product management

The Economist reports on the rise of dockless bike sharing systems in China, along with the low tech ways that the system is getting hacked: The dockless system is prone to abuse. Some riders hide the bikes in or near their homes to prevent others from using them. Another trick involves photographing a bike’s QR…

Read More Bicycling and Threat Modeling

Security is hard in the real world. There’s an interesting story on Geekwire, “BMW’s ReachNow investigating cases of cars getting stuck on Washington State Ferries.” The story: a ReachNow customer was forced to spend four hours on the Whidbey Island ferry this weekend because his vehicle’s wheels were locked, making the vehicle immovable unless dragged.…

Read More The Ultimate Stopping Machine?

Threat modeling internet-enabled things is similar to threat modeling other computers, with a few special tensions that come up over and over again. You can start threat modeling IoT with the four question framework: What are you building? What can go wrong? What are you going to do about it? Did we do a good…

Read More Threat Modeling & IoT

There are two great blog posts at Securosis to kick off the new year: Tidal Forces: The Trends Tearing Apart Security As We Know It (Rich Mogull) Network Security in the Cloud Age: Everything Changes (Mike Rothman) Both are deep and important and worth pondering. I want to riff on something that Rich said: On…

Read More 2017 and Tidal Forces

Bruce Schneier comments on “Apple’s Differential Privacy:” So while I applaud Apple for trying to improve privacy within its business models, I would like some more transparency and some more public scrutiny. Do we know enough about what’s being done? No, and my bet is that Apple doesn’t know precisely what they’ll ship, and aren’t…

Read More The Evolution of Apple’s Differential Privacy