Shostack + Friends Blog

Posts in category "breach analysis"

File folders with the focus on one labeled Assets

The Asset Trap

As we look at what's happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling. (16 Dec 2020)

Fireeye Hack & Culture

Thoughts on the recent Fireeye Hack and the culture surrounding breaches (09 Dec 2020)

The Uber CSO indictment

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment (28 Aug 2020)

Threat Research: More Like This

I want to call out some impressive aspects of a report by Proofpoint. (14 Jun 2020)

How Are Computers Compromised (2020 Edition)

Understanding the way intrusions really happen is a long-standing interest of mine. (20 May 2020)

Actionable Followups from the Capital One Breach

What have we learned and what steps can we take? (30 Jul 2019)

DNS Security

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. (13 Jun 2019)

Cover of House Oversight Committee report

House Oversight Committee on Equifax

The House Oversight Committee has released a scathing report on Equifax... (11 Dec 2018)

GAO Report on Equifax

I still have questions... (12 Oct 2018)

It's Not The Crime, It's The Coverup or the Chaos

[no description provided] (26 Sep 2017)

Breach Vouchers & Equifax 2017 Breach Links

[no description provided] (07 Sep 2017)

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.