Heriot-Watt University in Scotland is hosting a “Workshop on Serious Games for Cyber Security,” May 21-22.
Bruce Schneier and I wrote an article on Facebook’s privacy changes: “A New Privacy Constitution for Facebook.”
“Making the Case for a Cybersecurity Moon Shot” is my latest, over at Dark Reading.
“There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.”
I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “Anticipating Failure through Threat Modeling w/ Adam Shostack.”
This is a really interesting post* about how many simple solutions to border security fail in the real world.
- Not everywhere has the infrastructure necessary to upload large datasets to the cloud
- Most cloud providers are in not-great jurisdictions for some threat models.
- Lying to border authorities, even by omission, ends badly.
Fact is, the majority of “but why don’t you just…” solutions in this space either require lying, reliance on infrastructure that may be non-existent or jurisdictionally compromised, or fails openly.
The “post” was originally a long Twitter thread, which is archived, for the moment, at ThreadReader App, which is a far, far better UI than Twitter.
I’m excited to be able to share “Announcement: IriusRisk Threat Modeling Platform 2.0 Released.”
If you’re looking to scale your enterprise threat modeling program, this is worth a look.
Lance Cottrell has a blog “The Why and How of High ROI Security Advisory Boards” over at the Ntrepid blog.
I’m pleased to be a part of the board he’s discussing, and will quibble slightly — I don’t think it’s easy to maximize the value of the board. It’s taken effort on the part of both Ntrepid staff and executives and also the board, and the result is clearly high value.
Thanks to the kind folks Digital Guardian for including my threat modeling book in their list of “The Best Resources for InfoSec Skillbuilding.”
It’s particularly gratifying to see that the work is standing the test of time.
- A remote Hawaiian island, East Island, was destroyed by Hurricane Walaka. East Island was 11 acres. It was also a key refuge for turtles and seals. Read more in The Guardian.
- Maersk has sent a ship, the Venta Maersk, through the Northern Passage. The journey and its significance were outlined by the Washington Post, with predictions of 23 days (versus 34 to sail via Suez). In reality, it took 37 days, according to the press release, “without incident.” The idea that there’s a sailable Northern Passage is astounding, even if a first sailing took longer than expected.
There’s an interesting article in the CBC, where journalists took a set of flights, swabbed surfaces, and worked with a microbiologist to culture their samples.
What they found will shock you!
Well, airplanes are filthy. Not really shocking. What was surprising to me was that the dirtiest of the surfaces they tested was the headrest. (They did not test the armrests.) Also, the seat pocket is a nice incubator and rarely cleaned. Not all that surprising, but I hadn’t considered it.