Today I will cover some padlocks that I use and personally recommend. Padlock selection should occur based on the threats they are likely to face. There are two basic threat models I use when selecting padlocks. The first is low-to-medium security applications. These locks will be robust enough against forced entry and offer some light protection against picking and other surreptitious defeat. The other is high security. The cost of a high security lock is justified in several instances: if surreptitious entry is a legitimate concern. They are also preferred for unattended containers. This might be your luggage†, your gym locker, or a shed on a vacation property.
The Tor Browser Bundle is a terrific security tool. Tor is a decentralized, anonymization network. To use it you need a specific internet browser, and it allows you to be as close to anonymous as one can be on the internet. It also strongly encrypts your traffic, and best of all, it is free. Readers have asked my opinion on Tor, and why I have not written about it. There are some potential downsides to using Tor. As a result, I have very mixed, very nuanced feelings about using it. Before jumping into and using this tool you should take some time to consider these Tor threat models. Though I typically analyze variations of the tool itself, my Tor threat models are in relation to use cases and user profiles rather than the tool.
It is likely that readers of this blog know where I stand on cloud storage. I have been fairly outspoken against the practice of storing personal data in the cloud. Unfortunately, I realize this may be an untenable solution for many who desire – or even require – the ability to use and access cloud storage. Even I had a personal experience recently that made me re-think the utility of cloud storage. Cloud storage does offer the benefit of being a strong hedge against data loss. Losing data can be crippling for an individual, and even more so to a small business. With these factors in mind (and at the request of a reader) I have taken a look at some cloud providers and developed some cloud storage threat models.
In a continuation my suite on threat modeling, this post will discuss lock threat models. There are many high security locks that are intended to address the vulnerabilities of the standard pin-tumbler mechanism. There is also a spectrum between bargain-basement hardware and expensive high-security locksets. I understand that security doesn’t exist in a vacuum: though it would probably be a more secure world if everyone had a high security lock, it would also be a very expensive one. Deciding on the right lock for your needs should be informed by a threat model. Continue reading “Mechanical Lock Threat Models”
In a continuation of my suite on threat modeling, this post will address email threat modeling specifically. Selecting an email provider (or set of email providers) can be difficult if privacy and security are your chief concerns. Gmail is abyssmal when it comes to privacy, but even paid providers struggle to match its security. Selecting an email provider for sensitive communications should be done based on your threat model(s), and you may end up maintaining several accounts for different purposes. It is my hope that these threat models will provide some clarity into what threat(s) each email provider defends you against. I also hope this helps you choose a setup that you are comfortable with. Continue reading “Email Threat Models”