Motherboard, a part of Vice magazine, has published a very good Guide to Not Getting Hacked. It’s also available as a PDF. One of my favorite sections draws from the EFF Threat Modeling page. “Threat modeling” may sound like something a management consultant would explain to you with 19 PowerPoint slides for only $45,000. But it really just consists of considering these five questions: What do I want to protect? Who do I want to protect it from? How bad are the consequences … Continue reading “A Modeling Job for You”
Internet of Crap
Welcome to the wonderful world of the Internet of Things. You’ve probably seen this term in the news a bit lately. Perhaps you read about it in connection with a massive botnet called Mirai, or it’s even more potent descendant, IoT_reaper. The term Internet of Things (IoT), refers to items – other than computers, tablets or mobile phones – that are connected to the Internet and communicate back to their manufacturers or distributors. A prime example of this is, printers … Continue reading “Internet of Crap”
Time to Go!
Where? To the Rochester Security Summit of course! It kicks off tomorrow for two days of security geeking-out. I am looking forward to it plenty. My talk is on Friday at 2PM about full and responsible disclosure of bugs, bug bounties and so on. This weekend I will make a post here, covering that topic.
3-2-1 Backup
Backup is the most basic information security measure. Whatever else happens, your worst-case, baseline fall back is: restore from a backup and get back to work. So you always want to make sure your backups are rock-solid. A rule of thumb for how to ensure that is easily remembered as, 3-2-1. 3-2-1 backup means that you should: Have 3 copies of your data (minimum) Keep backups on at least 2 different media Store at least 1 backup offsite So you … Continue reading “3-2-1 Backup”
Death and Taxes
Death and Taxes. With enough lawyers you can avoid most of the taxes, but as sure as I am typing these words, and you are reading them, every one of us is going to die[*]. While we each have a will to cover our possessions and assets, how many of us include in that document what to do about digital assets? More to the point – if someone dies and leaves no will, the law is reasonably straightforward about what … Continue reading “Death and Taxes”
The Most Basic of Basics
There are three elements of safer computing: Confidentiality — keeping what must be private, private Integrity — making sure no changes are made without your authorization Availability — making sure you can get to everything you rightly should be able to Everything I am going to suggest to you in these pages supports at least one of these elements. There are a lot of things to talk about, and some of them need a pretty detailed discussion. But to begin, … Continue reading “The Most Basic of Basics”
Safer Computing
I call this blog “Safer Computing” because I want to evoke some of the same ideas we think about when we talk about “safer sex.” We know sex with others can’t ever be 100% absolutely safe. So we are being clear-eyed about those risks when we intelligently reduce them until the benefits outweigh the risks. Computers were originally conceived to be super-calculators. Even the so-called “killer app”, the one that caused the IBM-PC to explode in popularity in the ’80s, … Continue reading “Safer Computing”