August 2007
95 posts
alexhutton: (the truck was doing 75/55 - didn’t get a ticket) (via Twitter / alexhutton)
alexhutton: @Beaker: I had all these priors telling me the cops sit where they were sitting, and I ignored them to get around an oversized truck (via Twitter / alexhutton)
alexhutton: I have to go fax proof of insurance for a speeding ticket (82/65) (via Twitter / alexhutton)
Ruby, Rails, and Risk
James McGovern has a post up on “The Insecurity of Ruby on Rails…“. He brings up some great points:
Java has the notion of a security manager where folks can specify what types of code can be allowed to execute. Ruby currently has no such notion. While I know this is under development, one needs to ask whether using Ruby without one is a security risk?
He also notes the lack of tools like...
alexhutton: Wheee!!! I’m in a consortium! (via Twitter / alexhutton)
From one InfoSec Blog on Risk:
” For a start, we have too much of a techie-geek outlook and we are not well educated in statistical methods.”
“I have nothing against opinions about risks, what I do object to is trying to make opinions into solid numbers….
Lets face it, most people don’t understand statistics.”
And apparently most techie-geek infosec people...
Qualitative and Quantitative
Pete’s got some interesting stuff over at his blog on qualitative vs. quantitative analysis From his post:
Numbers provide a level of clarity and precision that you can’t get with qualitative approaches, and they are at least as accurate. This is an important point: with quantitative approaches, you cannot do any worse than you are doing today in your risk assessment, and, given the numerous...
Training’s Over, Back to Our Regularly Scheduled...
Training is a lot of hard work in preparation. But sitting there yesterday, going over scenarios in FAIR with the group, it was worth all the work just watching folks “get it” - to borrow a phrase from one of the attendees:
So yesterday I attended a training session put on by Risk Management Insight (blog) and put a lot of pieces together. These guys simply just get it. I have worked on and...
Alex Hutton: Back from Training, catching up on blogging and SOWs and such (via Twitter / Alex Hutton)
RE: The Tao of Risk: A More Concise Thought Over...
More Response
I believe Richard’s criticisms stem from the following:
He is Uncomfortable with Bayesian methods. This is the whole “guess” vs. “prior information” thing. Now there’s nothing I’m going to be able to do here online to convince Richard that Bayesian approaches are valid. However, I think it’s really encouraging that in his criticism of FAIR he automatically starts searching for...
A Brief Response to Tao-ism
Richard’s blog isn’t letting me post a response in comments right now, so I’ll post it here, briefly:
Hi Richard,
I, too am teaching a class for the next two days, so this is not the most conv. time to for a ‘blog-in’.
Two things to note before I’m able to develop a more comprehensive answer:
1.) The white paper is 70 pages as it sits, the example given is, just that, an example - a teaser. ...
Watch
Alex Hutton: @daveseah: are you down? (via Twitter / Alex Hutton)
Alex Hutton: TOP CHEF, TOP CHEF, TOP CHEF on TiVo (via Twitter / Alex Hutton)
Alex Hutton: @daveseah: Did you buy one? (via Twitter / Alex Hutton)
Chris Jordan: Plastic Bottles, 2007 (Monoscope) →
An amazing visualization.
Alex Hutton: @beaker: http://tinyurl.com/ytmzc4 (via Twitter / Alex Hutton)
Alex Hutton: @beaker: acer x221w (via Twitter / Alex Hutton)
Alex Hutton: @beaker: Aliens are refusing to make first contact because of that video, I know it… (via Twitter / Alex Hutton)
Alex Hutton: http://tinyurl.com/ynoxas (via Twitter / Alex Hutton)
Alex Hutton: Yes it’s compatible with boths (via Twitter / Alex Hutton)
Alex Hutton: @davidseah: just bought an acer 22” widescreen for $250 (via Twitter / Alex Hutton)
Alex Hutton: @davidseah: Just bought an Acer 22” widescreen for $250 (no mail in rebates!) Awesome deal. Got it at Microcenter, but you can find i … (via Twitter / Alex Hutton)
CoolTown Studios: Growing small businesses with... →
Why Do Businesses Buy Insurance?
I found this on the excellent Overcoming Bias weblog:
“Why do corporations by insurance for fire damage and such? It seems to me that maybe the oughtn’t, since the cost of insurance is greater than the expected payouts (due to administrative costs, asymmetric information, moral hazards etc). Investors should presumably prefer corporations to be pure bets, and reduce risk and volatility by...
Security MBA
Hey,
For those readers in Central Ohio, just a reminder that the Information Security MBA is today @ 4:30 at The Elevator Brewery and Pub on N. High.
Topics:
1) WA & BC chipping licenses 2) iPhone - meh?
3) Wikipedia Scanner - is your company on the list?
4) Your topic here
5) Security MBA Scholarship Program CFP Opens
6) ChaoticBox Project 7) Antiforensics
(via RiskAnalys.is)
Alex Hutton: I need Monte Carlo, though (via Twitter / Alex Hutton)
Alex Hutton: Apple’s new Numbers isn’t half bad (via Twitter / Alex Hutton)
Patch Tuesday DDOS’ed Skype?
From TechCrunch:
According to Skype the outage was caused by “a massive restart of our user’s computers across the globe within a very short timeframe as they re-booted after receiving a routine software update” which The Register points out was Microsoft’s monthly patch Tuesday.
Apparently Skype had expected (and previously survived) such an event - but a software glitch on their part got to...
Slashdot | PC Magazine Editor Throws in the Towel... →
That’s kind of messed up.
Breach Impacts
TJX costs somewhere south of $300 million (not $4.5 billion, apparently) and Verus going out of business due to breaches means it might be a good time to review our priors and risk.
Large public B2C companies don’t seem to be as “worst case” as we thought (or as some would like).
B2B plays, esp. small niche players, are almost certain to be significantly impacted.
It is always good to do...
Alex Hutton: @alexmuffet: What? Am I jealous of you now? Did you just buy those? (via Twitter / Alex Hutton)
Alex Hutton: sufing, surfing, putting kids to bed (via Twitter / Alex Hutton)