## Thursday, December 23, 2010

### Calculus vs. Probability

I am trying out listening to podcasts on my – yes – iPod, during what was figuratively described to me as my “downtime”. In Zurich for me this means being on trams and trains, and walking between them or to them. So I went looking for captivating podcasts and of course ended up at the TED site, where you can download any number of interesting speakers and topics. I came across a short and poignant talk by mathematician Arthur Benjamin's on his formula for changing math education.

His simple approach is to switch from calculus being the pinnacle of math education to actually probability and statistics, because while the former is beautiful yet little used, the latter two topics are in fact very practical and in high demand. In short we need to better understand risk. Below is the full text of his short talk, where I have highlighted a few phrases in bold

Now, if President Obama invited me to be the next Czar of Mathematics, then I would have a suggestion

The mathematics curriculum that we have is based on foundation of arithmetic and algebra. And everything we learn after that is building up towards one subject. And at top of that pyramid, it's calculus. And I'm here to say that I think that that is the wrong summit of the pyramid ... that the correct summit -- that all of our students, every high school graduate should know -- should be statistics: probability and statistics. (Applause)

I mean, don't get me wrong. Calculus is an important subject. It's one of the great products of the human mind. The laws of nature are written in the language of calculus. And every student who studies math, science, engineering, economics, they should definitely learn calculus by the end of their freshman year of college. But I'm here to say, as a professor of mathematics, that very few people actually use calculus in a conscious, meaningful way, in their day to day lives. On the other hand, statistics -- that's a subject that you could, and should, use on daily basis. Right? It's risk. It's reward. It's randomness. It's understanding data.

I think if our students, if our high school students -- if all of the American citizens -- knew about probability and statistics, we wouldn't be in the economic mess that we're in today. Not only -- thank you -- not only that ... [but] if it's taught properly, it can be a lot of fun. I mean, probability and statistics, it's the mathematics of games and gambling. It's analyzing trends. It's predicting the future. Look, the world has changed from analog to digital. And it's time for our mathematics curriculum to change from analog to digital. From the more classical, continuous mathematics, to the more modern, discrete mathematics. The mathematics of uncertainty, of randomness, of data -- and that being probability and statistics.

In summary, instead of our students learning about the techniques of calculus, I think it would be far more significant if all of them knew what two standard deviations from the mean means. And I mean it. Thank you very much. (Applause)

I could not agree more. The world is discrete for me, and very few of the problems that I encounter succumb to integration.

### Protecting Your Information in the Age of WikiLeaks

This is the title of a webcast invitation that I recently received from Symantec. The Wikileaks saga is quickly impacting the infosec landscape, probably because the issue is so visible to all levels of senior management. The webcast is described as follows
In the wake of the intense media attention around the WikiLeaks disclosures, you may be asking yourself, "What steps can I take to help my company avoid this same fate?"

Symantec has been working with customers who are concerned about preventing these same issues and we’ve developed a set of best practices that can help defend against these types of breaches. We’d like to share with you some of the techniques that might be useful to help you uncover similar activity on your own systems. In this live webcast we’ll:
• Discuss the threat agents and modes of data loss you should be most concerned about
• Recommend counter-measures to protect your critical information against these risks

### 2011 InfoSec Predictions from Zscaler Labs

Its not only the season of giving and but forecasting as well, and I recently received the following Information Security Predictions from Zscaler Labs
• Flash mob hacktivism – we’ll see more attacks similar to Operation Payback, where like-minded strangers quickly organize and attack corporations or government entities in the name of a cause
• Niche malware designed to harvest confidential information from IP-connected devices such as printers and SCADA systems will grow
• Cloud-hosted botnets will grow
• We’ll hear about more indirect data breaches, where not it’s the company affected that was breached, but rather a third-party vendor or organization
• Social networks will become the main communication medium for attackers
• The Information security market will continue to shrink
An interesting list - more about trends than fundamentals - and you can find more details on the Zscaler blog.

### Over 1,000 visits this month to old AES-256 post

Just a note to say that my Are AES 256-bit keys too large? post from July 2008 has been visited over 1,000 times this month. For the last few years it has been my most popular post by far, and I once referred to it as one of my Pareto posts. Probably what happened this month is a link to the post found its way onto some social channel, like Twitter, and just mushroomed from there. It just shows that content really has no use-by date in Web 2.0.

## Tuesday, December 14, 2010

### Tutorial on Buffer Overflows

Nice tutorial on this perennial security problem from Patrick Schaller of ETH, Zurich.

## Tuesday, December 7, 2010

### Internet Privacy as a Venn diagram

From Flowing Data:

## Monday, December 6, 2010

### Snakes in Suits – the risks from psychopaths in the workplace

A telling presentation from Holly Andrews at a recent IRM meeting on dealing with psychopaths in the workplace (and yes the boardroom), derived from the 2006 book Snakes in Suits: When Psychopaths Go to Work. The presentation describes how workplace psychopaths burrow into positions of power, and amongst other things, assume more risk than is sensible. There is a wonderful process chart which shows how such people operate

Transitional organisations can be seen as ideal “feeding grounds” for psychopaths since

• There are fewer constraints and rules allow the psychopath freedom in acting out their psychopathic manipulation
• The fast changing environment provides stimulation for the psychopath whilst serving to cover up their failings
• There is the potential for large rewards in terms or money, power, status and control