Shostack + Friends Blog Archive

 

Diagrams in Threat Modeling

When I think about how to threat model well, one of the elements that is most important is how much people need to keep in their heads, the cognitive load if you will. In reading Charlie Stross’s blog post, “Writer, Interrupted” this paragraph really jumped out at me: One thing that coding and writing fiction […]

 

A Mini-Review of "The Practice of Network Security Monitoring"

Recently the kind folks at No Starch Press sent me a review copy of Rich Bejtlich’s newest book The Practice of Network Security Monitoring and I can’t recommend it enough. It is well worth reading from a theory perspective, but where it really shines is digging into the nuts and bolts of building an NSM […]

 

Emergent Map: Streets of the US

This is really cool. All Streets is a map of the United States made of nothing but roads. A surprisingly accurate map of the country emerges from the chaos of our roads: All Streets consists of 240 million individual road segments. No other features — no outlines, cities, or types of terrain — are marked, […]

 

Map of Where Tourists Take Pictures

Eric Fischer is doing work on comparing locals and tourists and where they photograph based on big Flickr data. It’s fascinating to try to identify cities from the thumbnails in his “Locals and Tourists” set. (I admit, I got very few right, either from “one at a time” or by looking for cities I know.) […]

 
 
 

Happy Banned Books Week!

Quoting Michael Zimmer: [Yesterday was] the start of Banned Books Week 2009, the 28th annual celebration of the freedom to choose what we read, as well as the freedom to select from a full array of possibilities. Hundreds of books are challenged in schools and libraries in the United States each year. Here’s a great […]

 

The Art of Mathematics

Paul Nylander has some amazingly beautiful mathematical constructs which he’s ray-tracing. Via Aleks Jakulin.

 

Just Landed in…

Just Landed: Processing, Twitter, MetaCarta & Hidden Data: This got me thinking about the data that is hidden in various social network information streams – Facebook & Twitter updates in particular. People share a lot of information in their tweets – some of it shared intentionally, and some of it which could be uncovered with […]

 

My Wolfram Alpha Demo

I got the opportunity a couple days ago to get a demo of Wolfram Alpha from Stephen Wolfram himself. It’s an impressive thing, and I can sympathize a bit with them on the overblown publicity. Wolfram said that they didn’t expect the press reaction, which I both empathize with and cast a raised eyebrow at. […]

 

Seattle Tech Universe

The Washington Technology Industry Association has released a very cool map of the Puget Sound Tech Universe. Here’s an excerpt:

 

Applied Security Visualization

Our publisher sent me a copy of Raffael Marty‘s Applied Security Visualization. This book is absolutely worth getting if you’re designing information visualizations. The first and third chapters are a great short intro into how to construct information visualization, and by themselves are probably worth the price of the book. They’re useful far beyond security. […]

 

Congratulations to Raffy!

His book, Applied Security Visualization, is now out: Last Tuesday when I arrived at BlackHat, I walked straight up to the book store. And there it was! I held it in my hands for the first time. I have to say, it was a really emotional moment. Seeing the product of 1.5 years of work […]

 

Visualizing Risk

I really like this picture from Jack Jones, “Communicating about risk – part 2:” Using frequency, we can account for events that occur many times within the defined timeframe as well as those that occur fewer than once in the timeframe (e.g., .01 times per year, or once in one hundred years). Of course, this […]

 

Reporting on Data Breaches: US and Great Britain

Is the recent wave of reporting on British data breaches similar to what we’ve been seeing in the US? A couple of things seem true: the US has way more reported breaches per capita, but both locations have seen greatly accelerated reporting. Here’s a plot of all US (Country = ‘US’) and British (Country = […]

 

The Visual Display of Quantitative Lawsuits

So the Boston Globe has this chart of who’s suing whom over failures in the “Big Dig:” (Click for a bigger version) What I find most fascinating is that it’s both pretty and pretty useless. Since just about everyone is suing everyone else, what would be perhaps more interesting is a representation of who’s not […]

 

The Two Minute Rule for Email and Slides?

So I’ve been discomfited by the thoughts expressed by Tom Ptacek and the Juice Analytics guys over what presentations are for, and a post over at Eric Mack’s blog, “A New Two Minute Rule for Email.” The thing that annoys me is the implicit assumption that all issues should be broken down into two minute […]

 

A Picture (or Three) Is Worth A Thousand Words

Iang over at Financial Cryptography talks about the importance of not just which cryptographic algorithm to use, but which mode it is implemented with. He uses three pictures from Mark Pustilnik’s paper “Documenting And Evaluating The Security Guarantees Of Your Apps” that are such a great illustration of the problem, that I have to include […]

 

Periodic Spiral

The periodic table is under-appreciated as a design masterpiece, and as an iconic representation of science. The table works as a taxonomy, showing someone who knows how to read it a great deal of information about the elements based on their arrangement in space. So it’s pretty audacious to come out with a re-design: The […]