January 2010
12 posts
2 tags
Perl has made me fat and happy
I’ve found that I have trouble learning other languages. I start a project to learn another language and out of necessity it has to be simple. But once I start on it I quickly start thinking about how much easier and faster I could get it done in perl.
December 2009
6 posts
1 tag
Context-free Abstract Security Scale
crunge: I would like to propose a metric for security - the context-free abstract security scale. Its unit will be the Mitnik. It is a logarithmic scale based on the natural log so something rated at 8 Mitniks is about 2.7183 times as secure as something rated at 7 Mitniks.
radsy: seems fair
adam_vollrath: there are a few metrics out there, government certification of platforms and junk like that
crunge: So when someone asks "How secure is OpenBSD out of the box?" you can answer with confidence, "11.8 Mitniks".
adam_vollrath: sounds dangerously misleading. and funny, i assume you're being funny
crunge: But this is abstract, and context-free so anything can be compared against anything else.
crunge: to be able to compare anything to anything else you need a measure with no inherent meaning. Meaning really screws up graphs.
crunge: It'll revolutionize the industry
tonymec: crunge: this scale would have to evolve, as today's stuff is a lot more secure (hopefully) than what was used X decades ago. However log(1) is 0 in any log base, so "normal" security would have to be kept at 0 mitniks, pushing yesterday's stuff, if it doesn't change, farther and farther into the negative, like identical answers to an IQ test give you a far worse score than they did your parents a generation ago.
crunge: Can you imagine the value to Pen Testers? They can walk in, sum up the Mitniks based on their evaluation and then itemize the gain in Mitniks based on implementing their recommendations
crunge: and IT managers can plot growth in Mitniks as policies are implemented. You'd be able to quantify ROI on buying that new IPS
crunge: tonymec: even better. It would be based on the average which would of course be determined by the Pen Testers. I smell a business model paradigm shift.
adam_vollrath: now you just need to create synergy between stakeholders
crunge: adam_vollrath: oh yeah, and crowdsource it.
1 tag
I Won a Naming Contest →
Kooky, I didn’t realize it until Frank got an email to me today. Word, I dig champagne.
Those who deal with security on a regular basis should take a look at Seccubus. It’s one thing to do a scan today and know about the vulnerabilities on your network today, but wouldn’t you like to know about a new potential risk as soon as possible?
1 tag
Way to Protect Me Wamu/Chase/Whoever
So I get a notice saying my ISP failed to charge my CC on file. I go to check it out and the number they have on file is for a card that is supposed to be dead, it was replaced when the mag stripe wore out, maybe a year ago.
Both cards have apparently been active this last year.
2 tags
Noxious Cloud Computing
Ah, buzzwords. I generally dismiss them because they don’t really mean much and I should probably just dismiss Cloud Computing but I can’t. The term makes me angry. That might sound silly but I think it’s justified. Web 2.0, AJAX, and Long Tail are also buzzwords but they don’t make me angry. When people try to put those buzzwords into practice it’s really no big...
1 tag
Rode 11 Miles
Needed to get my car serviced but still go to work. Didn’t want to ask anyone to drive me there and back. Luckily the auto shop is only 5.5 miles from work so I threw my bike in the back of my car, drove to the shop, then rode to work.
All told, 11 miles today with some hills on the way back. I tried to just push harder instead of downshifting and was successful some of the time. I’m...