2021

On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going…

Read More The Updates Must Go Through

Post thumbnail

I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there’s a strong expectation that training involves whiteboards. (I remember one course in particular, about 15 minutes in, the buyer said: “Let’s get to the whiteboards already!”) And there’s no doubt: people learn by doing.…

Read More Can Training Work Remotely?

Post thumbnail

For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain. A few years ago, Seattle Food Geek wrote about a No-Yeast, No-Rise, Champagne Pizza Dough. It makes use of an encapsulated leavener called WRISE. I had a sample of the…

Read More Passover Pie

Post thumbnail

I have been lucky through these unprecendented and challenging times, and I’m grateful to have avoided many of the awful problems that others have faced. In my own little way, I spent a lot of time worried that delivering threat modeling training was only possible with us in the same room together. Through the pandemic,…

Read More Threat Modeling Classes

This is a really encouraging set of trends that Sandy Carielli reports on: My latest report, “The State Of Application Security, 2021,” draws heavily from that security survey mentioned above, and by far the most encouraging piece of data I share in the report is about how security pros are prioritizing application security. When asked…

Read More Mmmm, Pandemic Puppies