There’s a lot of threat modeling content here at AppSec Cali, and sadly, I’m only here today. Jonathan Marcil has been a guest here on Adam & friends, and today is talking about his toolkit: data flow diagrams and attack trees. His world is very time constrained, and it’s standing room only. Threat modeling is…
Read More Jonathan Marcil’s Threat Modeling Toolkit talk
I’m at the OWASP AppSec Cali event, and while there’s now there’ll be video, I’m taking notes: Context for the talk What fails during the development process? Incomplete requirements, non-secure design, lack of security mindset, leaky development These failures are threats which can be mitigated. (eg, compliance and risk requirements address incomplete requirements) We keep…
Read More AppSec Cali 2018: Izar Tarandach
What’s more primordial than fire? It’s easy to think that fire is a static threat, and defenses against it can be static. So it was surprising to see that changes in home design and contents are leading to fires spread much faster, and that the Canadian Commission on Building and Fire Codes is considering mandates for home sprinklers.
The CBC’s “Rise in fast-burning house fires heats up calls for sprinklers in homes” has a good discussion of the changing threat, the costs of mitigation, and the tradeoffs entailed. ∞
In a memo issued Jan. 4 and rescinded about an hour later, Deputy Defense Secretary Pat Shanahan announced a new “Central Cloud Computing Program Office” — or “C3PO” — to “acquire the Joint Enterprise Defense Infrastructure (JEDI) Cloud.”
“C3PO is authorized to obligate funds as necessary in support of the JEDI Cloud,” Shanahan, a former Boeing Co. executive, wrote, managing to get a beloved droid from the space-themed movies and an equally popular fictional order of warriors into what otherwise would be a routine message in the Pentagon bureaucracy.
The memo was recalled because “it was issued in error,” according to Shanahan’s spokesman, Navy Captain Jeff Davis.
Thanks to MC for the story.
[Updated with a leaked copy of the response from Imperial Security.] To: Grand Moff Tarkin Re: “The Pentesters Strike Back” memo Classification: Imperial Secret/Attorney Directed Work Product Sir, We have received and analyzed the “Pentesters Strike Back” video, created by Kessel Cyber Security Consulting, in support of their report 05.25.1977. This memo analyzes the video,…
Read More Pen Testing The Empire