Apple has released (or I’ve just come across) a document Device and Data Access when Personal Safety is At Risk. Apple makes it easy to connect and share your life with the people closest to you. What you share, and whom you share it with, is up to you — including the decision to make…Read More Apple Guidance on Intimate Partner Surveillance
There’s an interesting paper by Becky Kazansky, ‘It depends on your threat model’: the anticipatory dimensions of resistance to data-driven surveillance. The author critiques ‘anticipatory data practices’, a collection of techniques that include my own work, as presented to civil society activists. It opens “While many forms of data-driven surveillance are now a ‘fact’ of…Read More Threat Model Thursday: Technology Consumers
The U.S. political divide on whether to get the coronavirus vaccine suggests that “maybe there’s been too much finger wagging,” said the head of the National Institutes of Health. “I’ve done some of that; I’m going to try to stop and listen, in fact, to what people’s specific questions are,” NIH Director Francis Collins said…Read More “Stop Vaccine Finger Wagging”
If everyone agrees on what we should do, why do we seem incapable of doing it? Alternately, if we are doing what we have been told to do, and have not reduced the risks we face, are we asking people to do the wrong things? Read Mike Tanji’s full article, From Solar Sunrise to Solar…Read More This time for sure, Pinky!
There’s a new report out from the UK Government, The UK Code of Practice for Consumer IoT Security. One of the elements I want to draw attention to is: The use of IoT devices by perpetrators of domestic abuse is a pressing and deeply concerning problem that is largely hidden from view. Collecting data (and…Read More IoT Security & Threat Modeling
A bunch of people recently asked me about Robert Reichel’s post “How We Threat Model,” and I wanted to use it to pick up on Threat Model Thursdays, where I talk about process and practices. My goal is always to build, and sometimes that involves criticism. So let me start by saying I like the…Read More Thursday Threat Model: Github’s Approach
On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going…Read More The Updates Must Go Through
This is the second month running that MSAU2 on my Mac has gone haywire. Please fix it.Read More Dear Microsoft: Please fix MAU
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there’s a strong expectation that training involves whiteboards. (I remember one course in particular, about 15 minutes in, the buyer said: “Let’s get to the whiteboards already!”) And there’s no doubt: people learn by doing.…Read More Can Training Work Remotely?
I’ve talked about our new training, and I want to provide a little behind the scenes view. I regularly talk with folks who’ve gone through the pain of developing their own training, or worse, put others through the pain of their alpha-version training, and then paid the price in having to convince people to give…Read More Behind the Scenes: Training Development