Security nihilism: Never good enough.

Mar 11, 2017

In the last couple of years, a meme that's come to be known as security nihilism has appeared in the security community.  In a nutshell, because there is no such thing as perfect security, there is no security at all, so why bother?  Talking about layered security controls that reinforce each other is pointless because they always skip right to the end, which is the circumvention of the nth countermeasure and final defeat.  In the crypto community, cries of "Quantum computer!" are the equivalent of invoking Godwin's Law, leading to the end of all discourse, nevermind trying to separate the marketing hype from what's actually possible or the decade-odd of research into post-quantum cryptosystems.  This has lead to a certain amount of attrition in the community.  It is my considered opinion that this may be one of the main reasons why many so-called security practitioners don't actually bother doing anything, including not even installing patches.  No, I'm not speaking hyperbolically, I've witnessed this first-hand I'm sorry to say.

My paper about threats to emerging financial entities passed peer review and will be published.

May 28, 2016

As you may or may not remember, late last year I presented via telepresence at the Nigeria ICT Fest, where I gave a talk about security threats to emerging financial entities. Following the conference I was invited to turn my presentation into an academic paper for an open-access, peer-reviewed journal called Postmodern Openings which is published on a biannual basis. Postmodern Openings seems to publish a little bit about everything, from the ethics of advertising to children to lessons learned from studying the economic systems of entire countries to the anthropological ins and outs of caring for children with chronic kidney diseases. It seems like a lot of weird, rarefied stuff and to some extent that's true, or at least that's true insofar as any academic publishing is concerned. As with many journals, occasionally the reader finds something that had been previously not considered and broadens one's horizons (or at least I do, but then again I read academic journals for fun). I was informed early last week that my paper had passed peer review and would be published in the next edition of the journal which can be read here in its entirety. If you need the ISSN of Postmodern Openings to cite any papers in there or look the journal up in a database it's 2068–0236; it also has an e-ISSN of 2069-9387.

The journal publishes under a Creative Commons By Attribution-Noncommercial-No Derivatives license to ensure that everybody who needs access to the articles can get access to them because most academic publishing is a racket. When Postmodern Openings takes the articles in this edition live I'll post my own here as a PDF.