Previously, Russell wrote “Everybody complains about lack of information security research, but nobody does anything about it.” In that post, he argues for a model where Ideally, this program should be “idea capitalists”, knowing some people and ideas won’t payoff but others will be huge winners. One thing for sure — we shouldn’t focus this…Read More Everybody Should Be Doing Something about InfoSec Research
In addition, while traditional bank robbers are limited to the amount of money they can physically carry from the scene of the crime, cyber thieves have a seemingly limitless supply of accomplices to help them haul the loot, by hiring so-called money mules to carry the cash for them. I can’t help but notice one…Read More Krebs on Cyber vs Physical Crooks
http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf Thanks to big yellow for not making us register! Oh, and Adam thanks you for not using pie charts…Read More Symantec State of Security 2010 Report Out
Open Security Foundation – Advisory Board – Call for Nominations: The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer for an Advisory Board. The Advisory Board will provide insight and guidance when developing future…Read More Open Security Foundation Looking for Advisors
There have already been a ton of posts out there about the Verizon DBIR Supplement that came out yesterday, so I’m not going to dive into the details, but I wanted to highlight this quick discussion from twitter yesterday that really sums of the value of the supplement and similar reports: georgevhulme: I’m glad we…Read More Data Not Assertions
Threatlevel (aka 27B/6) reported yesterday that Richard Schaeffer, the NSA’s information assurance director testified to the Senate Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security on the issue of computer based attacks. If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could…Read More "80 Percent of Cyber Attacks Preventable"
Rob Lemos has a new article up on the MIT Technology Review, about some researchers from UC Santa Barbara who spent several months studying the Mebroot Botnet. They found some fascinating stuff and I’m looking forward to reading the paper when it’s finally published. While the vast majority of infected machines were Windows based (64%…Read More Botnet Research
So Dave Mortman wrote: I don’t disagree with Adam that we need raw data. He’s absolutely right that without it, you can’t test models. What I was trying to get at was that, even though I would absolutely love to have access to more raw data to test my own theories, it just isn’t realistic…Read More Models are Distracting
So awhile back, I posted the following to twitter: Thought of the Day: We don’t need to share raw data if we can share meta-data generated using uniform analytical methodologies. Adam, disagreed: @mortman You can’t test & refine models without raw data, & you can’t ask people with the same orientation to bring diverse perspectives.…Read More Meta-Data?
Over on his Guerilla CISO blog, Rybolov suggests that we ask the Data.gov folks for infosec data using their Suggest a data set page. It sounds like a good idea to me! I took his request and built on it. Rather than breaking the flow with quotes and edit marks, I’ll simply say the requests…Read More Notes to the Data People