It won’t work. (Dunking on mastodon here, not Don. )
TechHub
BGDon πŸ‡¨πŸ‡¦ πŸ‡ΊπŸ‡Έ πŸ‘¨β€πŸ’» (@BrentD@techhub.social)
Attached: 1 image Good move - Mastodon to begin rolling out Quote Posts next week with safety controls to help counter dunking. https://techcrunc...
New blog, Threat Modeling Tools
Shostack + Friends Blog > Threat Modeling Tools
A 2025 view of threat modeling tools
 People frequently ask me what threat modeling tooling they should use. My answer is always: The best threat modeling tool for you is the one that solves a specific problem that you can articulate. To help you articulate the problems, this is one part of a two-part series. The second post will dive deep into LLMs for threat modeling. Threat modeling tools generally fall into four groups:<li> General purpose tools like whiteboards or Google docs</li><li> Programmer threat modeling tools tools (eg, pytm)</li><li> Individual/small team threat modeling tools (eg, MS-TMT or Threat Dragon)</li><li> Enterprise threat modeling tools (eg, IriusRisk)</li> (1/5)
Shostack + Friends Blog > Threat Modeling Tools
A 2025 view of threat modeling tools
 image
Does lockdown mode protect against the latest apple vulns?
Seems reasonable: "Our findings reveal that the standalone LLM introduces nearly 9x more new vulnerabilities than developers, with many of these exhibiting unique patterns not found in developers'code. Agentic workflows also generate a significant number of vulnerabilities, particularly when granting LLMs more autonomy, potentially increasing the likelihood of misinterpreting project context or task requirements. We find that vulnerabilities are more likely to occur in LLM patches associated with a higher number of files, more lines of generated code, and GitHub issues that lack specific code snippets or information about the expected code behavior and steps to reproduce" https://www.semanticscholar.org/paper/Are-AI-Generated-Fixes-Secure-Analyzing-LLM-and-on-Sajadi-Damevski/235c52bdef09f6fec47a17fcdbc072ff6a5bd275?utm_source=alert_email&utm_content=LibraryFolder&utm_campaign=AlertEmails_WEEKLY&utm_term=LibraryFolder&email_index=0-0-0&utm_medium=59735069
If someone wants to commit to buying the answer, locking it in a safe deposit box and throwing away the key, I'll throw $50 at the effort. https://www.washingtonpost.com/entertainment/art/2025/08/14/kryptos-code-k4-solution-jim-sanborn-auction/
One of the hats I wear is editor for the @DEF CON Franklin Hackers' Almanack. If you see talks that policymakers should know about, please let me know here, tag me, etc. I'm already seeing great stuff on voting security, resisting back doors, irresponsible behavior by thin-skinned vendors.. what else should I see?
DEF CON Franklin
 image