Emergent ChaosMy colleague Ellen likes to say that everyone threat models all the time. We all threat model airport security. We all threat model our homes. We think about threats against our assets: our families, our jewelry, and our sentimental and irreplaceable photographs (well, those of us old enough to have photos that never existed in digital form do). We model threats based on architecture: there's a wall here, a picture window there, and an easily climbed tree that we can use when we forget our keys. And we model threats based on attackers. We worry about burglars and kids falling into pools. We also worry about the weather, be it earthquakes, snow, or tornadoes.There's a lot in there talking about how and why some threat modeling methods became "heavy" and what to do about it. Underlying that is the start of a way of thinking about threat modeling as a family of related activities, and some ways of breaking that down. In particular, there's a breakdown into asset-centric, architecture-centric, and attacker-centric threat modeling, which I think is a useful step forward.If I wanted to sound like a management consultant, I'd say you employ a mature, multi-dimensional assessment process, with a heavy reliance on heuristics and low reproducibility across instances. At the same time, it's likely you won't have thought of everything or implemented defenses against every possible attack. It's very unlikely you have a home defense management plan or have ever run a penetration test against your home.
What works for you in threat modeling? What hasn't worked that you needed to replace?
Bookmark this post:
This volume of the SIR focuses on the second half of the 2007 calendar year (from July through December) and builds upon the data published in the previously released volumes of the SIR. Using data derived from several hundred million Windows users, and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in software vulnerability disclosures as well as trends in the malicious and potentially unwanted software landscape, and an update on trends in software vulnerability exploits. The scope of this fourth volume of the report has been expanded to include a focus on privacy and breach notifications, and a look at Microsoft’s work supporting law enforcement agencies worldwide in the fight against cyber criminals. [Emphasis added.]Emergent Chaos readers are unlikely to learn new details in the analysis. What's important to me is that this helps to establish a new normal baseline around the way we're using information that's disclosed and gathered by folks like Attrition.
Bookmark this post:
Kim writes:
I personally think we are just beginning to understand what it would mean if everything we do is both remembered and automatically related to everything else we do. No evil “Dr. No” is necessary to bring this about, although evil actors might accelerate and take advantage of the outcome. Linkage is just a natural tendency of digital reality, similar to entropy in the physical world. When designing phsyical systems a big part of our job is countering entropy. And in the digital sphere, our designs need to counter linkage.This has led me to the idea of the “Need-to-Know Internet”.
...
Our goal is that Minimal Disclosure Tokens will become base features of identity platforms and products, leading to the safest possible intenet. I don’t think the point here is ultimately to make a dollar. It’s about building a system of identity that can withstand the ravages that the Internet will unleash. That will be worth billions.
On a personal level, I'm happy to be working with Stefan again, and look forward to what Microsoft and our customers will be able to achieve with this technology.
Previously on Emergent Chaos:
[Updated with some quotes from Kim.]Bookmark this post:
Unfortunately, there's an assumption held by many in our (IT) community that the road to better security leads to “drinking from the fire hose” – that is to say, employees are rocketed through week long training classes, then drilled and tested on security topics. Without the necessary exposure to secure systems design and concepts, more often than not these classes simply become a blur.Over at the Old New Thing, Raymond Chen has a really interesting post titled "How my lack of understanding of how processes exit on Windows XP forced a security patch to be recalled:"
I was one of the people brought in to study this new behavior, poke holes in its design, poke holes in its implementation, review every line of code that changed and make sure that it did exactly what it was supposed to do without introducing any new bugs along the way. We found some issues, testers found some other issues, and all the while, the clock was ticking since this was a security patch and people enjoy mocking Microsoft over how long it takes to put a security patch together.
Bookmark this post:
El Reg reports that Microsoft claims to be sticking to its timetable for shutting down XP.
No fewer than three people told me yesterday, "This means I have to buy that Mac Book Pro this year. They can't be alone. I have several co-workers running Vista running on laptops, and even without the overhead of a VM, it's slow.
Thus, an investing opportunity presents itself -- buy a number of copies of XP this year, and then resell them at a profit. There are, of course, many risks in this strategy too obvious to name, but hey, money is risk.
If during the holiday shopping season, you see a run on copies of XP, take note.
Bookmark this post:
