Adam Shostack  

@[email protected]
4.3K Followers
686 Following
12K Posts

Author, game designer, technologist, teacher.

Helped to create the CVE and many other things. Fixed autorun for XP. On Blackhat Review board.

Books include Threats: What Every Engineer Should Learn from Star Wars (2023), Threat Modeling: Designing for Security, and The New School of Information Security.

Following back if you have content.

Websitehttps://shostack.org
Latest bookhttps://threatsbook.com
Opsec statusCurrently clean
Youtubehttps://youtube.com/shostack
Show threadAdam Shostack  11h ago

Lastly, what does this even mean?

Don't let your reviewing work go unnoticed! Researchers the world over use Web of Science to effortlessly track their valuable peer review contributions for any journal. If you opt in, your Web of Science profile will automatically be updated to show a verified record of this review in full compliance with the journal's review policy. If you don't have a Web of Science profile, you will be prompted to create a free account.Learn more about Web of Science

If I click yes, am I de-anonymizing my anonymous review? That seems like an incredibly obvious question, but no one here has ever bothered to think about it, because the answer is also not in the 🤯 FAQ.

(And yes, maybe the answer varies. #include a different goddamned HTML block based on journal configuration.)

Show threadAdam Shostack  11h ago

I've asked the editors for a cut of the APC for the time IEEE has wasted on their software, rather than the public service of reviewing.

Btw if I get any money I’ll donate it to my University. It’s not about the money: it’s about allocating cost to the folks who try to save a few bucks by imposing bad software on others.

Adam Shostack  11h ago

It's absolutely mind-blowing how badly #ieee Manuscript Central treats people.

It lost my password — I know this because I keep it in a password manager, and used it just last week for #academic service reviewing papers.

Today, it wouldn't let me login, and when I finally (after 4 attempts) was able to use the 🤯 code they sent, they had destroyed my profile, with all the private information like what university I'm affiliated with and what subjects I'll review for, and I still can't get to the   file for review.

Oh,a and you want support? That's available...

Available Live Chat Hours: Monday to Thursday 8:30 AM to 10:30 AM EST (New York Time)
(https://mc.manuscriptcentral.com/sp-cs)

Adam Shostack  12h ago
Andrew Kalat12h ago
Sometimes I think a lot of the most well known “thought leaders” in the security industry are more performers than practitioners.
Adam Shostack  14h ago
Paul Cantrell14h ago

RE: https://newsie.social/@servelan/116756562824636737

Ditch Chrome. Ditch it yesterday. It’s already 50% hostile surveillance machine, but that’s soon going to be 100%.

Vivaldi is a fine near-drop-in replacement if you want maximum compatibility. It’s what I use for G-Suite stuff whenever I have to use it.

Waterfox is a Firefox fork that strips out the AI nonsense features. I’ve been happy with it.

Firefox itself has problematic leadership these days, but is still better than Chrome.

Safari on Mac (my daily driver) is a lovely browser, lean and blazing fast compared to Chrome, and great privacy features — though it’s still Big Tech if that’s a problem for you.

In short, you have choices!

Adam Shostack  14h ago
Show threadAlexander Bochmann14h ago
@gregeganSF Open the topmost post and then click on the "show less / more for all" eye symbol above to the right.
Adam Shostack  14h ago
Greg Egan14h ago
If someone posts on Mastodon with a content warning, which continues to apply to a long thread of replies, is there any way to read the whole thread without having to click “Show more” on every single reply in the thread? [Using desktop browser]
Adam Shostack  15h ago
Sam Bowne 15h ago
Users cry foul after AMD stripped memory crypto from its consumer CPUs - Ars Technica https://arstechnica.com/security/2026/06/users-cry-foul-after-amd-stripped-memory-crypto-from-its-consumer-cpus/
Users cry foul after AMD stripped memory crypto from its consumer CPUs

AMD's stripping of TSME from consumer CPUs appears to be a deliberate, covert move.

Ars Technica
Adam Shostack  16h ago
Eric22h ago
Here's some thoughts and feelings about needing to vibe code to do accessibility design work. https://ericwbailey.website/published/the-case-for-an-accessibility-designer-vibe-coding-when-all-his-coworkers-are-also-vibe-coding/
The case for an accessibility designer vibe coding when all his coworkers are also vibe coding

Am I letting my own personal beliefs and biases affect the outcome I ultimately want?.

Adam Shostack  20h ago

I’m glad we’re pushing kids back to BBSes. They were great!

(Also: apparently you can still buy modems! https://a.co/d/0hgppSEz)

Amazon.com: USB 56K External Dial Up Fax Data Modem Windows 10/8 / 7 / XP/Vista : Electronics

Buy USB 56K External Dial Up Fax Data Modem Windows 10/8 / 7 / XP/Vista: Modems - Amazon.com âś“ FREE DELIVERY possible on eligible purchases