My point is that security people need to get …

My point is that security people need to get their priorities
straight. The “threat model” section of a security paper resem-
bles the script for a telenovela that was written by a paranoid
schizophrenic: there are elaborate narratives and grand con-
spiracy theories, and there are heroes and villains with fantas-
tic (yet oddly constrained) powers that necessitate a grinding
battle of emotional and technical attrition. In the real world,
threat models are much simpler (see Figure 1). Basically, you’re
either dealing with Mossad or not-Mossad. If your adversary is
not-Mossad, then you’ll probably be fine if you pick a good pass-
word and don’t respond to emails from ChEaPestPAiNPi11s@
virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE
GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO
ABOUT IT.

James Mickens: This World of Ours

(View on gamamb.tumblr.com)

You may also like...