All Stories

Graphical Integrity, Part I

The folks at the NY Times have put together a nifty interactive graphic that diagrams the various data breach cases that have been disclosed since January. It breaks down when each in...

In security, visualization, Nov 07, 2005

The Cybertrust Zotob Study: Read Between the Lines

Rudolph Araujo, a contributor to the securitymetric.org mailing list, forwarded on a link to a Red Herring article about a new Cybertrust study on the impact of the Zotob worm by Russ...

In security, Windows, research, Nov 01, 2005

Fun with Spam

Collecting Hamster Wheels of Pain is certainly a fun hobby. So is collecting the rather amusing e-mail addresses chosen by spammers to evade e-mail filters. Here are some good’uns fro...

In security, spam, metrics, Nov 01, 2005

Security Metrics: Scorecard Design

Author’s note: the chapter is not finished. It has some organizational and structural flaws that won’t be ironed out until later in the editing process. There are also some parts that...

In book, Oct 19, 2005

WARNING MESSAGE: YOUR SERVICES NEAR TO BE CLOSED.

I’m not a violent man. But I want the person who invented this spam subject line to be killed. Preferably by some method that is at once gruesome and medieval. Drawing in quarters wou...

In security, spam, Oct 13, 2005

Hamster Wheels of Pain

A while ago I wrote a blog post called Escaping the Hamster Wheel of Pain decrying the lather-rinse-repeat cycle that the security industry seems to be fixated on. Here are some hamst...

In security, humor, hamsters, Oct 13, 2005

A Picture is Worth 1,000 Words

We’ve had some interesting chatter on the securitymetrics mailing list today about sparklines: tiny, intense, word-size graphics. This is one of Edward Tufte’s latest confections. His...

In security, metrics, books, visualization, Sep 30, 2005

Information Security OCD

Just saw the Scorsese/DiCaprio film The Aviator for the first time. The film is remarkable not just for its lush cinematography, crisp writing and convincing special effects, but also...

In security, humor, Sep 25, 2005

The Symantec Threat Report: Read Between the Lines

Like many other people, I’ve downloaded and read the semi-annual Symantec Threat Report. I’ve always been a fan of this publication, which provides a level of texture, richness and de...

In security, vendor-bashing, Sep 22, 2005

Odds and Ends

At the risk of turning this into a link blog, here are two nifty articles that drifted across my field of view today: Google: Putting Crowd Wisdom to Work. Interesting article about ...

In security, big data, Sep 22, 2005