On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going…Read More The Updates Must Go Through
This is the second month running that MSAU2 on my Mac has gone haywire. Please fix it.Read More Dear Microsoft: Please fix MAU
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there’s a strong expectation that training involves whiteboards. (I remember one course in particular, about 15 minutes in, the buyer said: “Let’s get to the whiteboards already!”) And there’s no doubt: people learn by doing.…Read More Can Training Work Remotely?
I’ve talked about our new training, and I want to provide a little behind the scenes view. I regularly talk with folks who’ve gone through the pain of developing their own training, or worse, put others through the pain of their alpha-version training, and then paid the price in having to convince people to give…Read More Behind the Scenes: Training Development
For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain. A few years ago, Seattle Food Geek wrote about a No-Yeast, No-Rise, Champagne Pizza Dough. It makes use of an encapsulated leavener called WRISE. I had a sample of the…Read More Passover Pie
I have been lucky through these unprecendented and challenging times, and I’m grateful to have avoided many of the awful problems that others have faced. In my own little way, I spent a lot of time worried that delivering threat modeling training was only possible with us in the same room together. Through the pandemic,…Read More Threat Modeling Classes
There’s lots of fascinating details in The Ship Blocking the Suez Canal Could Take Weeks to Remove at Interesting Engineering. Two tidbits: first, the denial of service is blocking $9.6 billion dollars a day of cargo, but the eventual cost may be lower. Second, Egypt didn’t outlaw slavery until 1863. (Happy Passover, everyone!) This CNBC…Read More Ever Given & Suez
Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program. That’s probably a good thing, overall. There’s plenty of evidence that update failures leave folks vulnerable. Note that I’m saying “update failures,” rather…Read More Microsoft Autoupdate hangs Excel 16.47.21032301
This is a really encouraging set of trends that Sandy Carielli reports on: My latest report, “The State Of Application Security, 2021,” draws heavily from that security survey mentioned above, and by far the most encouraging piece of data I share in the report is about how security pros are prioritizing application security. When asked…Read More Mmmm, Pandemic Puppies
For pi day, we celebrated with a set of pies – a British style bacon and liver pie, a chicken pot pie, and a cherry pie. The bacon and liver pie, with roasted carrot and shallot, was intended as a joke and came out well enough that we’ll make it again. The cherry pie, with…Read More Happy (Belated) Pi Day!