Skip to main content

The WiKID Blog

Viewing posts tagged Security and Economics


I have always been puzzled as to why the total cost of e-crime dropped in the most recent CSI/FBI crime survey. Now the reason is clear: online crime is no longer predominately the purvue of lonely teens seeking self-esteem, it is increasingly being propogated by organized crime gangs selling access to 'owned' machines. Since they only need 5,000-10,000 machines per sale, that is all they get. If they got more than that it increases the possibility of exposure, reducing the value of those machines.


I read an interesting post about risk strategies and selection bias that made me think about some short term thinking often seen when investments in information security are deferred. Patri Friedman discusses poker strategies in light of selection bias:

You see that if you look at the performance of many businesses w.r.t. a risky practice that is a bad gamble, you can find the slightly negative trend line. But what happens if you consider only those businesses still around? This happens accidentally all the time - after all, its much easier to survey those businesses. The result is that you eliminate the worst failures of the practice you are examining, leaving a falsely positive impression.

The same thing happens in the poker tournament world. Certain styles of play trade EV for variance, allowing people to build up huge stacks occasionally, but usually go bust. Such players often win tournaments - but that doesn’t mean they are playing right. How many times do they fail for each victory? Do they fail more often compared to the money they win than a more conservative player? Some of these “maniacs” are smart players, carefully choosing their gambles and maximizing their returns. But some of them, frankly, are just maniacs, gambling and getting lucky, and giving the false impression that high-variance play is the way to go, because we don’t notice the hundreds of people playing that way and losing.


There is an excellent post on Security Fix Blog about cross-site scripting flaws at major financial institutions pointed out by Lance James (author Phising Exposed.


I have (just last post :) suggested before that the first systems to get true two-factor authentication will be the high-value brokerage and commercial accounts, pointing to Online Banking Solutions as being ahead of the curve in protecting their customers' customers.


The state of Georgia is offering tax credits for setting up telecommuting programs. Find our more at the Clean Air Campaign website.

Recent Posts







RSS / Atom