Some Stuff You Might Find Interesting 9-8-2009

by alex on September 8, 2009

IT’S A TAB DUMP

Hey,  because of the holiday, I missed posting some stuff for you all about security & visualization last week. So I thought I’d make it up to you today (plus, I’m about to declare Firefox tab bankruptcy, as I tend to find things to mention on the blog here and then leave the tabs open indefinitely.  I have about 47 tabs open right now).


VISUALIZATION FUN

All about a cool gov’t dashboard from Down Under:

http://infosthetics.com/archives/2009/09/about_new_south_wales_putting_open_data_online_the_australian_way.html

Flowing Data has a visualization tool discussion:

http://flowingdata.com/2009/09/03/what-visualization-toolsoftware-should-you-use-getting-started/

At The Intersection of Security & Visualization?

VizSec 2009 in Atlantic City, NJ (USA) http://vizsec.org/vizsec2009/#key

Not to denigrate the choice of Bill Cheswick too much, because I’d jump at the chance to see him speak, but if I can get on my soapbox – why is this conference so myopically focused on InfoSec practicioners?  With all apologies to Raffy, we (as an industry) have no freaking *CLUE* how to go about creating useful information visualization.  Look at our SIEMs.  Look at our so-called GRC dashboards.  How many CISSPs do you know that have read Stephen Few?  Is Ben Fry in your RSS reader?

At the risk of repeating myself our (InfoSec) problems are just not that unique.  But we, as a community, continue to exhibit this bias that we’re this amazingly special discipline that nobody understands and the rest of the world has nothing to offer us. It’s like we’re IT’s version of emo teenagers.

Visualization Folks on Twitter in case you’re interested:

http://twitter.com/ia/

http://twitter.com/craigmod/
http://twitter.com/flowingdata

AND NOW – SOME LINKS

Does Minimalism Contribute to Security?

http://minima.al3x.net/post/27523216/By-avoiding-complexity-when-possible-and-containing

Wonderful quote there from Colin Percival.  The problem of striving for a minimal code base (esp. in web apps) is balancing the simple with the desire for a relatively rich user experience (Seriously? Cool AJAX effects do not lend themselves to “minimalism”).  It’s not trivial using a Total Quality Management “Kansei” process (understanding how the user uses software), but one can create a great application that also reduces the cost of maintenance.

Cyber-Government

http://www.govtrack.us/congress/billtext.xpd?bill=s111-773&version=is&nid=t0%3Ais%3A286

Hey, it’s the Senate introduced Cybersecurity Act of 2009 (S. 773).  Read it and weep!

The Cloud

http://cloudsecurity.org/2009/08/31/cloud-cartography-side-channel-attacks/

Craig Balding writes up his views on Cloud Security research paper (link to paper – http://people.csail.mit.edu/tromer/papers/cloudsec.pdf ).  It’s a great read if you’re interested in applied threat models.

Cool Post from Bejtlich

Extreme Asymmetry in Network Attack & Defense:
http://taosecurity.blogspot.com/2009/09/extreme-asymmetry-in-network-attack-and.html

Gunnar on an OWASP Podcast

http://www.owasp.org/download/jmanico/owasp_podcast_39.mp3

Recorded or in person, I’ve never found a conversation with Gunnar to not be insightful.

Innovation in Search and Artificial Intelligence:
http://machine-learning.blogspot.com/2009/09/innovation-in-search-and-artificial.html

You want the future of InfoSec?  It’s buried somewhere in there.  And Here ( http://entrepreneur.venturebeat.com/2009/08/14/probability-management-the-new-arithmetic-for-risk/).  Plus Game Theory.

One comment

Another twitter feed for security: @secviz

by Raffy on September 8, 2009 at 6:21 pm. Reply #

Leave your comment

Not published.

If you have one.