All Stories
Making the wrong development choices
I hate to be a curmudgeon about this, but this fellow needs a beat-down:Fixing AJAX: XmlHttpRequest Considered HarmfulI offer this as exhibit A (as in AJAX) about why application secu...
In applications, security, web security, Nov 09, 2005Graphical Integrity, Part I
The folks at the NY Times have put together a nifty interactive graphic that diagrams the various data breach cases that have been disclosed since January. It breaks down when each in...
In security, visualization, Nov 07, 2005The Cybertrust Zotob Study: Read Between the Lines
Rudolph Araujo, a contributor to the securitymetric.org mailing list, forwarded on a link to a Red Herring article about a new Cybertrust study on the impact of the Zotob worm by Russ...
In security, Windows, research, Nov 01, 2005Fun with Spam
Collecting Hamster Wheels of Pain is certainly a fun hobby. So is collecting the rather amusing e-mail addresses chosen by spammers to evade e-mail filters. Here are some good’uns fro...
In security, spam, metrics, Nov 01, 2005Security Metrics: Scorecard Design
Author’s note: the chapter is not finished. It has some organizational and structural flaws that won’t be ironed out until later in the editing process. There are also some parts that...
In book, Oct 19, 2005
WARNING MESSAGE: YOUR SERVICES NEAR TO BE CLOSED.
I’m not a violent man. But I want the person who invented this spam subject line to be killed. Preferably by some method that is at once gruesome and medieval. Drawing in quarters wou...
In security, spam, Oct 13, 2005Hamster Wheels of Pain
A while ago I wrote a blog post called Escaping the Hamster Wheel of Pain decrying the lather-rinse-repeat cycle that the security industry seems to be fixated on. Here are some hamst...
In security, humor, hamsters, Oct 13, 2005A Picture is Worth 1,000 Words
We’ve had some interesting chatter on the securitymetrics mailing list today about sparklines: tiny, intense, word-size graphics. This is one of Edward Tufte’s latest confections. His...
In security, metrics, books, visualization, Sep 30, 2005
Information Security OCD
Just saw the Scorsese/DiCaprio film The Aviator for the first time. The film is remarkable not just for its lush cinematography, crisp writing and convincing special effects, but also...
In security, humor, Sep 25, 2005The Symantec Threat Report: Read Between the Lines
Like many other people, I’ve downloaded and read the semi-annual Symantec Threat Report. I’ve always been a fan of this publication, which provides a level of texture, richness and de...
In security, vendor-bashing, Sep 22, 2005Featured
-
SRE Metrics and Security Measurement
In metrics, -
Five Things the Last Decade Taught Me About Security Metrics
In metricon, -
The Twenty-Year War on Cybercrime
In security, risk, big data, -
Review of Stephen Few’s “Information Dashboard Design, Second Edition”
In visualization, -
Cybersecurity for Machine-to-Machine (M2M) Networks
In security, -
“Everything was green. Mulally thought that was odd for a company losing billions.”
In strategy, leadership, -
Escaping the Hamster Wheel of Pain
In security, hamsters, books,