Kate's Comment

Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD

Can we trust WhatsApp’s privacy?

Summary / TL;DR WhatsApp looks great on face value and it’s underlying technology is awesome. However, there are some things about it which don’t add up for me, eg. it’s apparently non-existent business model and lack of open sourcey-ness. Further, our faith in it relies too heavily on one person, Moxie Marlinspike, who chooses to remain largely anonymous; a choice…

What do PGP trust levels mean and which should I use?

Following my posts on how to send and receive secure, encrypted emails in Thunderbird with PGP and how to add additional email addresses to your GPG identity, many of the people I’ve been encouraging to use PGP have asked how to decide what level of trust to set for someone’s key. The definitive guide is here here, a modified excerpt…

How to add additional email addresses to your GPG identity (and a face pic)

This is an addendum to my article on how to encrypt email using PGP and Thunderbird. I have many email addresses; my Memset one, my personal one (at craig-wood…), my Wood Tech one and others. All of these are tied into just one PGP identity which makes life much simpler both for me and also people wishing to communicate with…

How to send and receive secure, encrypted emails in Thunderbird with PGP

A step-by-step guide to setting up and using PGP encryption with email for Thunderbird.

How to get staff through Security Clearance via G-Cloud

About government security clearances We have now got the security process down to a slick procedure with G-Cloud, and I’m sharing that in this post. In order to offer IL3 services to Her Majesty’s Government your staff that are involved in those services (eg. systems administrators, software developers, technical architects) need to have Security Clearance (SC). SC is a bit…

Security Aspects Of Open Source Software

Nick and I have built a market-leading, multi-award-winning, multi-million dollar hosting/cloud IaaS company using entirely open source software and an “automate everything” philosophy. We have recently attained a cross-government CESG accreditation for our service under the G-Cloud project, incorporating the open source hypervisor Xen, even though Xen itself was not certified. Here are my views on why open source is actually more secure and reliable than alternatives.

Evolution of storage #1: resilience

I contend that the next stage of evolution of storage is “Just a Bunch of Disks” (JBOD), comprised of a range of media types with different performance characteristics, and with software doing the cleverness. In this first post (1 of 2) I shall address the resilience aspects of this evolution. RAID failings Large RAID (Redundant Array of Independant Disks) systems…

How safe is cloud computing? (infographic)

Infographic summarising cloud security including using cloud computing as a weapon.

Is The Cloud Safe?

Cloud security is nothing mysterious and the same approaches that one takes when verifying any supplier’s integrity should be followed. You should ask questions like: 1) Will the data remain within the EU (for data protection) 2) Who in the supplier organisation has access to my data and what control are placed upon them? 3) What checks does the supplier…

Password security

I’m very proud of my personal and corporate security. At work we use pwgen to create passwords, a sample of our tool is inset and you can access it yourself here. Our policy dictates that staff choose one for themselves and since we know it is cryptographically strong (ie. not based on anything guessable) we don’t require that they change…