Archive for the “Doing it Differently” category

There’s more than one way to threat model

by adam on April 23, 2014

Today, most presentations on threat modeling talk about each phase of the process. They talk about how to model what you’re building, what can go wrong, and what to do about it. Those tightly coupled processes can be great if (…)

Read the rest of this entry »

The Breach Trilogy: Assume, Confirm, Discuss

by adam on April 22, 2013

We’ve been hearing for several years that we should assume breach. Many people have taken this to heart (although today’s DBIR still says it’s still months to detect those breaches). I’d like to propose (predict?) that breach as a central (…)

Read the rest of this entry »

New York Times gets Pwned, Responds all New School

by adam on January 31, 2013

So there’s a New York Times front page story on how “Hackers in China Attacked The Times for Last 4 Months.” I just listened to the NPR story with Nicole Perlroth, who closed out saying: “Of course, no company wants (…)

Read the rest of this entry »

The High Price of the Silence of Cyberwar

by adam on January 9, 2013

A little ways back, I was arguing [discussing cyberwar] with thegrugq, who said “[Cyberwar] by it’s very nature is defined by acts of espionage, where all sides are motivated to keep incidents secret.” I don’t agree that all sides are (…)

Read the rest of this entry »

Infosec Lessons from Mario Batali’s Kitchen

by adam on December 3, 2012

There was a story recently on NPR about kitchen waste, “No Simple Recipe For Weighing Food Waste At Mario Batali’s Lupa.” Now, normally, you’d think that a story on kitchen waste has nothing to do with information security, and you’d (…)

Read the rest of this entry »

Hoff on AWS

by adam on November 30, 2012

Hoff’s blog post “Why Amazon Web Services (AWS) Is the Best Thing To Happen To Security & Why I Desperately Want It To Succeed” is great on a whole bunch of levels. If you haven’t read it, go do that. (…)

Read the rest of this entry »

Control-Alt-Hack: Now available from Amazon!

by adam on November 22, 2012

Amazon now has copies of Control Alt Hack, the card game that I helped Tammy Denning and Yoshi Kohno create. Complimentary copies for academics and those who won copies at Blackhat are en route. From the website: Control-Alt-Hack™ is a (…)

Read the rest of this entry »

I wish we had their problems

by adam on October 24, 2012

Ben Goldacre talks about how physicians are only getting data on tests that come out positive: I look forward to the day when infosec standards are set based on some tests or evidence, and we have to fight to extract (…)

Read the rest of this entry »

Running a Game at Work

by adam on October 15, 2012

Friday, I had the pleasure of seeing Sebastian Deterding speak on ‘9.5 Theses About Gamification.’ I don’t want to blog his entire talk, but one of his theses relates to “playful reframing”, and I think it says a lot to (…)

Read the rest of this entry »

The Boy Who Cried Cyber Pearl Harbor

by adam on October 12, 2012

There is, yet again, someone in the news talking about a cyber Pearl Harbor. I wanted to offer a few points of perspective. First, on December 6th, 1941, the United States was at peace. There were worries about the future, (…)

Read the rest of this entry »