Dear Readers,
We note the sudden passing of famed security researcher Ross Anderson. He was a large presence in the security community in many capacities, and I encourage you to read this memorial by Wendy Grossman.
Much of the security news these days is about organizations that did not follow the security engineering principles that Ross Anderson taught, and suffered massive consequences. This has caused me to reflect on how we keep moving into new technologies and both acquiring more risk and perhaps the illusion of constant security. In many ways our daily lives are the same as they were many decades ago, despite the fact that foreign agents might know all our personal data and be monitoring our whereabouts. At the current time, our individual personal security seems reasonably good. Nonetheless, our government warns us that enemy nations might turn off our water and shut down commerce and shipping on a whim. An IT worker who is careless with a password can cause a billion dollars in losses overnight. In what sense is this security? The complexity of the problem seems on a par with global warming. Economics, individual decisions, misaligned corporate and government objectives, ... quo vadis?
My hope is for an AI system that can read our research papers from the past 60 years and find the narrow path for putting together the dependable and secure systems that we need.
Sven Dietrich has contributed a review of a book about fair exchange protocols for digital "belongings", an interesting topic on many levels.
Instead of parody, this issue's amusement is suggestions for collective nouns for the jargon of our field, in the style of "a conspiracy of ravens" and other avian groups.Hilarie Orman
A intuberation of root kits
An encipherment of ransomware
An impersonation of phishings
An embezzlement of bitcoins
A factorization of authenticators
A blaze of firewalls
An astonishment of zero days
An equinement of Trojans
...
(add your own collectives!)