Collaborate Disseminate
I want to protect myself from fraud and identity theft.
While there are on the Internet plenty of arbitrary collections of precautionary tips, I want to make rational, fully informed choices to manage the risk that I suffer … Continue reading Modeling and managing attack surface around individual finance [on hold]
Thought experiment: You need to upload a file, and the threat model is the entire world trying to find out who you are after you do so.
I know this is absurd, but bear with me, it’s a thought experiment, where the scenario i… Continue reading Could you anonymously upload a file on the internet if the threat model was the entire world trying to find your identity after you do so? [on hold]
I am trying to figure out how to detect potential threats from malwares in various systems installed in the airport.
To be specific, my focus is on the following systems in airports:
Baggage Handling System (BHS)
X-ray mac… Continue reading Malware Threat Hunting in Airport Systems – KPIs/Metrics to Track [on hold]
A while back I went to a threat modelling workshop that had a card deck with various actors, their motivations, and their methods.
I found this extremely helpful to frame the discussion around the probability / motivation … Continue reading Threat modelling workshop materials focusing on threat actor profiles [on hold]
I’m trying to find a good site or DB where you can find threat groups based on industry.
Ex: Search for retail and it pulls up ATP1, ATP87, ATP43, etc.
I’ve found SOME sites like mitre attack, fire eye, but none of them all… Continue reading Find ATP Groups based on industry
Cyber Security Threats
The post Cyber Security Threats – Paul Claxton – ESW #156 appeared first on Security Weekly. Continue reading Cyber Security Threats – Paul Claxton – ESW #156
Security experts are constantly discouraging users from using SMS-based 2FA systems, usually because of worries the auth code could be intercepted by an attacker, either through a SIM swap or a MitM attack.
The problem I see… Continue reading Should the average user with no special access rights be worried about SMS-based 2FA being theoretically interceptable?
Coresecurity, Endgame, & Edgewise
The post Coresecurity, Endgame, & Edgewise – ESW #150 appeared first on Security Weekly. Continue reading Coresecurity, Endgame, & Edgewise – ESW #150
Isaiah Sarju is a Co-Owner of Revis Solutions
Permalink
The post OWASP Appsec Tel Aviv 2019, Isaiah Sarju’s ‘How Online Dating Made Me Better At Threat Modeling’ appeared first on Security Boulevard.
Continue reading OWASP Appsec Tel Aviv 2019, Isaiah Sarju’s ‘How Online Dating Made Me Better At Threat Modeling’
CRC Values on Logic Board that are Genuine? Abort, Retry Fail, Ignore? CRC Values on these Boards… Can they Bet modified internationally? What do you think?