet encryption within years. Post-quantum cryptography is being developed to secure exchanges and wallets against future quantum attacks. The shift would require significant infrastructure changes across the crypto ecosystem.

https://decrypt.co/360394/post-quantum-shift-crypto-exchanges-wallet-security #Blockchain #Crypto #Security #PostQuantum

Interesting paper on Eprint: A Quantum-Safe Private Group System for Signal from Key Re-Randomizable Signatures

https://eprint.iacr.org/2026/453

E2E encryption in group chats is complex, because security should be many-to-many while allowing for large, dynamic groups. Signal uses state of the art cryptography for this, but it's mostly based on discrete log, so quantum-vulnerable. This paper proposes a new, efficient quantum-resistant construction for this task.

A few caveats by having just a quick skim at the paper:

1) Not everything is quantum-resistant, only parts of the protocol, namely those inherent to privacy. Authentication, instead, is left quantum-vulnerable. The rationale is that harvest-now-decrypt-later attacks are of a more immediate concern, and partial patching allows to not degrade performance too much. While this is a sensitive and pragmatic choice, I think the security community should stop underestimating the danger of trust-now-forge-later attacks, i.e. those involving signatures/authentication: In real-world scenarios, those would probably be much more dangerous than "we'll just switch to PQ signatures when quantum computers arrive". The paper considers this as well, though, as the choice of authentication mechanisms is modular, thereby providing crypto agility.

2) The role of the central server is still crucial to ensure correct execution of the protocol. This is just a reminder that Signal, at the end of the day, is a centralized service. It's way, way better than your Whatsapp, but if centralization is a concern, please consider federated or peer-to-peer alternatives (although Signal's encryption is undoubtedly the gold standard for now).

#signal #cryptography #privacy #security #im #whatsapp #quantum #quantumcomputing #postquantum #pqc

TLDR: I’ve implemented #QuantumResistant #Encryption into my #P2P messaging #webapp using #MLKEM (#Kyber) to protect against future #QuantumComputing threats. Read my latest #Blog post to see how I’m securing #DataPrivacy today.

My journey into #PostQuantum #Security
I’ve been working hard on my latest project update, focusing on how we can protect our #Privacy from the looming threat of "harvest now, decrypt later" attacks. I just finished writing a technical deep dive into how I’ve implemented #QuantumResistant #Cryptography into my #P2P messaging platform.

The core of my approach involves using #MLKEM (formerly #Kyber) to ensure long-term #DataSecurity. I’m particularly proud of the #CascadingEncryption layer I’ve built; by combining #NIST standards with the #SignalProtocol, I'm ensuring that your #Communications remain #Secure even if a single algorithm is compromised in the future.

If you are into #OpenSource, #InfoSec, or #Decentralized #Tech, I’d love for you to read about my implementation and the challenges of bringing #QuantumResistance to the #Browser using #JavaScript.

Read my write-up here:
https://positive-intentions.com/blog/quantum-resistant-encryption

Demo: https://cryptography.positive-intentions.com/?path=/story/cascading-cipher-ml-kem-demo--mlkem-standalone

Crash course in ML-KEM: https://positive-intentions.com/blog/ml-kem-beginner-tutorial

I'm excited to hear what the #Developer and #CyberSecurity community thinks about this #PrivacyFirst milestone!