The ethics of bitcoins and other cryptocurrencies

Is a bitcoin investor unknowingly supporting illegal drug trade and child pornography? Do the drawbacks of using cryptocurrency exceed the advantages to society at large?

This is a topic that no one talks about. The ethics of cryptocurrency. To even begin to think about the ethics of cryptocurrency, we will need to know a little more about cryptocurrency and money in general.


2017 – The year in Infosec

2017 - The year in Infosec

Should I continue to call it Infosec? Or should I change with the times to call it ‘Cybersecurity’? Whatever the name, 2017 was an interesting year for information security or cybersecurity or whatever you choose to call it. Here are a few things of note that happened:

This is rather long post, so read it when you have the time. A quick set of links to the topics covered:

Data Privacy - A big leap

Cybersecurity - skill gap

Artificial intelligence is here

State Sponsored cyber attacks

The social media giants and their antics

Aadhar and the hullabaloo around it

Large scale data breaches



2016 – The year in infosec

Note: This is a long post about infosec in 2016 and 2017. Read when you have the time.

2016 has been an interesting year. Donald Trump became president elect. The Syrian crisis worsened. Brexit happened.  India demonetised 87% of its currency in one stroke. Cybersecurity and infosec was uttered more frequently in corporate boardrooms - and for good reason too.

How was the year for infosec? Here are a few areas where things happened and will probably continue to happen in 2017.


The Apple encryption saga…

Apple’s CEO Tim Cook, in a very public letter, has opposed the US government’s demand to incorporate a ‘backdoor’ in an iPhone 5C. The cyber world has been abuzz with activity ever since.

I have been following this with interest, and also trying to make sense of, arguably, one of the biggest question since Edward Snowden. A few questions come to mind and I try to muse through them here:


Password image

The quest for good passwords

Passwords are easily the most talked about infosec control. Perhaps the simplest concept the explain and surprisingly hard to implement well. Allow a user to keep any password, without restriction, and she will keep her username as the password. Add complexity requirements and she will write it down.

Infosec professionals take every possible measure to get users to keep their passwords confidential. They provide guidelines on creating good complex passwords. They use analogies - ‘  A password is just like a key! Would you share the key to your house?’. They enforce password rules by building them into the systems. Try as you might, it seems that people and passwords seem to have a healthy dislike for each other.


The mysterious disappearance of TrueCrypt

It is difficult to imagine a time without TrueCrypt. I do not even remember how I first got to know of TrueCrypt. I remember, however, moving the mouse randomly to create a new container. Young and foolish at that time, I thought it was a gimmick - not knowing that random number generation can be such a big pain. However, the software itself was great to use. Ever dependable. It had an element of mystery as well - the password for ‘duress’ where you could dump dummy data. It made you feel like a bit of a spy.




The HeartBleed FAQ

The dust seems to be settling over the Heartbleed storm. Questions have been asked and answered. The experts and the newbies have voiced their opinions. This, I feel, is a good moment to answer those little questions that we have always been meaning to ask, but feared being thought of as stupid. Here is my attempt to explain Heartbleed in simple question and answer format. I have provided as many references as possible for further exploration. Feel free to suggest changes / corrections!



Top 5 posts on PracticalInfoSec – 2013

top 5 2013

Yet another year goes by in the infosec world. This is probably my first year of regular blogging. By regular, I mean at least one post a month (as opposed to the promised one post a fortnight!) Rather than think of anything new at this time of the year, I thought of going with the flow and posting a top 5 list (going against my cardinal rule, of course!). So, here is a list of the top 5 most read posts from my blog:


Life and Probability


God controls the averages, not the individual.

I was impressed by this line when I read it in Scott Adam’s brilliant  book - God’s Debris’.

I could almost imagine God to be looking at data and tweaking it (like a benevolent central banker) to control the averages. Too many people? Hmm…. Increase lifestyle diseases. Too much pollution? Clear out an area with a typhoon. Too many low quality apps? Release a computer virus… It sort of explains why some people suffer and some have a gala time. We are just an average. A statistic.