What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-11-14 11:39:45 | Microsoft\'s PCI Blueprint (lien direct) | http://aka.ms/pciblueprint is a fascinating collection of security documents for PCI compliance. They’re designed to cut the cost of building a secure infrastructure by providing a design pattern and details. | |||
|
2017-11-11 01:02:21 | Is that how you think of it now, Microsoft? (lien direct) | You know, I left, and now look what Word wants to suggest.. | |||
|
2017-11-08 16:24:07 | The Fights We Have to Fight: Fixing Bugs (lien direct) | One of the recurring lessons from Petroski is how great engineers overcome not only the challenges of physical engineering: calculating loads, determining build orders, but they also overcome the real world challenges to their ideas, including financial and political ones. For example: Many a wonderful concept, beautifully drawn by an inspired structural artist, has never … Continue reading "The Fights We Have to Fight: Fixing Bugs" | |||
|
2017-11-05 21:34:24 | Data Flow Diagrams 3.0 (lien direct) | In the Brakesec podcast, I used a new analogy for why we need to name our work. When we talk about cooking, we have very specific recipes that we talk about: Julia Child’s beef bourguignon. Paul Prudhomme’s blackened fish. We hope that new cooks will follow the recipes until they get a feel for them, … Continue reading "Data Flow Diagrams 3.0" | |||
|
2017-11-02 15:13:02 | Why is “Reply†Not the Strongest Signal? (lien direct) | So apparently my “friends” at outlook.com are marking my email as junk today, with no explanation. They’re doing this to people who have sent me dozens of emails over the course of months or years. Why does no spam filter seem to take repeated conversational turns into account? Is there a stronger signal that I … Continue reading "Why is “Reply” Not the Strongest Signal?" | |||
|
2017-10-29 21:12:55 | Emergent Design Issues (lien direct) | It seems like these days, we want to talk about everything in security as if it’s a vulnerability. For example: German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the … Continue reading "Emergent Design Issues" | |||
|
2017-10-23 12:34:42 | 20 Year Software: Engineering and Updates (lien direct) | Twenty years ago, Windows 95 was the most common operating system. Yahoo and Altavista were our gateways to the internet. Steve Jobs just returned to Apple. Google didn’t exist yet. America Online had just launched their Instant Messenger. IPv6 was coming soon. That’s part of the state of software in 1997, twenty years ago. We … Continue reading "20 Year Software: Engineering and Updates" | Yahoo | ||
|
2017-10-20 07:01:04 | Threat Modeling “App Democracy†(lien direct) | “Direct Republican Democracy?” is a fascinating post at Prawfsblog, a collective of law professors. In it, Michael T. Morley describes a candidate for Boulder City Council with a plan to vote “the way voters tell him,” and discusses how that might not be really representative of what people want, and how it differs from (small-r) … Continue reading "Threat Modeling “App Democracy”" | |||
|
2017-10-15 09:00:00 | Building an Application Security Team (lien direct) | The Application Security Engineer role is in demand nowadays. Many job offers are available, but actual candidates are scarce. Why is that? It’s not an easy task as the level of skills needed is both to be broad and specialized at the same time. Most of the offers are about one person, one unicorn that … Continue reading "Building an Application Security Team" | |||
|
2017-10-11 16:33:38 | Worthwhile books, Q3 (lien direct) | Some of what I’ve read over the past quarter, and want to recommend each of the books below as worthy of your time. Cyber The Internet of Risky Things, Sean Smith. This was a surprisingly good short read. What I gained was an organized way of thinking and a nice reference for thinking through the … Continue reading "Worthwhile books, Q3" | |||
|
2017-10-07 16:57:06 | Emergent Musical Chaos (lien direct) | The New York Times reports on how many of Alan Lomax’s recordings are now online, “The Unfinished Work of Alan Lomax's Global Jukebox.” This is a very interesting and important archive of musical and cultural heritage. The Global Jukebox. I was going to say that Lomax and Harry Smith were parallel, and that the Anthology … Continue reading "Emergent Musical Chaos" | Heritage | ||
|
2017-09-26 18:42:47 | It\'s Not The Crime, It\'s The Coverup or the Chaos (lien direct) | Well, Richard Smith has “resigned” from Equifax. The CEO being fired is a rare outcome of a breach, and so I want to discuss what’s going on and put it into context, which includes the failures at DHS, and Deloitte breach. Also, I aim to follow the advice to praise specifically and criticize in general, … Continue reading "It’s Not The Crime, It’s The Coverup or the Chaos" | Equifax Deloitte | ||
|
2017-09-22 15:00:54 | Parroting Bad Security Advice (lien direct) | A PARROT has become the latest voice to fool Amazon’s Alexa voice assistant after ordering gift boxes using an Amazon Echo. Buddy the African Grey Parrot, mimicked his owner’s voice so convincingly that her Amazon Echo accepted the order for six gift boxes. (“ Parrot mimics owner to make purchases using Amazon Echo.”) … As … Continue reading "Parroting Bad Security Advice" | |||
|
2017-09-20 15:38:30 | “The Readability Of Scientific Texts Is Decreasing Over Time†(lien direct) | There’s an interesting new paper at bioRXiv, “The Readability Of Scientific Texts Is Decreasing Over Time.” Lower readability is also a problem for specialists (22, 23, 24). This was explicitly shown by Hartley (22) who demonstrated that rewriting scientific abstracts, to improve their readability, increased academics' ability to comprehend them. While science is complex, and … Continue reading "“The Readability Of Scientific Texts Is Decreasing Over Time”" | |||
|
2017-09-18 15:36:07 | Threat Modeling and Architecture (lien direct) | “Threat Modeling and Architecture” is the latest in a series at Infosec Insider. After I wrote my last article on Rolling out a Threat Modeling Program, Shawn Chowdhury asked (on Linkedin) for more informatioin on involving threat modeling in the architecture process. It's a great question, except it involves the words “threat, “modeling,†and “architecture.†… Continue reading "Threat Modeling and Architecture" | |||
|
2017-09-14 23:48:52 | Threat Modeling Training (London!) (lien direct) | Allow me to mention that there are still seats available at my training session in London 16-17 October, in cooperation with DevSecCon! Usually, I do training for an organization, so this is your only chance this year to book a single seat. | |||
|
2017-09-13 14:36:01 | Pie Charts, or this could be hell (lien direct) | (Via Davide Mancino) | |||
|
2017-09-07 22:07:58 | Breach Vouchers & Equifax (lien direct) | [Saturday, September 16th is the latest of 4 updates.] When I wrote “The Breach Response Market Is Broken,” I didn’t expect one of the players to validate everything I had to say. What I said was that the very act of firms contracting with breach response services inhibit the creation of a market for breach … Continue reading "Breach Vouchers & Equifax" | Equifax | ||
|
2017-09-07 15:42:32 | Open for Business (lien direct) | Recently, I was talking to a friend who wasn’t aware that I’m consulting, and so I wanted to share a bit about my new life, consulting! I'm consulting for companies of all sizes and in many sectors. The services I'm providing include threat modeling training, engineering and strategy work, often around risk analysis or product … Continue reading "Open for Business" | |||
|
2017-09-01 03:09:18 | Star Wars, Star Trek and Getting Root on a Star Ship (lien direct) | It’s time for some Friday Star Wars blogging! Reverend Robert Ballecer, SJ tweeted: “as a child I learned a few switches & 4 numbers gives you remote code ex on a 23rd century starship.” I responded, asking “When attackers are on the bridge and can flip switches, how long a password do you think is … Continue reading "Star Wars, Star Trek and Getting Root on a Star Ship" | |||
|
2017-08-29 18:50:06 | Organizing threat modeling magic (lien direct) | I was inspired to develop and share my thoughts after Adam’s previous post (magical approaches to threat modeling) regarding selection of the threats and predictions. Since a 140 characters limit quickly annoys me, Adam gave me an opportunity to contribute on his blog, thanks to him I can now explain how I believe in magic … Continue reading "Organizing threat modeling magic" | |||
|
2017-08-25 15:28:46 | Babylonian Triginometry (lien direct) | a fresh look at a 3700-year-old clay tablet suggests that Babylonian mathematicians not only developed the first trig table, beating the Greeks to the punch by more than 1000 years, but that they also figured out an entirely new way to look at the subject. However, other experts on the clay tablet, known as Plimpton … Continue reading "Babylonian Triginometry" | |||
|
2017-08-17 15:14:25 | Celebrating Alt-Left Lawlessness (lien direct) | Lately, I’ve tried to stay away from the tire fire that American politics has become. I’m reasonably certain that I have more to contribute in other areas. But when the President tries to equivocate between those waving the Nazi flag and those protesting against them, we need to speak about what’s acceptable. It ought to … Continue reading "Celebrating Alt-Left Lawlessness" | |||
|
2017-08-16 15:43:57 | Amicus brief in “Carpenter†Supreme Court Case (lien direct) | “In an amicus brief filed in the U.S. Supreme Court, leading technology experts represented by the Knight First Amendment Institute at Columbia University argue that the Fourth Amendment should be understood to prohibit the government from accessing location data tracked by cell phone providers - “cell site location information†- without a warrant.” For more, … Continue reading "Amicus brief in “Carpenter” Supreme Court Case" | Guideline | ||
|
2017-08-15 15:00:55 | Learning From npm\'s Rough Few Months (lien direct) | The node package manager (npm) is having a bad few months. Let's look at what we can do, what other package managers should do and what we can learn at a policy level, particularly in the U.S. framing of “critical infrastructure.†People in security who remain focused on the IT side of the house, rather … Continue reading "Learning From npm’s Rough Few Months" |
To see everything:
Our RSS (filtrered)
