data

Previously, Russell wrote “Everybody complains about lack of information security research, but nobody does anything about it.” In that post, he argues for a model where Ideally, this program should be “idea capitalists”, knowing some people and ideas won’t payoff but others will be huge winners. One thing for sure — we shouldn’t focus this…

Read More Everybody Should Be Doing Something about InfoSec Research

In addition, while traditional bank robbers are limited to the amount of money they can physically carry from the scene of the crime, cyber thieves have a seemingly limitless supply of accomplices to help them haul the loot, by hiring so-called money mules to carry the cash for them. I can’t help but notice one…

Read More Krebs on Cyber vs Physical Crooks

Open Security Foundation – Advisory Board – Call for Nominations: The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer for an Advisory Board. The Advisory Board will provide insight and guidance when developing future…

Read More Open Security Foundation Looking for Advisors

Threatlevel (aka 27B/6) reported yesterday that Richard Schaeffer, the NSA’s information assurance director testified to the Senate Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security on the issue of computer based attacks. If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could…

Read More "80 Percent of Cyber Attacks Preventable"

Rob Lemos has a new article up on the MIT Technology Review, about some researchers from UC Santa Barbara who spent several months studying the Mebroot Botnet. They found some fascinating stuff and I’m looking forward to reading the paper when it’s finally published. While the vast majority of infected machines were Windows based (64%…

Read More Botnet Research

So Dave Mortman wrote: I don’t disagree with Adam that we need raw data. He’s absolutely right that without it, you can’t test models. What I was trying to get at was that, even though I would absolutely love to have access to more raw data to test my own theories, it just isn’t realistic…

Read More Models are Distracting

So awhile back, I posted the following to twitter: Thought of the Day: We don’t need to share raw data if we can share meta-data generated using uniform analytical methodologies. Adam, disagreed: @mortman You can’t test & refine models without raw data, & you can’t ask people with the same orientation to bring diverse perspectives.…

Read More Meta-Data?