Monday, September 8, 2025

Vegan Dogs and Cybersecurity: How the World Is Burning While We Bark at the Wrong Fires

 


This week’s headline: “New research shows dogs can be vegan too.”

Meanwhile, ransomware groups are institutionalizing, deepfake phishing is now indistinguishable from reality, and generative AI is becoming the go-to tool for low-cost cyberwarfare.

But sure, let’s talk about tofu for terriers.

This isn’t about dogs. It’s about distraction.
We live in a time where the illusion of progress is sold harder than progress itself. Whether it's carbon offsets for corporate jets, "green" data centers hosted by surveillance giants, or now - climate-conscious kibble for pets - we’re drowning in narratives that keep the spotlight off the real vulnerabilities.

Cybersecurity isn’t just a tech issue anymore. It’s a societal one.

We’re patching CVEs while execs re-use passwords.
We’re selling “zero trust” while trusting third-party vendors with no audits.
We’re pushing AI detection models built on training sets scraped without consent.
And now, we’re saving the planet… by feeding lentils to Labradors.

When the system rots from the inside, security isn't about code - it's about courage.

So here’s a question for my fellow cybersecurity professionals:

🔐 Are you here to secure endpoints?
🧠 Or are you ready to question the endgame?

Because if we don’t challenge the frameworks behind the madness - surveillance capitalism, digital colonialism, corporate theater masked as ESG - we’re not protecting users. We’re just optimizing exploitation.

Meanwhile, the machine gets leaner. Smarter. Hungrier.

And yes, even the dogs are going vegan.

Tuesday, August 19, 2025

Jiuzhang 3.0 is not a cryptographic threat. But the next generation of universal fault-tolerant machines will be!

 

Recently, China made waves with its photonic quantum computer, Jiuzhang 3.0, solving Gaussian boson sampling problems 10 billion times faster than classical supercomputers.

✅ Yes, it's a leap in quantum speed.
❌ No, it cannot break encryption - yet.

Jiuzhang isn’t a universal quantum computer.

❌ It can’t run Shor’s algorithm.
❌ It has no error-corrected qubits, no gates, and no fault tolerance.

But the writing is on the wall.

🧠 What would it take to break RSA-2048?

- 4,000 logical qubits
- Millions of physical qubits (with error correction)
- A week of compute time, maybe less

And it’s no longer theoretical - it’s on the roadmap

⚠️ The risk isn’t Jiuzhang. It’s complacency.

Most organizations are still relying on RSA and ECC, while quantum research accelerates at a pace few outside the field are tracking.

Harvest-now-decrypt-later isn’t a theory anymore.

Data stolen today could be decrypted in the next decade - or sooner.

🛡️ The move to post-quantum cryptography isn’t optional.

It’s the bare minimum for long-term security.

If you’re not planning for a post-quantum world, someone else is - and it won’t be for your benefit.

Also visit: https://quangntenemy.substack.com/p/jiuzhang-30-is-not-a-cryptographic

Wednesday, July 23, 2025

This Is Just a Test Post. DO NOT READ

 

Maybe Some Elite Players Will Understand the Meaning

Sometimes, the most significant messages hide behind the simplest words.

This post? Just a test. Or so it seems.

Most will scroll past without a second thought. But a few—those with sharp eyes and sharper instincts—might catch the deeper layer. It’s not obvious. It’s not loud. But it’s there.

And here’s the kicker:
If this lands the way it’s meant to, it could cost Facebook millions.

No clickbait. No exaggeration. Just quiet potential in plain sight.

Maybe nothing happens. Or maybe, everything shifts.

That part? Depends on who’s watching.

You know who you are.

DO NOT CLICK HERE => REALLY DANGEROUS LINK THAT SHOULD NOT BE CLICKED

Friday, July 18, 2025

🔐 Encryption ≠ Security

 

Just because something’s encrypted doesn’t mean it’s secure.
We saw that play out - painfully clearly - during Google CTF 2025.

🕒 Last month, our team took on a challenge called crypto-numerology.

At first glance, it looked solid: a stream cipher modeled after ChaCha20. It had proper constants, key/nonce structure, and ciphertext that looked convincingly random.

But there was one critical detail.

👉 It only used one round of mixing.

That one shortcut changed everything.

With a known key and a few plaintext/ciphertext pairs, we could fully recover keystream blocks. From there, it only took a small brute-force over a 32-bit counter to reveal the flag.

No fancy math. No deep exploit chain.
Just a cipher that looked like encryption - but offered none of its guarantees.

🔍 What struck me most was how realistic this failure felt.

This wasn’t just a broken CTF challenge.
It was a reflection of how real-world systems break:

“One round should be fine.”
“Nobody will reuse this nonce.”
“It’s just for internal use.”

Security doesn't usually break in dramatic ways - it rots quietly, through shortcuts and assumptions that go unchallenged until it’s too late.

🧠 Takeaway:
In cryptography, almost secure means completely broken.
True security means refusing to compromise—even when it’s tempting.

📖 If you're interested in the technical breakdown, we shared the full write-up here:

Monday, July 7, 2025

"Harvest Now, Decrypt Later" - and Nobody Cares

 


The quantum threat isn't some distant apocalypse.

It's happening now - just slowly enough that no one feels responsible.

Attackers are collecting encrypted data today, confident that tomorrow's quantum machines will crack it open like a cheap lock.

And why wouldn't they? Most defenders are busy chasing compliance checkboxes and pretending RSA will hold forever.

Everyone talks about “zero trust,” but they still trust 90s-era cryptography in a world that's moving toward post-truth, post-ethics, and soon, post-quantum.

The uncomfortable reality: 💀If your secrets can't survive a decade on ice, they're already compromised.

And if your org isn't even thinking about post-quantum resilience, it's not security - it's theater.

But hey, at least the slide decks look good.