Sharing your birthday online and the risks it brings.

I am sure you are so happy when you see the wall of congratulations on your Meta, Twitter, or Linkedin feeds. It brings joy and sometimes false happiness that you have so many friends who care about you.

When you share your birthday publicly, it brings some risks for you, and you might become a victim of identity theft or a phishing attack.

Phishing attacks with birthday information

You are more likely to click on a message that says, “Happy Birthday, [your name], here is our gift for you” more than anything else. Of course, I am sure you are not clicking on those “You won the lottery” e-mail anymore.

Scan your inbox and see how many of those do you have from your last birthday?

The good news here is that the mail companies or other services try to detect those attempts and protect you on a certain level. 

Hint: You have no idea how easy it is to use a web scraper for Meta and Linkedin, to get e-mail patterns and your birthday to automate a phishing attack that works without even monitoring it.

Identity Theft with birthday information

As I said, some level of protection against phishing attacks is available for you by default from your vendor or ISP, but there is not much to do if you become a victim of Identity theft.

I recommend you to read this article to learn more in-depth about this threat.

What can you do?

You can help yourself as well if you stop sharing your birthday publicly. The friends that care about you will know when you were born and find a way to congratulate you.

Think about your privacy and be happy!

The header image is published under Attribution-NonCommercial 2.0 Generic (CC BY-NC 2.0) license

Doing Threat Modeling properly will help your teams to create a bit more secure products.

I created something beautiful, and I want to give the knowledge to you.

How did it start?

While analyzing the SDLC in a company I worked for, I realized a few dangerous gaps in our threat modeling process. I also talked with my network of professionals in other companies and understood that they have the same or similar gaps. 

I decided to fix those gaps by creating a miniature product that I released under a creative commons license.

What were the gaps?

Traditional Thread Modeling approaches widely used today provide a false sense of security, leading to products and services that attacker personas can easily exploit. 

I identified four gaps and will share two of them with you:

Gap 1: Limited Exposure 

Most of the time, threat modeling is made by a single user because they have the most knowledge of the system or compete with others to get some company incentive.

A dialog is a key to establishing the common understandings that lead to value, while documents record those understandings and enable measurement.

The framework’s goal is to make sure everyone has a chance to participate in the exercise – to raise the entire team’s security posture and strengthen the product lines in general. 

The other benefit is that this could be adopted as an internal standard for all the team inside the company and make sure we do the threat analysis with the proper attention and using the same techniques.

Gap 2: Not aligned with the way we deliver software.

The current approach to Threat Modeling is close to a Waterfall model, and it’s far away from the dynamicity of the modern (Agile) way of doing software.

Threat modeling must align with an organization’s development practices and follow design changes in scoped iterations to manageable portions of the system.

We do the modeling in the beginning, and no one is updating them iteratively. Protecto engages the team regularly to repeat the exercise and focus on the most critical security issues first.

How do I fix this?

Protecto contains three main items:

  • A set of concept and visual tools to use with your team to make threat modeling a fun and helpful exercise.
  • A process to follow to make sure your team skills are applied where they will be most beneficial.
  • A 90-min workshop containing two modules and it starts with a beer tap protection exercise to help you and your team understand the process and the tools.

Where can you learn more?

If you want to improve your threat modeling practices and start developing more secure products with Protecto, there are two options:

Want to stop the attackers? Could you not give them something to attack?