Over the summer, Adam and I were talking and I said that I’d like a place to do some personal blogging as opposed to things I normally do, which are targeted at one place or another. I’d like to be able to blither about security, but also about whatever. Photography, cooking, you know, things that…Read More Test post
Evan Francen is maintaining a breach blog with more structure and commentary than either PogoWasRight or Attrition. As I looked at it, I had a couple of thoughts. The first is that he doesn’t reference Attrition DLDOS numbers. (Then again, Pogo doesn’t either.) I think this is a mistake. When we founded CVE, it was…Read More New breach blog
My co-workers in SWI have a new blog up, “Security Vulnerability Research & Defense.” They’re planning to…well, I’ll let them speak for themselves: …share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities… The two posts below are examples of the type of…Read More "Security Vulnerability Research & Defense"
My team at work announced the launch of “The Security Development Lifecycle” blog today. After the intro post, Michael Howard leads off with “Lessons Learned from the Animated Cursor Security Bug.” I’m pretty excited. We’re focused on transparency around what we’re learning as we continue to develop the SDL.Read More Announcing…The Security Development Lifecycle Blog
My friend Austin Hill has a new blog, Billions With Zero Knowledge. He’s got a really good post up “Crowdsourcing or Community Production – An Interview with Hugh McGuire from Librivox.” What’s most interesting to me is how new companies are trying to tap into customer enthusiasm to build not only value for their customers,…Read More How to Treat Customers
I’ve come across some blogs I find interesting. Maybe others will, too. Statistical Modeling, Causal Inference, and Social Science Weblog of a Syrian Diplomat in America Decision Science News Social Science Data and Software (SSDS) Blog SecuritySauce (Marty “Snort” Roesch’s blog) Plus, a special bonus non-blog: UCSB’s Cylinder Preservation and Digitization ProjectRead More Blog finds
Barry Ritholz, an NYC hedge fund manager, blogs about a WSJ story. The gist: On Sept. 21, 2001, rescuers dug through the smoldering remains of the World Trade Center. Across town, families buried two firefighters found a week earlier. At Fort Drum, on the edge of New York’s Adirondacks, soldiers readied for deployment halfway across…Read More In every dream home, a heartache
“Official blog of the Metasploit Project.” Either you know who Metasploit is, in which case you’ve already clicked through, or you’re unlikely to understand their subject matter. PS to Vinnie: Where’s the Smallpox-making post?Read More Metasploit blogging
In a post titled “self-evidently wrong post title” “Blog Posts Do Not Include The Words ‘dizzying array of talent,’” Tom Ptacek points out that Arbor Networks has a blog. Jose Nazario’s “The Market-Driven (Vulnerability) Economy” post is pretty good. However, I think we need video of Dug Song reading this text, which in “News Flash:…Read More "Security To The Core"
Light blue touchpaper is a new web log written by researchers in the Security Group at the University of Cambridge Computer Laboratory. You should read it. As for the headline, zombies eat brains. There’s plenty of ’em [edited to add: brains, that is!!] in close proximity in Ross Anderson’s group. ’nuff said.Read More Risk aggregation and the living dead