Shostack + Friends Blog Archive

 

Elevation of Privilege news

I wanted to let people know that Microsoft is making the source files for the Elevation of Privilege game available. They are Adobe Illustrator and InDesign files, and are now on the EoP download site. They’re the 85mb of zipped goodness. They can be used under the same Creative Commons Attribution 3.0 US license under […]

 

Lazy Sunday, Lazy Linking

Hey, remember when blogging was new and people would sometimes post links instead of making “the $variable Daily” out of tweets?  Well even though I’m newschool with the security doesn’t mean I can’t kick it oldschool every so often.  So here are some links I thought you might enjoy, probably worth discussion and review even […]

 

Doing threat intelligence right

To improve threat intelligence, it’s most important to address the flaws in how we interpret and use the intelligence that we already gather. Intelligence analysts are human beings, and many of their failures follow from intuitive ways of thinking that, while allowing the human mind to cut through reams of confusing information, often end up misleading us.

 

All in the Presentation

America’s Finest News Source teaches an excellent lesson on how to spin data: Labor Dept: Available Labor Rate Increases To 10.2% WASHINGTON—In what is being touted by the Labor Department as extremely positive news, the nation’s available labor rate has reached double digits for the first time in 26 years, bringing the total number of […]

 

You've Got To Move It Move It

Josh Corman had an awesome post over on Fudsec on Friday. It’s so awesomely appropriate to this blog, that I’m sharing it with you. My only complaint is that I wish that I had written instead. Go read it right now.

 

Links To Interesting Stuff

I have a ton of tabs open in Firefox about stuff I thought would be some sweet newschool-esque reading for everybody out there. 1.) Threat and Risk Mapping Analysis in Sudan Not really about measurement and progress, but a fascinating look at “physical risk management” nonetheless: http://irevolution.wordpress.com/2009/04/09/threat-and-risk-mapping-analysis-in-sudan/ 2.)  I thought Gunnar did a great job […]