LogoSquare

Denim Group Website

My Photo
Powered by TypePad


Programming Blogs - Blog Catalog Blog Directory

Denim Group

« Perceived vs. Substantive Security | Main | Headed to RSA »

April 09, 2008

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83455143b69e200e551b942ab8833

Listed below are links to weblogs that reference Death Star Threat Modeling:

Comments

Donnie

Very nicely done! Easy to understand and a very entertaining read for a Star Wars nerd like me. :)

HOPE Attendee

Hello Kevin,

Were you going to release your slide show that you gave at HOPE? I would love to give it to some of my more risky developers.

Chris

The death star had a number of security issues as well as the exhaust vulnerability.

1. Identity management was terrible, anyone could just walk around in a stolen stormtrooper outfit.

2. Ship searching procedures were not great, examples of security incidents are the hijackings during a ship search.

3. Authentication, there are no encryption or authentication mechanisms on any of the computer terminals, the controls for the tractor beam, the controls in the prison block or anywhere else.

4. Physical, there are no authentication mechanisms on any of the doors so anyone can go anywhere in the station.

The comments to this entry are closed.