Spotify knows what you did the last G88gle search session!

I had a strange situation:

  • I was using G**gle Translate to transform some string from English to a few of the languages spoken in Indian to greet my teem better.
  • A few days after that, I opened my Spotify app, and surprise – my recommendation feed was full of newly discovered Indian songs.

The “coincidence” is not a discovery for sure; this is happening a lot. Just be aware that whatever you do in G**ge is visible to multiple other parties. 

And it’s not just G**gle. It’s almost every service that comes to you for “free”. It’s not Free; it’s you that they sell for big $ to other companies.

Continue reading about the Spotify ethical violations from here.

The future of passwords is bright

I see the future. I see it so clear to see one message you will receive a few years from now.

“Dear Customer, 

The BlahBlah monitoring system has noticed suspicious attempts to log in to multiple users’ accounts (an AI brute-force technique). Your account has been recognized with potentially weak security settings.

Therefore, to prevent unauthorized access, your account password has been regenerated automatically.

To restore access and ensure the security of your account, please complete the following step:

Reset a new strong password(At least 58 characters, including at least 3 uppercase, 7 lowercase letters, 9 numbers, and at least 7 special characters, e.g., ! @ # ? ])…”

The future BlahBlah security team

I like this feature. Why? People are lazy, and we tend to learn less and less and watch TV every day instead of reading books, solving math problems, thinking about space, dreaming big.

Imagine how your brain will work if you need to remember your new 58 characters password for your fresh 58 new services you will subscribe to deliver food to your home.

The future is bright! Embrace it. Please change your password to 58 characters now, and don’t write them down. Train your brain!

Threat modeling framework under Creative Commons license.

I am so happy that Citrix allowed me to release under Creative Commons license the threat modeling framework I developed in the last four months.

What was the challenge?

Doing threat modeling is one of the main requirements for almost any Agile organization. Most of the teams are doing it wrong, and as an award, they receive a false sense of security, which leads to products and services that attacker personas can easily exploit.

What’s the solution?

I created an agile visual threat modeling framework (code name: Protecto)

  • Set of tools and a 90-min workshop to start with it, and build much more secure products! 
  • A step by step guide to making the modeling together, often and with fun, for maximum efficiency.
  • A learning path that is fixing the four main flaws in our current way of doing threat modeling to build much more secure products!
  • It’s a way of working through a threat model.

It all starts with a yard, a beer tap, and a bunch of attackers.  If you are thirsty for knowledge – click here to read more…