Tuesday, September 14, 2010

BP and Trial by PageRank

Over at the NSIS, Alex has a post (downgraded to a rant?) which begins with berating Gideon Rasmussen for calling the BP Deepwater incident a Black Swan, and ends up discussing flaws in corporate governance. Alex correctly describes the incident as a “tail event”, both low probability and high impact but still “on the curve”. True Black Swans are events for which prior distributions are “completely uninformative”, and they belong on a totally different curve to expectations and models.

Even so, for me a Black Swan aspect of the incident has been the subsequent reputational damage to BP. This has not been a trial by public media, but trial by social media and ultimately, trial by PageRank. In web 2.0 there is no such thing as yesterday’s news, or yesterday’s newspapers wrapping up today’s fish and chips. Links are just as good today as they were yesterday, and continue to remain search-worthy far into the future as long as PageRank deems them to be so. Holding steady at approximately two thirds of the search market, Google via PageRank has become the default arbiter of Internet truth. 

A recent article called What Big Brands are spending on Google from Advertising Age showed that BP’s spending on Google Ads increased dramatically, to almost $3.6 million dollars in June, up from its regular budget of less than $60,000. 


That’s almost a 6000% increase in spending at the height of the BP counter-PageRank campaign, and such unpredictable jumps are the calling cards of Black Swans.  From the article

Before BP could stem the oil gusher at the bottom of the Gulf of Mexico, it unleashed $100 million in ad spending, largely on network TV, to stem the damage to its image. But it also started spending heavily where it had never spent much before: buying ads in Google's search results.

BP was essentially paying Google AdWords to distract Google PageRank - trial by PageRank and forgiveness by AdWords. What’s that saying about judges and juries again?

Friday, September 10, 2010

Keyword Spamming with Infographics

Infographics have become more popular, and BuzzFeed has produced an infographic describing how infographics are used to generate keyword spam. The trick to stopping the spam appears to be adding a NO FOLLOW tag in the html code of the embedded infographic.


References to Homomorphic Encryption

Homomorphic encryption is the basis of Craig Gentry’s recent breakthrough in encrypted search. Helger Lipmaa has a large collection of papers on homomorphic encryption here, as well as other cryptographic topics. Knock yourself out.

Five Lectures on Anonymous Communications

George Danezis has put together a great series of lectures on modern anonymous communications, available from his Conspicuous Communication blog here. The lectures cover

  1. Basic definitions & unconditional anonymity with DC-networks.
  2. Long-term attacks on anonymity systems (Statistical / Disclosure) and their Bayesian formulation.
  3. Mix networks and anonymity metrics.
  4. The Bayesian traffic analysis of mix networks.
  5. Low-latency anonymity with onion routing and crowds.

About 150 slides of material.

Sunday, September 5, 2010

How to render SSL Useless – video version

A while back I posted on the  How to render SSL Useless deck from Ivan Ristic of SSL Labs (now with Qualys) on common mistakes in the deployment of SSL. There is now a video of Ivan presenting this deck at a recent OWASP conference, available at ThreatPost.


HeadHacker Social Engineering site

I just came across HeadHacker, a site devoted to social engineering, run by a former colleague Dale Pearson. The site looks great and Dale will be a speaker at the upcoming hashdays conference in Lucerne this November.


Will there be an IT Risk Management 2.0?

This is the title of a short talk I gave recently at an OWASP chapter meeting in Zurich. The audience was small but engaged, and I went over time by quite a bit.  I need to develop the talk further but it is a decent v1.0.