Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ryanc/statuses/112166665175220057">Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Wednesday, 27-Mar-2024 17:18:06 JST</a><a href="https://infosec.exchange/@ryanc" title="ryanc@infosec.exchange"><img src="https://gnusocial.jp/avatar/174285-48-20231204225121.webp" width="48" height="48" alt="Ryan Castellucci :nonbinary_flag:" style="position: absolute; left: 0; top: 0;">Ryan Castellucci :nonbinary_flag:</a></section><article><p>While I'm doing some thought leadering...</p><p>Threat modeling should include the users as threats to themselves.</p><p>"How could the most naive person I know use this wrong and suffer?"</p><p>or</p><p>"How will people actually use this, and does that violate our security assumptions?"</p><p>Note that I do not say "stupid" here.</p><p>The guy who used sha256("how much would could a woodchuck chuck if a woodchuck could chuck wood") as a Bitcoin private key to protect 250BTC circa 2013 was (is?) a Mensa member.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2869725#notice-5700832">In conversation</a><time datetime="2024-03-27T17:18:06+09:00" title="Wednesday, 27-Mar-2024 17:18:06 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@ryanc/112166665175220057" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@ryanc/112166665175220057">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Wednesday, 27-Mar-2024 17:18:06 JST Ryan Castellucci :nonbinary_flag:
While I'm doing some thought leadering...
Threat modeling should include the users as threats to themselves.
"How could the most naive person I know use this wrong and suffer?"
or
"How will people actually use this, and does that violate our security assumptions?"
Note that I do not say "stupid" here.
The guy who used sha256("how much would could a woodchuck chuck if a woodchuck could chuck wood") as a Bitcoin private key to protect 250BTC circa 2013 was (is?) a Mensa member.
In conversationabout 10 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice