NIS Directive: Who are the Operators of Essential Services (OES)?

Work for a bank or ISP? Systems going down because of attacks, or negligence, or both? Congratulations, NIS applies to you...: The NIS Directive does not define explicitly which entities are to be considered as OES under its scope. Instead, it provides criteria that Member State

End-to-end encryption means Huawei bans are about availability, not interception

If I understand this volte-face correctly, the guy that wanted encryption banned is also saying that end-to-end encryption mitigates the risk of interception by bad actors?... [...] The former Australian Prime Minister also addressed the ban on Huawei he introduced, and echoed t


Why Microsoft, Google and Apple want you to ditch your password

This was basically the same reasoning we used when selling RSA SecurID tokens in 2001. Passwords, as well as being a security risk, are a pain to manage. There's another reason why 'Big Tech' want you to ditch passwords, it's to lock you in to their Identity and Access Management...


Google Lets iPhone Users Turn Device into Security Key

I've been using my iPhone as a security device with several providers, but each requires a separate app or an enrolment to something like Google Authenticator. This development should help widespread adoption, as long as you have some trust in Google...: Google today announced...

Four Ways to Achieve a Zero Trust Security Model

A reasonably vendor-free intro to zero-trust. I've been banging on about this for a couple of decades so it must be time for it to be fashionable...: [...] Let’s start with a helpful analogy: If you enter your house through the front door, you expect to have access to all the ro