Shostack + Friends Blog


Posts in category "usability"

person creating smoke with handheld device

Threat Model Thursday: Technology Consumers

There's an interesting paper by Becky Kazansky, "It depends on your threat model": the anticipatory dimensions of resistance to data-driven surveillance. The author critiques 'anticipatory data practices', a collection of techniques that include my own work, as presented to civil society activists. It opens "While many forms of data-driven surveillance are now a ‘fact’ of contemporary life amidst datafication, obtaining concrete knowledge of how different institutions exploit data presents an ongoing challenge, requiring the expertise and power to untangle increasingly complex and opaque technological and institutional arrangements."

adult male teaching young child to fish at the beach

Better Taught Than Caught!

Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means.


Passwords Advice

Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4.