Shostack + Friends Blog

Recent Blog Posts, Page 21

Thoughts on the Executive Order

A new article by Steve Bellovin and myself at Lawfare. (07 Jun 2021)

 

Van Buren

The Supreme Court has ruled in the van Buren case, and there's a good summary on the Eff's blog. (04 Jun 2021)

 

Recording Lectures

People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. (01 Jun 2021)

 

Review: Practical Cybersecurity Architecture

Adam Shostack's review of the book Practical Cybersecurity Architecture (26 May 2021)

 

Using Threat Modeling to Improve Compliance (TM Thursday)

Threat model Thursday is not just back, but live again! (20 May 2021)

 

NSF Wants Data on Your Data Needs

The National Science Foundation is looking for information on needs for datasets. (20 May 2021)

 

Colonial Pipeline, Darkside and Models

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside. (15 May 2021)

 

Pacific Northwest Appsec Conference

AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria. (14 May 2021)

 

Tracking Company Says 96% of iPhone Users Block Tracking

So there's some good news and some bad news in this story: 'Too Bad, Zuck: Just 4% of U.S. iPhone Users Let Apps Track Them After iOS Update'. (08 May 2021)

 

Apple Guidance on Intimate Partner Surveillance

Apple has released ‘Device and Data Access when Personal Safety is At Risk’ and I wanted to explore it a bit. (06 May 2021)

 

Threat Model Thursday: Technology Consumers

“It depends on your threat model...” (29 Apr 2021)

 

'Stop Vaccine Finger Wagging'

Just stop. (26 Apr 2021)

 

This time for sure, Pinky!

If everyone agrees on what we should do, why do we seem incapable of doing it? (23 Apr 2021)

 

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling. (22 Apr 2021)

 

Threat Model Thursday: Github's Approach

A bunch of people recently asked me about Robert Reichel’s post 'How We Threat Model,' and I wanted to use it to pick up on Threat Model Thursdays. (16 Apr 2021)