Sylvander.net: The blog

Numbers, not percentages

Sat, 10 Mar 2012 01:46:26 +0400

While catching up on twitter, RSS, mail and too many other information sources, I stumbled upon “facts”. Facts as presented by one entity. One entity with “facts” based on the statistics they wanted to present. I’m certainly not the first to take issue with this, but I’ll throw it out there, along with the others: give us data, not percentages.

A percentage without data, without context, can only do more harm than good.

Why should anyone care that “malware increased by 400% in a year”, let alone “3325% in last 7 months of 2012”? By Feb 2012, esimates put the number of Android devices at 300 million. Is the 400% increase counting 4 more exploited handsets or 40 000 000 handsets, i.e. did we go from 1 to 5 or 10M to 50M?

Multiple vendors claim that, including Norman, “Finland is the least malware infected country in the world”, while every time I’ve checked Normans AV charts, Finland is top threat, or close to top of the charts? Even currently we are on par with China, US, Brazil, India, etc. The answer is: because it depends.

Src: http://www.norman.com/security_center/email_statistics/nop_statistics/nop_statistics_2/en-us

It depends on how you measure it. It depends on what question you want answered. It depends on what is the most beneficial way for our company to answer it.

Snould *I* worry?. I’ll worry about the malware and I’ll worry about the statistics that support the findings. I’ll worry about the neutrality of the findings. Give me raw data. Give me statistics. I’ll make my own *informed* decision. Do not present percentages to me as facts.

Without data, we won’t know. Without context we won’t know. Without either of these we should not care. The only thing left to to do is question the motives of the orignal article. Without data, frankly, I will disrespect you for disrespecting my capability of making an informed decision.

P.S. This is not intended to diss any specific vendor. I know folks from each one that I’ve quoted statistics from and they are certainly not the only ones failing, far from it. I just expect more from them because I know they are capable of producing the goods. Facts, friends, not “facts”.

Downloading what of what?!?

Tue, 15 Mar 2011 13:47:38 +0400

There are some things that you just can’t imagine being too difficult to implement. I’d count a progress bar indicating how much of an update has been downloaded as one of them. I guess I counted wrong...

What are they up to?

Sun, 30 Jan 2011 05:34:59 +0400

Data from a Kippo-honeypot I run looks pretty much the same day after day, week after week and I’m not quite sure what to make of it...

Are the .cn hosts just compromised boxes that are used for scanning and then the actual interaction is done from other parts of the world or are the Chinese amassing hosts for exploitation at a later date? You tell me:

Orange markers indicate successful login, but no interaction. Red with exclamation mark indicate successful login, with interaction.

On the other hand, the folks in .ro don’t seem to be content with just scanning and brute-forcing passwords:

For the curious, the global situation:

White flag - done arguing

Sat, 29 Jan 2011 05:00:01 +0400

You know what, I’ll just give up. Feel free to bash on regimes oppressing their citizens, but before you do so, ask your self: “how is my government on surveilling me?”. Many will probably answer “I’ve nothing to hide” and shrug it off, and they’ll probably be right, but that still doesn’t mean that the same corporations, that have sold hardware to the regimes you so readily criticize aren’t selling the same hardware back home. Think about it for two seconds. Why are you so concerned about others’ rights when you your self are not alien to the threat, or maybe it is just the fact that you counted on your regime not doing so. Well, guess what, you counted wrong...

Check out the Tor-project (http://torproject.org/) if you want to stay anonymous and give others the same possibility, but before you judge and voice an anonymous opinion online, make sure you do so for a valid reason and that you aren’t merely being guided by the masses.

Respect to those who truly need Tor to stay safe and have an avenue for communicating, not so much to those that cower behind it...

“You can’t stay neutral on a moving train” -Howard Zinn

140 Characters Won’t Cut it - On hypocrisy and privacy

Sat, 29 Jan 2011 00:40:17 +0400

I probably should have written this posting when Nokia, or more appropriately NSN, was the criminal de jour, when "they were helping Iran censor network traffic and prosecute dissidents", but I decided to refrain from wasting words on clueless lemmings calling out for boycotts on Nokia (a different company) products. Pretty much every single network device vendor has deep packet inspection capabilities - yes, read that again, pretty much every network device vendor has deep packet inspection capabilities - and there are legitimate uses for it.

Now that you are aware of this *GASP* atrocity, consider the fact that without said vendor that happened to provide said Evil Regime (tm) with network equipment, said country would have had no connection at all to the internet (or the more likely solution: they would've chosen a different vendor, with exactly the same capabilities).

Regarding DPI and its legitimate use bit (so that the lemmings won't lose their sleep...): Most ISPs refrain from using DPI, not only because they respect the privacy of their customers but because it is the law in their respective countries. That said, the next time your machine gets infected (and it will if it isn't already) and your identity or banking credentials are stolen, would you want your ISP to have had the possibility to have notified you of the event immediately after an *automaton* decided something anomalous was occurring, or would you prefer to “retain your privacy” (i.e. not divulging your information to a computer) and wait until some criminal walked off with your identity and life's savings? If you prefer the latter, then you have the upper hand in this argument and I'll wave the flag and submit to the fact that DPI should be banned and ISPs should refrain from using even less intrusive methods (which still reveal your IP-address) in lieu of offending your privacy.

On the other hand, if you thought that, just maybe, you'd want your ISP to inform you, then don't go around calling for boycotts against a certain vendor or defaming them publicly.

Calling out one specific company for selling equipment to a country that decides to abuse a de facto standard is on par with blaming McDonald's for all obese people in the world (they do sell salads after all, but people choose to "abuse" their choice of meal and restaurant), i.e. p-o-i-n-t-l-e-s-s. Oh, and did you know that _your_ ISP probably has the power to the same thing, and ys your gov't (at least if you are in the US of A) is actively pursuing the "Internet Off Button"?.

Blame the regime for abusing the power of a technology, not the vendor that provided Joe-average with the power of world wide communication in the first place.

Don't be a lemming. All they do is get pushed off a cliff by the lemmings behind them.