Podcast appearances and mentions of stephen toulouse

Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2017-036-Adam_Shostack-threat_modeling.mp3 Adam Shostack has been a fixture of threat modeling for nearly 2 decades. He wrote the 'threat modeling' bible that many people consult when they need to do threat modeling properly. We discuss the different threat modeling types (STRIDE, DREAD, Trike, PASTA) and which ones Adam enjoys using. Mr. Boettcher asks how to handle when people believe an OS is better than another, how to do threat modeling to decide which OS should be the one to use.   Stay after for a special post-show discussion with Adam about his friend Stephen Toulouse (@stepto).   RSS: http://www.brakeingsecurity.com/rss Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2  #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast   Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/       SHOW NOTES:   Ideas and suggestions here:   Start with “What is threat modeling?”   What is it, why do people do it, why do organizations do it? What happens when it’s not done effectively, or at all?   At what point in the SDLC should threat modeling be employed? Planning? Development? Can threat models be modified when new features/functionality gets added? Otherwise, are these just to ‘check a compliance box’? Data flow diagram (example) -   process flow External entities Process Multiple Processes Data Store Data Flow Privilege Boundary   Classification of threats- STRIDE - https://en.wikipedia.org/wiki/STRIDE_(security) DREAD - https://en.wikipedia.org/wiki/DREAD_(risk_assessment_model) PASTA - https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf Trike -  http://octotrike.org/   https://en.wikipedia.org/wiki/Johari_window   Butler Lampson, Steve Lipner link: https://www.nist.gov/sites/default/files/documents/2016/09/16/s.lipner-b.lampson_rfi_response.pdf   Escalation Of Privilege card game: https://www.microsoft.com/en-us/download/details.aspx?id=20303   NIST CyberSecurity Framework: https://www.nist.gov/cyberframework   Data Classification Toolkit - https://msdn.microsoft.com/en-us/library/hh204743.aspx Microsoft bug bar (security) - https://msdn.microsoft.com/en-us/library/windows/desktop/cc307404.aspx Microsoft bug bar (privacy) - https://msdn.microsoft.com/en-us/library/windows/desktop/cc307403.aspx OWASP threat Modeling page: https://www.owasp.org/index.php/Application_Threat_Modeling OWASP Threat Dragon - https://www.owasp.org/index.php/OWASP_Threat_Dragon Emergent Design:  https://adam.shostack.org/blog/2017/10/emergent-design-issues/   https://www.researchgate.net/profile/William_Yurcik/publication/228634178_Threat_Modeling_as_a_Basis_for_Security_Requirements/links/02bfe50d2367e32088000000.pdf   Robert Hurlbut (workshop presenter at SourceCon Seattle) https://roberthurlbut.com/Resources/2017/NYMJCSC/Robert-Hurlbut-NYMJCSC-Learning-About-Threat-Modeling-10052017.pdf (much the same content as given at Source)   Adam’s Threat modeling book http://amzn.to/2z2cNI1 -- sponsored link https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998/ref=mt_paperback?_encoding=UTF8&me=   Is the book still applicable? New book   What traps do people fall into?  Attacker-centered, asset-centered approaches Close with “how do I get started on threat modeling?” SecShoggoth’s Class “intro to Re” Johari window? http://www.selfawareness.org.uk/news/understanding-the-johari-window-model

Hello, all, and welcome to the next installment of the podcast that says “vintage electronics: I WANT IT”.  I’m Randy Kindig and I’m your host.  This episode is the first of a 2-parter on the Hewlett Packard HP-41 line of programmable calculators.  The HP-41 is a seminal example of programmable calculators from the late 70’s and into the 80’s and is still very desirable and sought after today.  I was lucky enough to find 2 gentlemen to co-host who are well-known among the active HP calculator community that exists today: Richard J. Nelson, who has written, edited, and published as much HP-41 material as anyone ever.  And Gene Wright who is on the HP Handheld Conference Committee and he was a TI fan before becoming “hooked” on the HP-41.  In this first part on the HP-41, I interview the co-hosts and then we cover the history of the calculator line in detail.  Next month, with the same co-hosts, we will cover Web sites, emulation, software, and much more. To start out, as usual, I will cover my new vintage computer acquisitions, a little news, and some feedback. I hope you enjoy this and please let me know what you think. Links Mentioned in the Show: New Acquisitions Kim UNO - http://obsolescence.wix.com/obsolescence SpartaDOS X Supercart - https://www.bitsofthepast.com/?product=super-spartados-cartridge News New TI Newsletter - Yesterdays News by Ralph Rees - http://atariage.com/forums/topic/251850-yesterdays-news/?hl=%2Byesterdays+%2Bnews#entry3507067 https://storybundle.com/tech - “Nerd History Bundle” A Microsoft Life by Stephen Toulouse - http://www.amazon.com/dp/0557735297/?tag=flodaypod-20 Gates by Stephen Manes and Paul Andrews - http://www.amazon.com/dp/0671880748/?tag=flodaypod-20 Fire in the Valley by Michael Swaine and Paul Freiberger - http://www.amazon.com/dp/0071358927/?tag=flodaypod-20 Terrible Nerd by Kevin Savetz - http://www.amazon.com/dp/1939169003/?tag=flodaypod-20 Irregularity by Jared Shurin - http://www.amazon.com/dp/0992817218/?tag=flodaypod-20 The Google Way by Bernard Girard - http://www.amazon.com/dp/1593271840/?tag=flodaypod-20 Priming the Pump by David Welsh and Theresa Welsh - http://www.amazon.com/dp/0979346800/?tag=flodaypod-20 Book site for Priming the Pump - http://www.microcomputerpioneers.com/ Upcoming Shows Last Chicago CocoFest - http://www.glensideccc.com/cocofest/ April 23 & 24, 2016, Heron Point Convention Center, Lombard, IL KansasFest  - July 19-24, 2016 - https://www.kansasfest.org Atari Party - Saturday, July 30, at 12 PM - 5 PM in PDT, Mary L. Stephens Davis Branch Library, 315 E 14th St, Davis, California 95616 - https://www.facebook.com/events/1069851796370777/ VCF west - Aug 6-7 - http://www.vintagecomputerfederation.org/uncategorized/vcf-west-is-back/ VCF midwest — Sep 10-11, Elk Grove Village, IL - http://vcfed.org/wp/festivals/vintage-computer-festival-midwest/ PRGE Oct 21-23 http://www.retrogamingexpo.com TI International World’s Faire - Sat. Oct. 15 at Evanston Public Library Feedback a two-minute pitch video for The Secret History of Gaming on the Mac being written by Richard Moss - https://www.youtube.com/watch?v=2tL2kC3QqeU The Secret History of Gaming on the Mac Web site - https://unbound.co.uk/books/macgaming Interview and History Gene’s TI-58/59 Failures and Maintenance Tips Web site - http://www.rskey.org/gene/calcgene/59diag.htm Contains probably the most information about the HP 41 series out there:   http://hp41.org/ The HP 41CL replacement CPU board web page:  http://www.systemyde.com/hp41/ Keith Jarett, "HP 41 in Orbit," Personal Computing (October/November 1984), pp. 50-54. - http://web.archive.org/web/20000621003759/http://www.nasm.si.edu/nasm/dsh/artifacts/GC-hewlett-.htm HHC (HP Handheld Computer) Conference - http://hhuc.us/ References “The HP-41 System – 30 Years Old” by Richard J Nelson - http://h71028.www7.hp.com/enterprise/downloads/The%20HP-41%20System%20V3.pdf Wikipedia - https://en.wikipedia.org/wiki/HP-41C  

Ken Plume has a chat with author and performer Stephen Toulouse about comas, nostalgia, Star Trek, and montages.

With a short week between recordings we decided to list our top 5 favorite videogame characters. 00:01:30 – News Quick Hits: We touch on the best-selling console worldwide in 2011, who Skyrim predicts to win the Super Bowl, the Game of Thrones RPG release date, how many hours of content are in Kingdoms of Amalur: Reckoning, and Zynga’s success thanks in part to Facebook. 00:07:05 – How Our Weeks Were: 00:13:20 – Music Break: “Short Blues” by Redmagik 00:14:50 – Main Segment: Our Top 5 Video Game Characters: We count down our top five favorite video game characters of all time. From Pikachu to Solid Snake, and Garrus to Yoshi, with plenty of Final Fantasy love in between, we break down some of the best characterizations in video games. 01:03:10 – Music Break: “Garou-Blues” by JML 01:04:40 – Feedback A shortened week equals shortened feedback! We discuss a listener’s favorite classic football video games, QB Club ‘98 and NFL 2k5. 01:06:00 – News Dan talks about potential games in the Mass Effect universe. A Mass Effect MMO or RTS headline the discussion. Eventually the discussion turns to more Xbox vs. Playstation banter, with some discussion of each online service and their respective controllers, concluding with the origins of our console fanboyisms. 01:16:30 Corey exposes Oklahoma’s proposed “sin tax,” a tax on mature rated video games. Violent games discussion evolves into a road rage tangent. 1:24:15 Will discusses Xbox Live’s Stephen Toulouse’s departure and the banning/hacking circumstances that may be the culprit. 1:25:45 Eric reveals some bad science relating to “problem gaming.” As always, the conversation morphs into something else, tea bagging at an Alabama/LSU game. 01:30:16 – Music Break: “Hänschen, sei gut!” by Raulin de los Bosques 01:32:10 – What We Played: Eric keeps rolling with Fifa. 1:34:00 Will touches on ten minutes of Batman: Arkham Asylum’s tutorial. 1:35:05 Corey revisits why FFVI “sucks.” Family Feud with Friends makes an appearance, including some glaring gameplay flaws. Eric chimes in about Temple Run. Corey rounds out his turn with a cooler opinion of FFXIII-2 thanks in no small part to a stuffy casino, Serendipity. 1:49:30 Dan likes Torchlight’s loot whoring mechanic and

Not only does Shipwreck join us this week, Stephen Toulouse, Head of Xbox Live Policy and Enforcement, talks Xbox Live naughtiness too. We talk PS3 Slim and other Gamescon news, and of course we've got game shopping and industry news, new releases, your CAGbag questions and so much more!