The Only Trust Models You’ll Ever Need

by alex on December 23, 2010

Lately there has been quite a bit of noise about the concept of “trust” in information security.  This has always confused me, because I tend towards @bobblakley when he says: “trust is for suckers.” But security is keen on having (…)

Read the rest of this entry »

Managing WordPress: How to stay informed?

by adam on December 21, 2010

We at the New School blog use WordPress with some plugins. Recently, Alex brought up the question of how we manage to stay up to date. It doesn’t seem that WordPress has a security announcements list, nor do any of (…)

Read the rest of this entry »

Armoring the Bombers that Came Back

by adam on December 20, 2010

Paul Kedrosky writes: Most of us have heard the story of armoring British bombers, as it’s too good not to share, not to mention being straight from the David Brent school of management motivation. Here is the Wikipedia version: Bomber (…)

Read the rest of this entry »

Nate Silver in the NYT: A Bayesian Look at Assange

by alex on December 15, 2010

From The Fine Article: Under these circumstances, then, it becomes more likely that the charges are indeed weak (or false) ones made to seem as though they are strong. Conversely, if there were no political motivation, then the merits of (…)

Read the rest of this entry »

Can’t measure love

by Chandler on December 14, 2010

But you can still evaluate the quality of the effort Likewise, there’s a lot that you can’t measure about security and risk, but you can still infer something from how the effort is pursued.

Lazy Sunday, Lazy Linking

by alex on December 12, 2010

Hey, remember when blogging was new and people would sometimes post links instead of making “the $variable Daily” out of tweets?  Well even though I’m newschool with the security doesn’t mean I can’t kick it oldschool every so often.  So (…)

Read the rest of this entry »

The 1st Software And Usable Security Aligned for Good Engineering (SAUSAGE) Workshop

by adam on December 8, 2010

National Institute of Standards and Technology Gaithersburg, MD USA April 5-6, 2011 Call for Participation The field of usable security has gained significant traction in recent years, evidenced by the annual presentation of usability papers at the top security conferences, (…)

Read the rest of this entry »

Estimating spammer’s technical capabilities and pathways of innovation

by Russell on December 6, 2010

I’d like some feedback on my data analysis, below, from anyone who is an expert on spam or anti-spam technologies. I’ve analyzed data from John Graham-Cumming’s “Spammers’ Compendium” to estimate the technical capabilities of spammers and the evolution path of innovations.

How to become a thought leader

by adam on December 3, 2010

Thanks to Chris Eng for making this!

Risk & Metrics Interview over Twitter Today at 3pm EST

by alex on December 1, 2010

HEY! – At 3pm today Alex (@alexhutton) will be doing an interview over the twitters with Dark Reading’s (@DarkReading) Kelly Jackson Higgins  (@kjhiggins). Follow along with the hashtag #verizonDR! We’ll be talking risk, metrics, data, – you know, the new school-y stuff.