Adam Shostack :donor: :rebelverified:
@adamshostack.infosec.exchange.ap.brid.gy
Author, game designer, technologist, teacher.
Helped to create the CVE and many other things. Fixed autorun for XP. On Blackhat Review board.
Books […]
[bridged from https://infosec.exchange/@adamshostack on the fediverse by https://fed.brid.gy/ ]
Helped to create the CVE and many other things. Fixed autorun for XP. On Blackhat Review board.
Books […]
[bridged from https://infosec.exchange/@adamshostack on the fediverse by https://fed.brid.gy/ ]
@briankrebs Don't skip the CSRB please.
November 20, 2025 at 10:30 PM
@briankrebs Don't skip the CSRB please.
@waldo.net Or you know, if you hate shots, there’s a nasal vaccine which is less of a barrier
November 20, 2025 at 2:53 AM
@waldo.net Or you know, if you hate shots, there’s a nasal vaccine which is less of a barrier
@sambowne
"once enabled, it’s enabled for all users on the device including other administrators and standard users."
"Agents should always act under the principles of least privilege"
"once enabled, it’s enabled for all users on the device including other administrators and standard users."
"Agents should always act under the principles of least privilege"
November 18, 2025 at 4:25 PM
@sambowne
"once enabled, it’s enabled for all users on the device including other administrators and standard users."
"Agents should always act under the principles of least privilege"
"once enabled, it’s enabled for all users on the device including other administrators and standard users."
"Agents should always act under the principles of least privilege"
November 15, 2025 at 3:30 AM
@briankrebs @dangoodin If this really works, I'm ready to go back to thinking like an attacker!
🤣
(cc @Viss )
🤣
(cc @Viss )
November 14, 2025 at 3:53 PM
@briankrebs @dangoodin If this really works, I'm ready to go back to thinking like an attacker!
🤣
(cc @Viss )
🤣
(cc @Viss )
Regulation
There are no regulatory updates because the United States of America is unable to fund its ongoing operations and shut down. 2025 United States federal government shutdown (Wikipedia)
Despite that, the FCC deems it essential to reconsider a set of security actions. The letter from […]
There are no regulatory updates because the United States of America is unable to fund its ongoing operations and shut down. 2025 United States federal government shutdown (Wikipedia)
Despite that, the FCC deems it essential to reconsider a set of security actions. The letter from […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 3:24 PM
Regulation
There are no regulatory updates because the United States of America is unable to fund its ongoing operations and shut down. 2025 United States federal government shutdown (Wikipedia)
Despite that, the FCC deems it essential to reconsider a set of security actions. The letter from […]
There are no regulatory updates because the United States of America is unable to fund its ongoing operations and shut down. 2025 United States federal government shutdown (Wikipedia)
Despite that, the FCC deems it essential to reconsider a set of security actions. The letter from […]
AI
Mike Privette has released a new version of his AI Security Shared Responsibility Model.
Benchmarking is hard. See two Arxiv papers, The Illusion of Readiness: Stress Testing Large Frontier Models on Multimodal Medical Benchmarks, (“Leading systems often guess correctly even when key inputs […]
Mike Privette has released a new version of his AI Security Shared Responsibility Model.
Benchmarking is hard. See two Arxiv papers, The Illusion of Readiness: Stress Testing Large Frontier Models on Multimodal Medical Benchmarks, (“Leading systems often guess correctly even when key inputs […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 3:24 PM
AI
Mike Privette has released a new version of his AI Security Shared Responsibility Model.
Benchmarking is hard. See two Arxiv papers, The Illusion of Readiness: Stress Testing Large Frontier Models on Multimodal Medical Benchmarks, (“Leading systems often guess correctly even when key inputs […]
Mike Privette has released a new version of his AI Security Shared Responsibility Model.
Benchmarking is hard. See two Arxiv papers, The Illusion of Readiness: Stress Testing Large Frontier Models on Multimodal Medical Benchmarks, (“Leading systems often guess correctly even when key inputs […]
Appsec
Allan Reyes has a longish article, Keeping Secrets Out of Logs, which is quite good, and has nice easter eggs.
Facebook describes how they use monthly “waves” of activity to help teams engage with their privacy work in a blog post, Federation Platform and Privacy Waves. Key concept […]
Allan Reyes has a longish article, Keeping Secrets Out of Logs, which is quite good, and has nice easter eggs.
Facebook describes how they use monthly “waves” of activity to help teams engage with their privacy work in a blog post, Federation Platform and Privacy Waves. Key concept […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 3:24 PM
Appsec
Allan Reyes has a longish article, Keeping Secrets Out of Logs, which is quite good, and has nice easter eggs.
Facebook describes how they use monthly “waves” of activity to help teams engage with their privacy work in a blog post, Federation Platform and Privacy Waves. Key concept […]
Allan Reyes has a longish article, Keeping Secrets Out of Logs, which is quite good, and has nice easter eggs.
Facebook describes how they use monthly “waves” of activity to help teams engage with their privacy work in a blog post, Federation Platform and Privacy Waves. Key concept […]
Threat Modeling
SAFECode and The Center for Internet Security have released a Secure by Design: A Developer’s Guide to Building Safer Software.
Pat Opet of JP Morgan Chase announced a paper on their threat modeling approach (“tradecraft”). You can read that linkedin post, jump to the corporate […]
SAFECode and The Center for Internet Security have released a Secure by Design: A Developer’s Guide to Building Safer Software.
Pat Opet of JP Morgan Chase announced a paper on their threat modeling approach (“tradecraft”). You can read that linkedin post, jump to the corporate […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 3:22 PM
Threat Modeling
SAFECode and The Center for Internet Security have released a Secure by Design: A Developer’s Guide to Building Safer Software.
Pat Opet of JP Morgan Chase announced a paper on their threat modeling approach (“tradecraft”). You can read that linkedin post, jump to the corporate […]
SAFECode and The Center for Internet Security have released a Secure by Design: A Developer’s Guide to Building Safer Software.
Pat Opet of JP Morgan Chase announced a paper on their threat modeling approach (“tradecraft”). You can read that linkedin post, jump to the corporate […]
November 11, 2025 at 5:40 PM