Posted on 2017-11-192017-11-25Categories Basics

A Modeling Job for You

Motherboard, a part of Vice magazine, has published a very good Guide to Not Getting Hacked.  It’s also available as a PDF. One of my favorite sections draws from the EFF Threat Modeling page.  “Threat modeling” may sound like something a management consultant would explain to you with 19 PowerPoint slides for only $45,000.  But it really just consists of considering these five questions: What do I want to protect? Who do I want to protect it from? How bad are the consequences … Continue reading “A Modeling Job for You”

Posted on 2017-11-01Categories Basics, Vulnerabilities 2 Comments on Internet of Crap

Internet of Crap

Welcome to the wonderful world of the Internet of Things. You’ve probably seen this term in the news a bit lately. Perhaps you read about it in connection with a massive botnet called Mirai, or it’s even more potent descendant, IoT_reaper. The term Internet of Things (IoT), refers to items – other than computers, tablets or mobile phones – that are connected to the Internet and communicate back to their manufacturers or distributors. A prime example of this is, printers … Continue reading “Internet of Crap”

Posted on 2017-10-18Categories Basics 2 Comments on Time to Go!

Time to Go!

Where?  To the Rochester Security Summit of course! It kicks off tomorrow for two days of security geeking-out.  I am looking forward to it plenty.  My talk is on Friday at 2PM about full and responsible disclosure of bugs, bug bounties and so on. This weekend I will make a post here, covering that topic.

Posted on 2017-09-272017-11-18Categories Basics 2 Comments on 3-2-1 Backup

3-2-1 Backup

Backup is the most basic information security measure.  Whatever else happens, your worst-case, baseline fall back is: restore from a backup and get back to work.  So you always want to make sure your backups are rock-solid.  A rule of thumb for how to ensure that is easily remembered as, 3-2-1. 3-2-1 backup means that you should: Have 3 copies of your data (minimum) Keep backups on at least 2 different media Store at least 1 backup offsite So you … Continue reading “3-2-1 Backup”

Posted on 2017-09-13Categories Basics, Privacy 1 Comment on Death and Taxes

Death and Taxes

Death and Taxes. With enough lawyers you can avoid most of the taxes, but as sure as I am typing these words, and you are reading them, every one of us is going to die[*]. While we each have a will to cover our possessions and assets, how many of us include in that document what to do about digital assets? More to the point – if someone dies and leaves no will, the law is reasonably straightforward about what … Continue reading “Death and Taxes”

Posted on 2017-08-292017-09-01Categories Basics 2 Comments on The Most Basic of Basics

The Most Basic of Basics

There are three elements of safer computing: Confidentiality — keeping what must be private, private Integrity — making sure no changes are made without your authorization Availability — making sure you can get to everything you rightly should be able to Everything I am going to suggest to you in these pages supports at least one of these elements. There are a lot of things to talk about, and some of them need a pretty detailed discussion. But to begin, … Continue reading “The Most Basic of Basics”

Posted on 2017-08-272017-09-01Categories Basics

Safer Computing

I call this blog “Safer Computing” because I want to evoke some of the same ideas we think about when we talk about “safer sex.” We know sex with others can’t ever be 100% absolutely safe. So we are being clear-eyed about those risks when we intelligently reduce them until the benefits outweigh the risks. Computers were originally conceived to be super-calculators. Even the so-called “killer app”, the one that caused the IBM-PC to explode in popularity in the ’80s, … Continue reading “Safer Computing”