"Google Cloud Security Threat Horizons Report #11 Is Out!" https://bit.ly/3PM6ced <- our new cloud threat report with (mostly!) same old - same old cloud issues -)
Anton Chuvakin
- 1.6K Followers
- 1.1K Following
- 251 Posts
"A Brief Guide for Dealing with ‘Humanless #SOC’ Idiots" https://bit.ly/3C6APbn <- it is kinda a joke post, yet as they say "there's a grain of truth in every joke"...
"Securing Inherited Cloud: Top Lessons" https://bit.ly/4fYsmoh <- an extended version of our post on how to secure a cloud environment you inherited!
Google Cloud Office of the CISO 2024 Year in Review: AI Trust and Security https://bit.ly/3WhQB9Y <- a collection of fun (well, OK, they are not all fun!) things on securing AI we wrote in 2024
New Paper: “Future of #SOC: Transform the ‘How’” (Paper 5) https://bit.ly/4jmA7Ye <- follows the ideas from our "transform vs optimize" paper and gives a few tips on how to run the SOC project alongside another related effort (It is fun! I promise!)
"Anton’s Security Blog Quarterly Q4 2024" https://bit.ly/3ZLqKJA <- my slightly improved list of popular blogs, podcasts and presentations, curated by a human with some ideas from AI -)
"Celebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!" https://bit.ly/41iE2yG
Celebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!
A few weeks ago, our podcast turned 200! In this case, we are talking about episodes, not years. We (that is, Tim Peacock and myself) definitely feel like we have to say something humorous, pithy…
"Anton’s Alert Fatigue: The Study" https://bit.ly/3UJWBI1 is a result of some agonizing pondering of the "alert fatigue problem" over the years. Hopefully it is a fun read, because it was not a very fun write -)
"Get an Untrusted Security Advisor! Have Fun, Reduce Fail!" https://bit.ly/3BMaajh <- a collection on random, incomplete thoughts about some uses of #GenAI (#LLM really) for security. Not meant to be comprehensive or (very) analytical, so please no "YOU MISSED <this>" comments :-)
Sophie Schmieg@darkuncle for the very least, the articles that I've seen have multiple red flags:
* "Military grade encryption": not a term cryptographers use, ever.
* Breaking both RSA and AES: no known plausible mechanism to break both with the same approach
* Details withheld due to sensitivity: there are zero knowledge proofs (well sorta, slight abuse of terminology here) you could give (for both AES and RSA) that would show that you have this capability. For example, sign something with the RSA2048 challenge number, or reveal the AES key of a plaintext/ciphertext pair that is generated by a trusted non colluding third party. You wouldn't reveal anything about your methods, but you would show that you have the capability.
Extraordinary claims require extraordinary evidence. And I haven't even been able to access the paper so far, so I do not see the extraordinary evidence.