Paco Hope #resist<p>I have seen a lot of efforts to use an <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> to create a <a href="https://infosec.exchange/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModel</span></a>. I have some insights. </p><p>Attempts at <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> tend to do 3 things wrong:</p><ol><li>They assume that the user's input is both complete and correct. The LLM (in the implementations I've seen) never questions "are you sure?" and it never prompts the user like "you haven't told me X, what about X?"</li><li>Lots of teams treat a threat model as a deliverable. Like we go build our code, get ready to ship, and then "oh, shit! Security wants a threat model. Quick, go make one." So it's not this thing that informs any development choices <em>during development</em>. It's an afterthought that gets built just prior to <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> review.</li><li>Lots of people think you can do an adequate threat model with only technical artifacts (code, architectuer, data flow, documentation, etc.). There's business context that needs to be part of every decision, and teams are just ignoring that.</li></ol><p>1/n</p>
Recent searches
No recent searches
Search options
Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.
Administered by:
Server stats:
63active users
lingo.lol: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#threatmodeling
0 posts · 0 participants · 0 posts today
OWASP Foundation<p>Get pumped for <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> EU in May! Enhance your experience by becoming a Mentor and building lasting connections while assisting others on their journey! Don't miss out, sign up here: <a href="https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.wufoo.com/forms/zk2cdkr1</span><span class="invisible">qla6o8/</span></a> 🚀 <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Barcelona</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
GeneralX ⏯️<p>"The Signals Network (TSN) and the Reynolds Journalism Institute (RJI) are launching comprehensive training for journalists working with sensitive sources.</p><p>The training modules will live permanently on TSN’s website and be free to access."</p><p><a href="https://rjionline.org/news/protecting-the-protectors/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">rjionline.org/news/protecting-</span><span class="invisible">the-protectors/</span></a><br><a href="https://freeradical.zone/tags/journalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>journalism</span></a> <a href="https://freeradical.zone/tags/whistleblowers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>whistleblowers</span></a> <a href="https://freeradical.zone/tags/digitalsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>digitalsecurity</span></a> <a href="https://freeradical.zone/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://freeradical.zone/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
Paco Hope #resist<p>Some of my colleagues at <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> have created an open-source <a href="https://github.com/awslabs/threat-designer" rel="nofollow noopener noreferrer" target="_blank">serverless #AI assisted #threatmodel solution</a>. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.</p><p>I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a <em>very</em> good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.</p><p>I deployed this "Threat Designer" app. Then I took the architecture image from <a href="https://medium.com/serverless-transformation/what-a-typical-100-serverless-architecture-looks-like-in-aws-40f252cd0ecb" rel="nofollow noopener noreferrer" target="_blank">this blog post</a> and dropped that picture into it. The image analysis produced some of the list of things you see attached.</p><p>This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.</p><p>I suspect this app is not cheap to run. So <em>caveat deployor</em>. <br><a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
Emory<p>it's lucky for some team out there that i find few things are as satisfying as transmogrifying a team of 3 into a team of 9. or 90 into 270.</p><p>even i know that's good math! they start spotting problems before they get in front of me for their second and third <a href="https://soc.kvet.ch/tags/threatmodel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodel</span></a>.</p><p>i have experience in managed services, vuln management, IR, forensics, cloud architectures, saas vendors, HPC, docsis/fiber/firewalls/ids/ips/MFA/u2f/pki🤷 🤓 </p><p><a href="https://soc.kvet.ch/tags/jobsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jobsearch</span></a> <a href="https://soc.kvet.ch/tags/threatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatModeling</span></a> <a href="https://soc.kvet.ch/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://soc.kvet.ch/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://soc.kvet.ch/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://soc.kvet.ch/tags/fedihired" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedihired</span></a></p>
Emory<p>my <a href="https://soc.kvet.ch/tags/jobsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jobsearch</span></a> continues, most of my search is focused around PHL or Toronto/GTA and remote looking for:</p><p>1. a crew & leadership with a culture of collab & support; shared responsibility model ;)<br>2. they're okay with me floating between IA & PA<br>3. if they're in canada might they sponsor plz</p><p>i would love an org that wants to implement a culture of <a href="https://soc.kvet.ch/tags/threatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatModeling</span></a> and <a href="https://soc.kvet.ch/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> because i can turn software engineers into <a href="https://soc.kvet.ch/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> and privacy resources in about 12-18mo.</p><p><a href="https://soc.kvet.ch/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://soc.kvet.ch/tags/fedihired" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedihired</span></a></p>
Adam Shostack :donor: :rebelverified:<p>Boiler up! 🔨</p><p>I will be a guest of CERIAS’s Weekly Security Seminar Series! 🎤</p><p>In a talk called “Risk is Not Axiomatic,” we will discuss how systems are secured at a practical engineering level and the science of risk. As we try to engineer secure systems, what are we trying to achieve and how can we do that?</p><p>Register now to reserve your spot!</p><p>📅 Date: February 12, 2025 @ 4:30pm ET<br>📍 Location: Zoom<br>🔗 <a href="https://shorturl.at/IOtMx" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">shorturl.at/IOtMx</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Risk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risk</span></a></p>
Florian Schmidt<p>Not the biggest question right now, for sure, but one that still has worldwide effects:<br>With the ongoing <a href="https://mstdn.social/tags/BrainDrain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BrainDrain</span></a> (aka <a href="https://mstdn.social/tags/layoffs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>layoffs</span></a>) and meddling in US institutions, how will software security analysis be affected? Can <a href="https://mstdn.social/tags/NVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NVD</span></a> still be trusted with being the main source of <a href="https://mstdn.social/tags/CVEs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVEs</span></a> in many popular tools?<br>Should e.g. Europe build up own capacities in vulnerability analysis and set up own databases? Are there existing solutions already?<br><a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mstdn.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mstdn.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
Kelly Shortridge<p>so many <a href="https://hachyderm.io/tags/threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threat</span></a> modeling workflows are uncivilized, creaky, positively antediluvian. </p><p><a href="https://hachyderm.io/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> should be modern, configured as code, a creative, collaborative romp to reify a defensive strategy that outmaneuvers attackers.</p><p>thus, this yule, my deciduous.app co-conspirator <span class="h-card" translate="no"><a href="https://hachyderm.io/@rpetrich" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rpetrich</span></a></span> and I bear a gift: Deciduous-VS, a <a href="https://hachyderm.io/tags/VSCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VSCode</span></a> extension to build and visualize decision trees within your IDE 🎄 (== local dev for classified/regulated envs, too)</p><p>learn more in my post: <a href="https://kellyshortridge.com/blog/posts/deciduous-for-vscode-local-decision-tree-editing/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kellyshortridge.com/blog/posts</span><span class="invisible">/deciduous-for-vscode-local-decision-tree-editing/</span></a></p>
Emory<p><span class="h-card" translate="no"><a href="https://mastodon.online/@d_yellowlees" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>d_yellowlees</span></a></span> <span class="h-card" translate="no"><a href="https://petrous.vislae.town/@Binder" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Binder</span></a></span> my favorite used to be "Show of hands, how many of you have dedicated teams or resources for <a href="https://soc.kvet.ch/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a>?" because it was astounding to me i never saw more than one hand go up at any conference i've presented at. </p><p>granted i haven't taken my show to blackhat or anything.</p>
Jonathan Kamens 86 47<p>On a list I'm on, someone asks for advice protecting a small trans support org worried about e.g. keeping their membership list safe.<br>Several people respond, "Talk to company <x>, they help non-profits secure infra."<br>I look at <x>. Its flagship product automates managing security controls in apps like Google Workspace and Slack.<br>I'm like, this isn't going to help when the subpoenas start flying. Y'all need to change your threat model.<br><a href="https://federate.social/tags/smdh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>smdh</span></a> <a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://federate.social/tags/threatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatModeling</span></a> <a href="https://federate.social/tags/politics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>politics</span></a> <a href="https://federate.social/tags/USPol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USPol</span></a></p>
OWASP Foundation<p>📢 Calling all Trainers! The exciting opportunity to be part of <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> EU as a Trainer is here! Join us in Barcelona to showcase your 1, 2, or 3-day training course. Don't miss out, submit your proposal today: <a href="https://sessionize.com/owasp-global-appsec-eu-2025-cft/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sessionize.com/owasp-global-ap</span><span class="invisible">psec-eu-2025-cft/</span></a> 🌟</p><p><a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
OWASP Foundation<p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> Days India is almost here! Join us on November 14-15 for top-notch speakers and tons of valuable insights. Don't miss out! 📅💻 Register now at: <a href="https://www.eventbrite.com/e/995548892537?aff=oddtdtcreator" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/995548892537?</span><span class="invisible">aff=oddtdtcreator</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a></p>
OWASP Foundation<p>Exciting news! 🌟 <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/BeNeLux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BeNeLux</span></a> is happening next month! Check out the amazing lineup of speakers and training courses. Don't miss out on this FREE must-attend event! Register now at <a href="https://www.owaspbenelux.eu/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">owaspbenelux.eu/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
OWASP Foundation<p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/BeNeLux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BeNeLux</span></a> takes place next month! Take a look at our fantastic line up of speakers and training courses available. REGISTER NOW, this is an event you will not want to miss! <a href="https://www.owaspbenelux.eu/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">owaspbenelux.eu/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a></p>
Steele Fortress<p>As privacy advocates and cybersecurity pros, we know that maintaining control over our digital footprint is a constant battle. In 2024, the threat landscape continues to evolve, requiring more advanced, proactive approaches to defend both our privacy and security.</p><p>Here are key strategies for staying ahead of the curve:</p><p>1. Update Vigilance<br>Staying on top of OS and software updates is still one of the most effective ways to avoid exploits. Remember that vulnerabilities like BlueBorne and WPA2's KRACK have been successfully exploited but mitigated by timely patches. For those who prioritize control, manual updates are still the way to go. Review each changelog to assess any privacy concerns (i.e., telemetry changes).</p><p>2. Minimalism as a Strategy<br>The fewer programs you use, the smaller your attack surface. When it comes to privacy and security, minimalism isn't just a lifestyle—it's a tactic. Evaluate the software you install: does every app or service truly align with your goals? Stripping back unnecessary software reduces risks.</p><p>3. Linux: A Secure, Customizable Option<br>Consider adopting Linux for its robust control over security and privacy. Debian-based systems are known for stability, and with proper configuration, they provide a minimalistic and privacy-focused environment. Don't just stop at installation: configure your firewall, DNS, and daily operational scripts to reduce leaks and improve defense.</p><p>4. Virtual Machines (VMs) for Containment<br>VMs, especially when combined with open-source virtualization software, offer excellent containment strategies. Whether you're doing OSINT, sandboxing risky software, or simply adding layers of defense between your host machine and the web, a well-configured virtual environment can drastically reduce exposure. This method is especially effective for isolating specific tasks, preventing cross-contamination between applications or services.</p><p>5. Advanced Browser and DNS Configuration<br>Use privacy-focused browsers like Firefox with hardened settings and explore the use of container tabs to isolate browsing sessions. For additional protection, employ DNS-over-HTTPS (DoH) or DNS-over-TLS to encrypt your DNS requests, mitigating man-in-the-middle attacks. Consider decentralized DNS services as a next step.</p><p>6. Firewall and VPN Integration<br>Layering firewalls with VPNs is essential. But go further: implement firewall rules that ensure your system doesn't make any network requests unless the VPN is active. This can protect you in case of VPN failure, ensuring that your data never travels over insecure networks.</p><p>7. Use of Public and Private Keys for Authentication<br>Where possible, replace traditional passwords with public-key cryptography for authentication. This drastically reduces the threat of brute-force attacks and compromises on services requiring authentication.</p><p>8. Steganography & Disinformation<br>Beyond encryption, consider steganography for hiding critical data in plain sight. As an added layer of security, practice disinformation tactics: provide plausible but fake information that misleads adversaries, ensuring they pursue dead ends.</p><p>9. Breach Monitoring and Response<br>With the rise in data breaches and logs from stealer malware, proactive monitoring of breach data can help defend against credential stuffing and identity theft. Regularly check breached data sites and consider using tools to alert you if any of your data appears in a public leak.</p><p>10. Self-Hosting for True Control<br>Take your privacy into your own hands by moving toward self-hosted solutions where possible. Whether it’s email, file storage, or other critical services, self-hosting allows you to maintain full control over your data and avoid the vulnerabilities that come with cloud providers.</p><p>Stay safe, stay secure, and continue advancing your privacy and security strategy for 2024. The adversaries aren’t getting any slower; neither should we.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/AdvancedSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AdvancedSecurity</span></a> <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/VMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VMs</span></a> <a href="https://infosec.exchange/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OSINT</span></a> <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> <a href="https://infosec.exchange/tags/Firewalls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firewalls</span></a> <a href="https://infosec.exchange/tags/Minimalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Minimalism</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/Disinformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Disinformation</span></a> <a href="https://infosec.exchange/tags/PublicKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PublicKey</span></a> <a href="https://infosec.exchange/tags/Steganography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Steganography</span></a></p>
OWASP Foundation<p>It's not too late to sign up for <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> SF! Get ready for top-notch 1,2, or 3-day training from Sept. 23-25 (some courses offer a virtual option!), followed by conference and expo days on Sept. 26-27. Secure your spot NOW! <a href="https://sf.globalappsec.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sf.globalappsec.org/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a></p>
OWASP Foundation<p>OWASP AppSec Days Singapore is coming soon on October 1-2!</p><p>This 2-day event is specifically designed for infosec professionals.</p><p>We have a great lineup of speakers for Oct 2, including Abhijit Chatterjee, Brian Reed, Vikas Khanna, and Surya Subhash.</p><p>Register to attend now on our website to attend training sessions from experts in their fields, and listen to these speakers and more. </p><p>REGISTER➡️ <br><a href="https://owaspappsecdayssingapore2.rsvpify.com/?securityToken=3jRkInslc6YdgQ7200JZeG1RIGerJHzw" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owaspappsecdayssingapore2.rsvp</span><span class="invisible">ify.com/?securityToken=3jRkInslc6YdgQ7200JZeG1RIGerJHzw</span></a></p><p><a href="https://infosec.exchange/tags/Singapore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Singapore</span></a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
OWASP Foundation<p>Hurry! ⏰ Only one week left to snag discounted guest rooms for <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> SF. Save big and book your room NOW before it's too late: <a href="https://www.hyatt.com/en-US/group-booking/SFORS/G-OWS4" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">hyatt.com/en-US/group-booking/</span><span class="invisible">SFORS/G-OWS4</span></a></p><p><a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
OWASP Foundation<p>Join <a href="https://infosec.exchange/tags/ApplicationSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ApplicationSecurity</span></a> experts <span class="h-card" translate="no"><a href="https://infosec.exchange/@SheHacksPurple" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SheHacksPurple</span></a></span> ("Alice and Bob Learn Application Security", <span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span> ("Threat Modeling: Designing for Security"), and <span class="h-card" translate="no"><a href="https://infosec.exchange/@izar_tarandach" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>izar_tarandach</span></a></span> ("Threat Modeling") as they discuss <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> for <a href="https://infosec.exchange/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a>.</p><p><a href="https://www.youtube.com/watch?v=ekwOAPlkf9c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=ekwOAPlkf9</span><span class="invisible">c</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload