Shostack + Friends Blog Archive

 

So cute!

There’s just something about skinny girls in pouffy skirts…and stormtrooper helmets. More at http://redandjonny.tumblr.com/

 

Bureaucracy in inaction

Back in September, a group of Czech artists called EPOS 257 camouflaged themselves as city-workers, went to the Palackeho square in Prague and installed a fence. The fence was left on the square with no apparent intent or explanation. At first, the city council didn’t know about it, and when there were told, they didn’t […]

 

Emergent Chaos has TSA "trolls," too

Over at We Won’t Fly, George Donnelly writes: I was about to delete an offensive comment on this blog – one of the very few we get – and thought, hmm, I wonder where this guy is posting from? Because, really, it is quite unusual for us to get nasty comments. Lo and behold, the […]

 

The Only Trust Models You'll Ever Need

Lately there has been quite a bit of noise about the concept of “trust” in information security.  This has always confused me, because I tend towards @bobblakley when he says: “trust is for suckers.” But security is keen on having trendy new memes, things to sell you, and I thought that I might as well […]

 

TSA News roundup

Act: Get this 2-page Passenger’s Rights Sheet: http://saizai.com/tsa_rights.pdf Outrage: “Gaping Holes in Airline Security: Loaded Gun Slips Past TSA Screeners” (Matthew Mosk, Angela Hill and Timothy Fleming, ABC News) “TSA + Police + JetBlue Conspire Against Peaceful Individual at JFK” (George Donnelly, WeWontFly.org) “TSA Lies Again Over Capture, Storage Of Body Scanner Images” (Steve Watson, […]

 

The Emergent Chaos of Facebook relationships

This is a fascinating visualization of 10MM Facebook Friends™ as described in Visualizing Friendships by Paul Butler. A couple of things jump out at me in this emergent look at geography. The first is that Canada is a figment of our imaginations. Sorry to my Canadian friends (at least the anglophones!) The second is that […]

 

Managing WordPress: How to stay informed?

We at the New School blog use WordPress with some plugins. Recently, Alex brought up the question of how we manage to stay up to date. It doesn’t seem that WordPress has a security announcements list, nor do any of our plugins. So I asked Twitter “What’s the best way to track security updates for […]

 

Armoring the Bombers that Came Back

Paul Kedrosky writes: Most of us have heard the story of armoring British bombers, as it’s too good not to share, not to mention being straight from the David Brent school of management motivation. Here is the Wikipedia version: Bomber Command’s Operational Research Section (BC-ORS), analysed a report of a survey carried out by RAF […]

 

Nate Silver in the NYT: A Bayesian Look at Assange

From The Fine Article: Under these circumstances, then, it becomes more likely that the charges are indeed weak (or false) ones made to seem as though they are strong. Conversely, if there were no political motivation, then the merits of the charges would be more closely related to authorities’ zealousness in pursing them, and we […]

 

Can't measure love

But you can still evaluate the quality of the effort Likewise, there’s a lot that you can’t measure about security and risk, but you can still infer something from how the effort is pursued.

 

TSA News roundup

Intrusiveness and outrage: “Homeland Security Is Also Monitoring Your Tweets” “‘Baywatch’ Beauty Feels Overexposed After TSA Scan” (David Moye, AOLnews) “the agent responded, ‘Because you caught my eye, and they’ — pointing to the other passengers — ‘didn’t.’” “POLICE STATE – TSA, Homeland Security & Tampa Police Set Up Nazi Checkpoints At Bus Stations ” […]

 

"Proof" that E-Passports Lead to ID Theft

A couple of things caught Stuart Schechter’s eye about the spam to which this image was attached, but what jumped out at me was the name on the criminal’s passport: Frank Moss, former deputy assistant secretary of state for passport services, now of Identity Matters, LLC. And poor Frank was working so hard to claim […]

 

Lazy Sunday, Lazy Linking

Hey, remember when blogging was new and people would sometimes post links instead of making “the $variable Daily” out of tweets?  Well even though I’m newschool with the security doesn’t mean I can’t kick it oldschool every so often.  So here are some links I thought you might enjoy, probably worth discussion and review even […]

 

The TSA’s Approach to Threat Modeling

“I understand people’s frustrations, and what I’ve said to the TSA is that you have to constantly refine and measure whether what we’re doing is the only way to assure the American people’s safety. And you also have to think through are there other ways of doing it that are less intrusive,” Obama said. “But […]

 

The 1st Software And Usable Security Aligned for Good Engineering (SAUSAGE) Workshop

National Institute of Standards and Technology Gaithersburg, MD USA April 5-6, 2011 Call for Participation The field of usable security has gained significant traction in recent years, evidenced by the annual presentation of usability papers at the top security conferences, and security papers at the top human-computer interaction (HCI) conferences. Evidence is growing that significant […]

 

The 1st Software And Usable Security Aligned for Good Engineering (SAUSAGE) Workshop

National Institute of Standards and Technology Gaithersburg, MD USA April 5-6, 2011 Call for Participation The field of usable security has gained significant traction in recent years, evidenced by the annual presentation of usability papers at the top security conferences, and security papers at the top human-computer interaction (HCI) conferences. Evidence is growing that significant […]

 

District 9

I really enjoyed District 9. Thought I understood some of it. But that was before I read “becoming the alien: apartheid, racism and district 9” by Andries du Toit. Now I need to watch the movie again.

 

Estimating spammer's technical capabilities and pathways of innovation

I’d like some feedback on my data analysis, below, from anyone who is an expert on spam or anti-spam technologies. I’ve analyzed data from John Graham-Cumming’s “Spammers’ Compendium” to estimate the technical capabilities of spammers and the evolution path of innovations.

 

Repeal Day Rant

Rachel Tayse over at Hounds In The Kitchen, has an awesome Repeal Day Rant on why repeal day isn’t as good as it sounds. Yet again I feel a lot less free.

 
 

Risk & Metrics Interview over Twitter Today at 3pm EST

HEY! – At 3pm today Alex (@alexhutton) will be doing an interview over the twitters with Dark Reading’s (@DarkReading) Kelly Jackson Higgins  (@kjhiggins). Follow along with the hashtag #verizonDR! We’ll be talking risk, metrics, data, – you know, the new school-y stuff.