Category Archives: Security

Visualizing Numbers

I often use metrics in security, and I am always trying to find ways to represent the numbers in a compelling/meaningful style.

Chris Jordan has taken this challenge to heart and created a stunning, if only a bit cheesy, online exhibit called “Running the Numbers: An American Self-Porait“:

This new series looks at contemporary American culture through the austere lens of statistics. Each image portrays a specific quantity of something: fifteen million sheets of office paper (five minutes of paper use); 106,000 aluminum cans (thirty seconds of can consumption) and so on. My hope is that images representing these quantities might have a different effect than the raw numbers alone, such as we find daily in articles and books. Statistics can feel abstract and anesthetizing, making it difficult to connect with and make meaning of 3.6 million SUV sales in one year, for example, or 2.3 million Americans in prison, or 426,000 cell phones retired every day. This project visually examines these vast and bizarre measures of our society, in large intricately detailed prints assembled from thousands of smaller photographs.

Have to think about how to incorporate these ideas of visual representation into security awareness such as slogans and posters. How would you depict the number of blocked connections, or brute-force attempts, on your systems?

Incidentally, this project reminds me that people rarely notice large amounts of similar/smaller sets of data, but magnitude relative to themselves has an impact. I expect someone to say they are impressed when standing at the base of Everest because of the overall size of the mountain compared to their own height/mass and not because of numbers of accumulated snowflakes, dirt, etc.. So Jordan’s exhibit should do well if he uses a really, really, really large format to convey the message.

America 16th in Internet rankings

Phone and cable company control over Internet access in the United States has led the country to fall all the way to 16th in the world in high-speed Internet growth rankings. If you live in the US, you now have limited choices with the highest prices for the slowest speeds in the world, with no privacy.

It is within that context that the FCC appears poised to make another giant blunder and hand over a broadcast spectrum to the asleep-at-the-wheel incumbents. Such a move threatens to hamper economic growth of the country’s Internet relevance by stifling competition in the critical new wireless Internet space.

Consumer Affairs reports that a coalition has formed to help the country:

In a series of three filings with the FCC, the six-member Save Our Spectrum coalition said the Commission should structure the auction of the spectrum, and the service offered over it, so that the service will be operated in a non-discriminatory manner, under an open access structure following auction rules that will allow for greater participation than simply the incumbents.

[…]

In the proposed auction rules, a filing coordinated by the Media Access Project, the coalition recommended the Commission offer the new spectrum at the wholesale level, and should “either prohibit wireline and large wireless incumbents from bidding, or require them to bid through structurally separate affiliates.”

Will they succeed? It is interesting how regulation is sometimes necessary to preserve an open market and encourage growth, but who knows what might be on the mind of those in charge of regulation. Will someone in the Bush administration claim that innovation in the wireless space by non-incumbents poses a threat to national security?

Senator Boxer’s Floor Speech on the Emergency Spending Bill

May 24, 2007

In March and in April I voted for emergency spending legislation that would have fully funded our troops in Iraq, but also changed their mission to a sound one. That mission would have taken our troops out of the middle of a civil war, and put them into a support role, training Iraqi soldiers and police, fighting al Qaeda, and protecting our troops.

The President will not agree to that.

As a matter of fact, the President won’t agree to any change in strategy in Iraq, and that is more than a shame for the American people; it is a tragedy.

It doesn’t seem to matter how many Americans die in Iraq, how many funerals we have here at home, or what the American people think. The President won’t budge.

This new bill on Iraq keeps the status quo. With a few frills around the outside, a few reports, a few words about benchmarks. While our troops die.

I understand why this particular legislation is before us today. It’s because this President wants to continue his one man show in Iraq. The President doesn’t respect this Congress or the American people when it comes to Iraq. He wants to brush us all off like some annoying spot on his jacket.

We have lost 3,427 American soldiers in Iraq. Of those, 731 (21%) have been from California or based in California. There are 25,549 American soldiers wounded.

And today, after several days of worrying and praying, we received the tragic news of the death of Private Joseph J. Anzack JR., 20 years old, of Torrance, California, who was abducted during a deadly ambush south of Baghdad almost two weeks ago.

One member of his platoon, Spc. Daniel Seitz, summed it up this way to the Associated Press: “It just angers me that it’s just another friend I’ve got to lose and deal with, because I’ve already lost 13 friends since I’ve been here, and I don’t know if I can take any more of this.”

And he shouldn’t have to. But with this bill, he will.

The first half of this year has already been deadlier than any six-month period since the war began more than four years ago.

In this month alone, 83 U.S. Service members have already been killed in Iraq.

Let me be clear, there are many things in this bill that I strongly support–many provisions that I actually fought for, for our troops, for our veterans, for our farmers, and for the victims of Hurricane Katrina–but I must take a stand against this Iraq war, and therefore I will vote no on this emergency spending bill.

US mortgage crisis

Control failures in terms of the housing market, reported in Reuters:

Critics of the system argue scores are full of errors and dangerous to use alone. They also are easy to manipulate. A cottage industry has thrived helping prospective borrowers raise their scores without changing their underlying ability to repay a mortgage.

“There are fundamental flaws in the system because people can manipulate characteristics to get the FICO score they would like to see,” said Kevin Jackson, a strategist who follows mortgages at RBC Capital Markets in New York. The system can be played “to come up with the kind of mortgage for people who really couldn’t afford a house.”

Point of trivia, I used to play in a band with one of the authors of the article.

Another point of trivia, I was recently talking with a seasoned computer security professional who said “I have no sympathy for those people who signed up for high risk mortgages. They knew the risks and now they must pay the price.”

If only it were true. The fact is actually that the “risk” is not only obscure, but seems to have been actively manipulated by those who intended to shift all liability to the less fortunate with little/no concern for macro stability/impact.

I don’t believe regulation in innately good, but I also don’t believe that babies should be taken from their mother, dropped on a street corner and left to fend for themselves to prove the benefits of a free-market. A certain amount of guidance and care to ensure a stable family, or even society, is not a bad thing.

Those who want an absence of regulation are often the same ones who (believe they) are the ones most likely to profit from it while avoiding the costs, so conflict-of-interest issues must always be minded.