As in introduction into "threat modeling" this articles comes highly regarded by me.
Not because it's a deep analyses, but because it isn't.
Also, it's highly funny.
Basically, you and I should worry about fishing links and ex girlfriends who are going mad with our email, and not about the Mossad.
Not that the Mossad (or another group with an abbreviated name and bland office building) isn't dangerous, but they have a higher budget than you and I so we can't defend against them anyways. Why worry about Russia invading if we can't defend against it anyways. But a good fence may keep the foxes 🦊 away from our chickens. 🐓
Link: https://buttondown.email/hillelwayne/archive/formal-methods-cant-fix-everything-and-thats-okay/
|
Title: Formal Methods can't fix everything and that's okay
Threat modeling is fundamentally about cost-benefit analysis, on both sides of the threat.
Attacking a weak password is really easy, so it pays to attack even low-value targets. Adopting a strong password is also easy. If you're a low-value target, this will protect you from a lot. But if you're a high-value target, attackers will be willing to spend more resources attacking you. So you'll need to invest more in your defenses, which makes fewer people able to attack you. As this escalates, both the attacks and defenses get more and more expensive, as ever smaller groups of people can afford them
No comments:
Post a Comment