String::hash Inconsistencies in Matz Ruby

Last night ruby stole back a few of those hours that it has saved me over the years, and made me feel like I was going just a little crazy in the process of doing it. So in the interest of documenting my failures and maybe saving you a few moments here’s a braindump of the events. I’ve been working on an implementation of a countsketch data structure for a stream consumption project I’ve been working on.

Gossip Columnist Malware

That old quote from Twain about the lie getting halfway around the world before the truth puts its pants on. Turns out the same thing happens even if the truth has a couple years head start. This week yours truly was mentioned in not only a entertainment article, but also perezhilton. Truly odd times. Anyways, just to clarify, I said as much as 20-25% of searches on google/twitter/bing/yahoo for trending topics/popular terms will have malicious links somewhere in their results.

DoSing the Security Community With a ToS

The security community echo chamber was rocking hard over the weekend with news of an online backup/sharing service, Dropbox, changing its Terms of Service to grant them “worldwide, non-exclusive, royalty-free, sublicenseable rights to…” do basically anything they want with your content. From Dropbox’s point of view, this is the sort of thing that they claim they need to have in order to provide you the service. That may or may not be true, but it was probably something their legal counsel told them that it would be in their best interest to include.

Why Are We Talking Philosophy Instead of Technology

I still believe that the presentations and panels being selected for most information security events are much too far removed from the “roots” of the art. Often times to the extent that there is a full slate of presentations where most sessions turn out to be less glorified keynotes with little more than feelings, whether warm fuzzies or cold pricklies, to take home with them. This is a negative thing for many reasons, but before we start lets makes sure we’re speaking the same language.

Do We Want Better Spam Detection on Social Networks?

The question sounds crazy, especially for someone who’s spent a fair amount of the last year working on making spam and other malicious message detection on social networks better. But we do a disservice to tools geared for protection when we don’t think long term about the consequences of them. Does better spam detection on say twitter for example reduce the total amount of spam that users see, or does it just change the signal to noise ratio?