The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those…Read More Carpenter!
For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. If you want to take this as an excuse to civilly discuss the political side of this, please feel free. Seattle has a housing and homelessness crisis. The cost of…Read More Threat Model Thursday: Architectural Review and Threat Modeling
Today’s Threat Model Thursday is a look at “Post-Spectre Threat Model Re-Think,” from a dozen or so folks at Google. As always, I’m looking at this from a perspective of what can we learn and to encourage dialogue around what makes for a good threat model. What are we working on? From the title, I’d…Read More Threat Model Thursday: Chromium Post-Spectre
I have a new essay at Dark Reading, “‘EFAIL’ Is Why We Can’t Have Golden Keys.” It starts: There’s a newly announced set of issues labeled the “EFAIL encryption flaw” that reduces the security of PGP and S/MIME emails. Some of the issues are about HTML email parsing, others are about the use of CBC…Read More ‘EFAIL’ Is Why We Can’t Have Golden Keys
Kevin Ebi captured an amazing set of images of an eagle and a fox fighting over a rabbit. Check them out and read the story at his site.Read More Eagle vs Fox
In “Conway’s Law: does your organization’s structure make software security even harder?,” Steve Lipner mixes history and wisdom: As a result, the developers understood pretty quickly that product security was their job rather than ours. And instead of having twenty or thirty security engineers trying to “inspect (or test) security in” to the code, we…Read More Conway’s Law and Software Security