Tobias Schlauch8h ago
Alexandre Dulaunoy

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

5:41amWeb
Show threadMaxime Verac9h ago
@adulau Thank you! And for many org, PQC issues should not even be in their threat model. But that's probably a sexy name to get some attention and budget, but indeed, should not make it into the priority list for most org...
Show threadSerge Droz9h ago

@adulau Quantum Computing is the new block chain.

But let's face it: It's easier to babble about fuzzy threats than do something about existing ones, be this in IT-Security or Climate change. The former makes you important in a linkedin sense, the later is actually hard work.

Show threadstuartwest7h ago
@adulau based take