Archives For July 2016


A new version of the Threats Manager has been just released. It addresses some bugs and introduces some usage improvements.
You can see the complete list of the fixes and download the archive from here.


What is the last thing that you have broken just to verify if it could have been broken? A phone? A car, perhaps? Or the new TV set of your neighbor?

Well, breaking thing definitely is not something that people normally do. Incidents happen, surely, but good people simply do not break things for the thrill of doing that.

Good people do not do that, but bad people definitely do. They break things not only because it can be done, but because much can be gained in the process.

So, intentions are really important: are you breaking things to obtain unwarranted advantages, or are you doing that to help who make those things to improve how they are built? The first are simply robbers, while the second are doing a service to all of us, makers and users alike.

In software security, we refer to the good “breakers” as White Hat hackers, while the bad “breakers” are Black Hat hackers. And yes, you guessed well: there are Gray Hat hackers too.

This is a very simplistic description of the world of the hacking. You could find various types of hackers everywhere: for example, do you recall that time when as a boy or a girl you opened that toy to understand how it worked? Well, you have been an hacker without knowing anything about that!

Now, I think that clearly White Hat hacking is a good thing for everyone if done ethically, and for that reason it should be encouraged. It is not easy to be a White Hat hacker: it requires both a broad and deep knowledge of technology, processes and of human behavior.

If the White Hat hackers would not do their job, applications and systems will remain unprotected and Black Hat hackers will have much easier access to your data.

That said, why someone would want to punish White Hat hackers?

The big surprise I hinted at the end of my Restarting article is out!

It is a new tool, which complements the workflow of Microsoft Threat Modeling Tool 2016, by providing features specifically designed to optimize the Mitigation experience.

The improvements in efficiency can be really huge, depending on the complexity of the model (the higher the better!), on the template and on the maturity of the organization: an estimation done with the standard template implies the possibility to optimize for 60% or more!

I have done everything I could to provide you with the best possible solution, given my limited resources: this is a project I have developed in my spare time. So, please, any costructive feedback would be much appreciated.

The details have been collected in a specific page, called The Threats Manager Tool, which can be accessed also from the menu at the top of my Blog site.

And the best thing is… that it is entirely free!


It is very interesting to understand how attackers work, and sometimes it is also scary to see how unprepared we are. This in an unbalanced war, which we are losing.

Ransomware is on the rise, and it is more and more dangerous. But it is not the only problem. Many of my customers are totally unprepared, yet they say that they have not been compromised in the past, but for a couple of well known incidents. No wonder, considering that their detection controls are in some cases totally ineffective.

Sometimes customers have no clue of where their assets are or how they can be exploited. The most absurd thing to see is that many organizations have VIPs that are not tolerant toward the limitations imposed for Security reasons, and they have the power to require exemption: as a result, sometimes those who have the highest value for an organization are the least protected!

Attackers already know all this and understand your business better than you. They are going to find your weakest spots and to hit them, hard. Many are not able to see that coming and even less to respond properly.

FireEye’s incident response business further reports the mean “dwell time” for breaches in EMEA is 469 days, versus 146 globally.


In other words, in EMEA the time an attacker on average remains undetected in a victim’s system, is more than 3 times higher than the World average!

We have to change this and soon, and it all starts from adopting a more active stance toward Security. It is not a cost: it is a necessity!

David Ferbrache from KPMG describes the situation very well, and SC Magazine has an article about it that can be both alarming and illuminating: