Security

Post thumbnail

Spudnet is a new game to teach networking and security concepts. The creators were kind enough to send me a pre-production copy, and I can tell you – it looks and feels super solid, and, more importantly, it plays well. The Kickstarter has already met its goals, and while all Kickstarters have risk, the creators…

Read More Enter the SpudNet

Post thumbnail

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success, we’ve already seen publications inspired by it, such as Moving Fast and Breaking Things: How to stop crashing more than twice, and I know there’s more forthcoming. I’m…

Read More Empirical Evaluation of Secure Development Processes

Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure. It’s important…

Read More Medical Device Security Standards

There were widely circulated reports of voice cloning being used in phishing. I’ve been predicting these for a while (Threat modeling in 2018 at Blackhat, 28 minutes in), but Guillaume Ross asked some really good questions about it. A new John Locke manuscript, “The Toleration of Papists” has been discovered and published. (Short analysis in…

Read More Interesting reads

If you needed more reasons to move away from using SMS-based authentication, and treating phone companies as trusted, “AT&T employees took over $1 million in bribes to plant malware and unlock millions of smartphones: DOJ“. Abuse reporting systems are being abused. You need to threat model and play the chess game. “How Flat Earthers Nearly…

Read More Interesting Reads, August 19