Shostack + Friends Blog

 
Mandian Darkside May15 2021

Colonial Pipeline, Darkside and Models

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

 

Pacific Northwest Appsec Conference

AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria.

 
 
 
 
 
 

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling.

 
 
 
groups of children sitting at tables, coloring, in a classroom setting

Can Training Work Remotely?

I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there's a strong expectation that training involves whiteboards...

 
 
a pizza topped with lamb and bitter greens

Passover Pie

For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain.

 
group of professionals reviewing threat model diagrams on window-cling whiteboards in a city office

Threat Modeling Classes

Through the pandemic, I’ve rebuilt the way I teach threat modeling. The new structure and the platforms I needed to adapt for my corporate clients also allows me to offer the courses to the public.

 

Microsoft Autoupdate hangs Excel 16.47.21032301

Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program.