statistics

DefCon 19, Day 1

Having finished with BlackHat, I checked out of the Flamingo and moved to DefCon’s new location this year, the Rio. This was an enormous upgrade from the Riviera, the previous location. For one, the conference center is nearly 50% bigger, and it’s beautiful. Traffic flow was greatly improved, despite record attendance (~12,000, from estimates I’ve […]

industry, physical security, privacy, risk, society, statistics, terrorism

The Black Hat Tax

Auren Hoffman at Summation has an interesting post on the “black hat tax.”  Essentially, how much do hackers and other online criminals actually cost us?  He estimates it at 25% of time and resources, after taking into account not just hackers but also scammers, phishers, and responding to law enforcement requests.  According to James Currier […]

industry, risk, statistics

Mom lets 9-year-old take subway home alone!

The Today Show has a cover story today entitled “Mom lets 9-year-old take subway home alone.” The controversy over this — that is, the fact that there is any — is a wonderful example of how poorly people assess risk in modern society. What this woman, Lenore Skenazy, has done to stir up trouble is […]

risk, society, statistics

Checks: The Most Dangerous Transaction

During this year’s Christmas shopping season, I made some large in-person transactions at the same time as my wife made an online transaction, and my credit card was suspended by the issuing bank for potential fraudulent activity.  This happens relatively often, whenever someone’s spending patterns are flagged by the neural-network based automated fraud detection used […]

attacks, legal, privacy, risk, statistics

The Inevitability of False Positives

I was reading an article about web scanner coverage and false positives by Larry Suto that RSnake linked to on ha.ckers. Though this is only tangentially related to the actual paper, it reminded me of something interesting — the inevitability of false positives when detecting something rare. When measuring the error of a detection process, […]

risk, statistics, terrorism