Just heard AOC say:

"If there are no more good people in the world, then I want to be the last one."

I think I'll go to sleep for the night on that one.

New blog/whitepaper release:

Shostack + Associates is pleased to release our latest whitepaper, Understanding the Four Question Framework for Threat Modeling! It’s free as part of our Black Friday sale, and uhhh, because we like sharing knowledge it’ll remain free.

I wrote this paper because someone once called the questions “surprisingly nuanced,” which I thought was kind, and because I saw even collaborators varying the words. And as I write in the introduction:

People commonly make the mistake of rephrasing the questions. They don’t realize that there are reasons to use the specific framework questions. There’s nuance and intent in the questions, which are meant to be answerable in many ways. Rephrasings often lose nuance, flexibility, or both. Further, consistency in how we say things contributes to consistency in how we do them.

If this isn’t more fun than listening to your Uncle Jack expound on football on Thanksgiving, double your money back!

https://shostack.org/whitepapers/?utm_source=mastodon&utm_medium=posts&utm_campaign=four-question-whitepaper&utm_id=4qframe

"On behalf of the WordPress security team, ..." and then many mentions of "fixing a security issue" without specifying what it is. (The patch is, presumably, public since the plugin is OSS and PHP?)

https://wordpress.org/news/2024/10/secure-custom-fields/

I don't have an opinion on the broader Wordpress situation, but seeing a security exception used to wield power in a broader controversy is extremely worrying.

Open source communities trust security teams with exceptional powers, and weakening that trust damages everyone.

Cars are increasingly surveillance systems on wheels. They spy relentlessly not just on the driver --why are people comfortable with this, or do they not know it's happening? -- but also on the surroundings. Tesla is the worst offender as it keeps trying, unsuccessfully, to do self-driving.

If you own one is these, you are helping make the surveillance state much more pervasive.

Congress and state lawmakers obviously are in favor of all this spying, because they do nothing to stop it.

Microsoft will try the data-scraping Windows Recall feature again in October

Initial Recall preview was lambasted for obvious privacy and security failures.

https://arstechnica.com/gadgets/2024/08/microsoft-will-try-the-data-scraping-windows-recall-feature-again-in-october/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

A new report finds Boeing’s rockets are built with an unqualified work force

NASA declines to penalize Boeing for the deficiencies.

https://arstechnica.com/space/2024/08/a-new-report-finds-boeings-rockets-are-built-with-an-unqualified-work-force/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social