Security Lessons from Bletchley Park and Enigma

•

1 like•695 views

The document discusses lessons learned from breaking the German Enigma cipher during World War 2 at Bletchley Park. It summarizes 5 key lessons: 1) metadata is important, 2) detect and respond to compromise, 3) don't rely too heavily on users, 4) use proper randomness, and 5) don't underestimate adversaries. These same mistakes are still made today. Following principles from information theory and computer science can help avoid such mistakes in the future. Visiting Bletchley Park helps remember these important lessons.

Franklin Heath Ltd
Security Lessons from Bletchley Park and Enigma
09 Dec 2014
Image: Bletchley Park Mansion by Antoine Taveneaux

CC BY 3.0
Topics
 Why we should remember Bletchley Park
 Where the German cipher bureau went wrong
 Similar mistakes that are still made today
 How we might avoid these mistakes in future
09 Dec 2014 2
© Franklin Heath Ltd

CC BY 3.0
Why We Should Remember
Bletchley Park (and Enigma)
09 Dec 2014 3
© Franklin Heath Ltd
“… the greatest achievement of Britain during 1939-45 …”
– George Steiner, 1983
“Those who cannot remember the past are condemned
to repeat it.”
– George Santayana, 1906

CC BY 3.0
Enigma and the Bombe
09 Dec 2014 4
© Franklin Heath Ltd
Image Credit: Antoine TaveneauxImage Credit: Greg Goebel

CC BY 3.0
Cryptanalytic Heroes – Enigma
09 Dec 2014 5
© Franklin Heath Ltd
Rejewski,
Różycki &
Zygalski
John
Herivel
Alan
Turing
Gordon
Welchman
“Dilly”
Knox
Mavis
Lever

CC BY 3.0
Lorenz and Colossus
09 Dec 2014 6
© Franklin Heath Ltd
Image Credit: Adam Foster Image Credit: Robin Zebrowski

CC BY 3.0
Cryptanalytic Heroes – Lorenz
09 Dec 2014 7
© Franklin Heath Ltd
John
Tiltman
Bill
Tutte
Max
Newman
Tommy
Flowers

CC BY 3.0
Lesson 1. Metadata Matters
09 Dec 2014 8
© Franklin Heath Ltd
Image Credit: John McCafferty

CC BY 3.0
2. Detect Compromise and
Respond to it
09 Dec 2014 9
© Franklin Heath Ltd
HMS Gleaner 12 Feb 1940 HMS Griffin 26 Apr 1940
HMS Somali 04 Mar 1941 & 07 May 1941 HMS Bulldog 09 May 1941
HMS Tartar 28 Jun 1941 HMS Petard 24 Oct 1942

CC BY 3.0
3. Don’t Ask for Too Much from
Users
09 Dec 2014 10
© Franklin Heath Ltd
Image Credit:
Helge Fykse

CC BY 3.0
4. Be Properly Random
09 Dec 2014 11
© Franklin Heath Ltd

CC BY 3.0
5. Don’t Underestimate Your
Adversaries
09 Dec 2014 12
© Franklin Heath Ltd

CC BY 3.0
How We Still Make the Same
Types of Mistake
 Insecure metadata
 Document info, call records, HTTPS routing …
 Undetected compromise
 e.g. Oct 2014 White House security breach
… or unable to respond
 “Class breaks”, hardcoded keys, non-upgradable algorithms …
 Relying on users
 passwords, insecure defaults, security prompts …
 Poor randomness
 Flaws in PRNGs for key generation
 Underestimating Adversaries
 Rainbow tables, GPUs, weak copy protection …
09 Dec 2014 13
© Franklin Heath Ltd

CC BY 3.0
How Can We Avoid Such
Mistakes in Future?
 Don’t be dazzled by the new and shiny 
 Use sound Information Theory and Computer Science
 e.g. Saltzer & Schroeder’s principles (1975):
 Economy of Mechanism
 Fail-safe Defaults
 Complete Mediation
 Open Design (c.f. Kerckhoff’s Principle, 1883)
 Separation of Privilege (c.f. Defence in Depth)
 Least Privilege
 Least Common Mechanism
 Psychological Acceptability
09 Dec 2014 14
© Franklin Heath Ltd

CC BY 3.0
Summary
09 Dec 2014 15
© Franklin Heath Ltd
 Enigma, although theoretically strong, was undermined by
poor operating procedures and traffic analysis
 Five specific lessons:
 Metadata Matters
 Detect Compromise and Respond to it
 Don’t Ask for Too Much from Users
 Be Properly Random
 Don’t Underestimate Your Adversaries
 Good information security then = good cybersecurity now
 Come and visit Bletchley Park!

The phone industry's move to open source operating systems is an opportunity for concerned individuals to implement functionality that the phone manufacturers and network operators can't or won't do themselves and touch the lives of millions of people. This presentation covers specific opportunities for enhancing phone users' security and privacy, redressing the balance of power between individuals and faceless organisations.

Role of media in a film festival

Karthik Nagamma

Security Lessons from Bletchley Park and Enigma

Craig Heath

The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives? How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Free Complete Python - A step towards Data Science

RinaMondal9

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

2024 State of Marketing Report – by Hubspot

Marius Sescu

https://www.hubspot.com/state-of-marketing · Scaling relationships and proving ROI · Social media is the place for search, sales, and service · Authentic influencer partnerships fuel brand growth · The strongest connections happen via call, click, chat, and camera. · Time saved with AI leads to more creative work · Seeking: A single source of truth · TLDR; Get on social, try AI, and align your systems. · More human marketing, powered by robots

Everything You Need To Know About ChatGPT

Expeed Software

ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!

Recently uploaded

Enhancing Performance with Globus and the Science DMZ

Globus

The Metaverse and AI: how can decision-makers harness the Metaverse for their...

Jen Stirrup

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

Free Complete Python - A step towards Data Science

RinaMondal9

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Recently uploaded (20)

Enhancing Performance with Globus and the Science DMZ

The Metaverse and AI: how can decision-makers harness the Metaverse for their...

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Pushing the limits of ePRTC: 100ns holdover for 100 days

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Removing Uninteresting Bytes in Software Fuzzing

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Quantum Computing: Current Landscape and the Future Role of APIs

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

RESUME BUILDER APPLICATION Project for students

Essentials of Automations: The Art of Triggers and Actions in FME

Free Complete Python - A step towards Data Science

GraphRAG is All You need? LLM & Knowledge Graph

Climate Impact of Software Testing at Nordic Testing Days

Elevating Tactical DDD Patterns Through Object Calisthenics

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Featured

2024 State of Marketing Report – by Hubspot

Marius Sescu

Everything You Need To Know About ChatGPT

Expeed Software

Product Design Trends in 2024 | Teenage Engineerings

Pixeldarts

How Race, Age and Gender Shape Attitudes Towards Mental Health

ThinkNow

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

5 Public speaking tips from TED - Visualized summary

SpeakerHub

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management

MindGenius

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

Featured (20)

2024 State of Marketing Report – by Hubspot

Everything You Need To Know About ChatGPT

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Security Lessons from Bletchley Park and Enigma

1. Franklin Heath Ltd Security Lessons from Bletchley Park and Enigma 09 Dec 2014 Image: Bletchley Park Mansion by Antoine Taveneaux

2. CC BY 3.0 Topics  Why we should remember Bletchley Park  Where the German cipher bureau went wrong  Similar mistakes that are still made today  How we might avoid these mistakes in future 09 Dec 2014 2 © Franklin Heath Ltd

3. CC BY 3.0 Why We Should Remember Bletchley Park (and Enigma) 09 Dec 2014 3 © Franklin Heath Ltd “… the greatest achievement of Britain during 1939-45 …” – George Steiner, 1983 “Those who cannot remember the past are condemned to repeat it.” – George Santayana, 1906

4. CC BY 3.0 Enigma and the Bombe 09 Dec 2014 4 © Franklin Heath Ltd Image Credit: Antoine TaveneauxImage Credit: Greg Goebel

5. CC BY 3.0 Cryptanalytic Heroes – Enigma 09 Dec 2014 5 © Franklin Heath Ltd Rejewski, Różycki & Zygalski John Herivel Alan Turing Gordon Welchman “Dilly” Knox Mavis Lever

6. CC BY 3.0 Lorenz and Colossus 09 Dec 2014 6 © Franklin Heath Ltd Image Credit: Adam Foster Image Credit: Robin Zebrowski

7. CC BY 3.0 Cryptanalytic Heroes – Lorenz 09 Dec 2014 7 © Franklin Heath Ltd John Tiltman Bill Tutte Max Newman Tommy Flowers

9. CC BY 3.0 2. Detect Compromise and Respond to it 09 Dec 2014 9 © Franklin Heath Ltd HMS Gleaner 12 Feb 1940 HMS Griffin 26 Apr 1940 HMS Somali 04 Mar 1941 & 07 May 1941 HMS Bulldog 09 May 1941 HMS Tartar 28 Jun 1941 HMS Petard 24 Oct 1942

13. CC BY 3.0 How We Still Make the Same Types of Mistake  Insecure metadata  Document info, call records, HTTPS routing …  Undetected compromise  e.g. Oct 2014 White House security breach … or unable to respond  “Class breaks”, hardcoded keys, non-upgradable algorithms …  Relying on users  passwords, insecure defaults, security prompts …  Poor randomness  Flaws in PRNGs for key generation  Underestimating Adversaries  Rainbow tables, GPUs, weak copy protection … 09 Dec 2014 13 © Franklin Heath Ltd

14. CC BY 3.0 How Can We Avoid Such Mistakes in Future?  Don’t be dazzled by the new and shiny   Use sound Information Theory and Computer Science  e.g. Saltzer & Schroeder’s principles (1975):  Economy of Mechanism  Fail-safe Defaults  Complete Mediation  Open Design (c.f. Kerckhoff’s Principle, 1883)  Separation of Privilege (c.f. Defence in Depth)  Least Privilege  Least Common Mechanism  Psychological Acceptability 09 Dec 2014 14 © Franklin Heath Ltd

15. CC BY 3.0 Summary 09 Dec 2014 15 © Franklin Heath Ltd  Enigma, although theoretically strong, was undermined by poor operating procedures and traffic analysis  Five specific lessons:  Metadata Matters  Detect Compromise and Respond to it  Don’t Ask for Too Much from Users  Be Properly Random  Don’t Underestimate Your Adversaries  Good information security then = good cybersecurity now  Come and visit Bletchley Park!

Security Lessons from Bletchley Park and Enigma

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Security Lessons from Bletchley Park and Enigma