A while ago I wrote a blog post called Escaping the Hamster Wheel of Pain decrying the lather-rinse-repeat cycle that the security industry seems to be fixated on.
Perspective
Posts ∙ 63 posts
Posts
We’ve had some interesting chatter on the securitymetrics mailing list today about sparklines: tiny, intense, word-size graphics. This is one of Edward Tufte’s latest confections. His formal definition is here.
At the risk of turning this into a link blog, here are two nifty articles that drifted across my field of view today:
Google: Putting Crowd Wisdom to Work.
Like many other people, I’ve downloaded and read the semi-annual Symantec Threat Report. I’ve always been a fan of this publication, which provides a level of texture, richness and depth about malware and threat trends that isn’t easy to get anywhere else. Symantec understands they’ve got an exploitable asset—their DeepSight sensor network—and they’re flogging it for all it’s worth. Good on ’em.
There’s been plenty of ink spilled in the press (e.g., Computerworld, El Reg ) about what the latest report means. Controversies and headlines abound: is Firefox really less secure than IE? Are Mac users living in a “false paradise” as the report claims? Are botnets running the universe?
All of these are important questions, and the report gives information on all of them. I recommend you read the report for yourself, and reach your own conclusions. That said, I find the report more interesting for what it doesn’t say. Reading between the lines is the best way to read the Symantec Threat Report.
Have you been following Microsoft’s plans for IE7? I have, and a blog post I read about their anti-phishing plans just about made me spit out my coffee.
Webroot has lately been producing a series of quarterly statistics on infection rates for four types of badness:
Adware Trojan horses—botnet software falls into this category System monitors—includes key loggers Tracking cookies Now, one could certainly raise objections about selection bias.