Thoughts on interesting ideas for research. Feel free to use any of these as your own inspiration, but if you do, please let me know to satiate my own curiosity!
| A group of college professors — specializing in German literature of the 1770s — on a suicide/gang-rape spree. Sturm und drang bang. | |
| It's great to eat under an open sky, even if it is radioactive. | |
| To know all is not to forgive all. It is to despise everybody. | |
| This is an environment of welcoming, and you should just get the hell out of here. | |
| I think you'll find everybody loves a loser — so you'll be fine, you won't be lonely long. | |
| Since you already have the maximum of one ythog flgath ng'flgath from zath vorgaal, you would need a hngaug flgath ng'flgath with no other ythog flgathu ng'flgath from it in order to flgathl a ythog. | |
| Boys, boys! Calm down! Haven't you heard of the word "compromisation"? | |
| Oh, you hate your job? Why didn't you say so? There's a support group for that. It's called EVERYBODY, and they meet at the bar. | |
| Jesus hates you. Click here for porn. | |
| I wish many guns. Floating around me. Controlled by murder thoughts. |
| // Example testing sketch for various DHT humidity/temperature sensors | |
| // Written by ladyada, public domain | |
| #include "DHT.h" | |
| #define DHTPIN 2 // what pin we're connected to | |
| // Uncomment whatever type you're using! | |
| //#define DHTTYPE DHT11 // DHT 11 | |
| #define DHTTYPE DHT22 // DHT 22 (AM2302) |
| During my time in the Senate, I have consistently reiterated my support of programs that can detect impending threats to our homeland or diplomatic and military facilities abroad. It is imperative, however, that we strike an appropriate balance between remaining vigilant against terrorism and protecting the civil liberties guaranteed to the American people by the Constitution. | |
| Unfortunately, the government has eroded the American peoples' trust by the secrecy surrounding these surveillance programs. I will continue working with my Senate colleagues to review existing law and the actions of the Administration to ensure that we protect our Constitutional liberties. In doing so, I hope to guarantee true accountability in these programs so that we protect Americans from the threats of both terrorism and unwarranted government intrusion. |
[Various details redacted.]
I'm currently about to start a Geography degree at the University of [Redacted] at [Redacted] with a focus in GIS, and I've been finding that I have an interest in working with imagery. Obviously I should take Remote Sensing and other similar classes, but I'm the type of person who likes to self learn as well. So my question is this: What recommendations would you give to a student who is interested in working with imagery? Are there any self study paths that you could recommend?
I’m self-taught myself, and there are a lot of important topics in GIS that I don’t know anything about, so I can’t give comprehensive advice. I haven’t arrived anywhere; I’m just ten minutes ahead in the convoy we’re both in. Take these recommendations critically.
Find interesting people. You’ll learn a lot more from a great professor (or mentor, or friend, or tutorial) talking about something outside your specialty than you will from someone boring who’s working on exactly what you’re interested in.
originally published in September 2012
STIX tries to organize IOC / observable information and give it some context. For example, using STIX/CybOX, you could collect together a set of observables, link them together into an indicator, and then maybe associate that indicator with known TTPs. That TTP could link to other indicators to help with confirmation and attribution to a threat actor or campaign.
I’d like at some point soon to build up a “link database”, something like a triplestore (graph database) that represents all its data in a Subject-Predicate-Object form.
$hash BELONGSTO $malware
$twitterhandle BELONGSTO $person
$ipaddress ISA $sshscanner
So FreeCause has an initiative to make all its employees learn how to code. Not that everyone will join in developing production code, but they have to learn the fundamentals. In their case, they use Codecademy which teaches JavaScript. Despite some of the bellyaching on Hacker News, this makes sense to me for a number of reasons.
originally published April 2012
Generally speaking, we can use low-level (tactical) threat intelligence in four ways:
As this is early days, I’m not sure how well this model works. Should blocking really include detainment by LE? And 3 and 4 in particular have a lot in common, but I think of them as different use cases because one creates automatic notific
originally published in March 2012
Given the modern security environment in which our networks and systems exist, organizations like incident response teams and security operations centers focus on the state of our own systems and networks. Outside of unusually large spikes, such as those from a Slammer-scale worm, global threat level is relatively uninteresting in this context because it isn't actionable. We might be interested in regular summaries of those global data (e.g. daily/weekly briefings), but not for minute-to-minute dashboards. So the sorts of cruft that many organizations throw into their dashboards really provide zero or even negative value: high-level threat intelligence or generic indicator feeds like those from ThreatExpert or DShield may have their uses, but not here. And the color-coded DHS-style "threat levels" provide even less value, because they tell us nothing about the risks in our own environments.
So what would we want to see on network security dashboards? Focus on the r