Training People on Threat Modeling
Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it.
Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it.
A lot of you have recently asked us about ActiveX controls. Here’s an example of a message you might have seen: What are ActiveX controls? ActiveX controls are small programs, sometimes also called “add-ons,” used on the Internet.
There are good reasons to optimize for different points on that spectrum (of better/faster/cheaper) at different times in different products.
Cookies are small files that Web sites put on your computer hard disk drive when you first visit. Think of a cookie as an identification card that’s uniquely yours. Its job is to notify the site when you’ve returned. Cookies should not be confused with viruses.
Once again, my effort to explore common misperceptions (more recently exploring unpatched statistics) has brought out some of the common objections from those that don’t necessarily like the results.
You’ve probably already read Brian Krebs article A Time to Patch III: Apple, but if you haven’t, I encourage you to read it and read the various responses he received – the responses run the gamut of Linux advocates (“You do understand that Mac OS X is not a version of Linux, and is not