.comment-link {margin-left:.6em;}
Xavier's Security Post
Friday, December 09, 2005
  errata of statistics
I've always been a fan of attrition.org's statistics errata page. why? well, because it brings up a complaint I've had for years and years. the fact is, media companies and corporate research groups bullshit their way through statistics, and in many cases causing FUD (fear, uncertainty, doubt). and when I say 'bullshit', I mean pick numbers out of their asses, or use a generalized number. for example:

Phishing Scams Dupe 70% of Targets

the article above references a study, the following line caught my attention specifically:

Of those receiving the phony e-mails, most thought they might be from legitimate companies. Seven in 10, or 70 percent, were fooled by the e-mails, said the report.

ignore the heap of text after that, and you get to:

The researchers conducted in-home interviews with more than 350 Internet users nationwide. The researchers also reviewed the e-mails received by those households.

350 internet users. the article would be a bit more remotely respectable if it had been titled "Phishing Scams Dupe 70% (out of 350 random Americans) of Targets". It is very dangerous to just simply generalize a percentage from a very minimal number of individuals, in comparison to hundreds of millions of Internet users.
Comments: Post a Comment

Links to this post:

Create a Link

<< Home
This public blog will be a place for me to output any Security findings, both technological and physical, that I have come about. I will post Security advisories I was apart of, and also other interesting bits of knowledge. email: xavier [at] tigerteam.se

Rocks Clusters <=4.1 mount-loop local root
Rocks Clusters <=4.1 umount-loop local root
TSEAD-200606-6 - Rocks Clusters <=4.1 local root
xorgmodroot.py - Xorg-server 1.0 / <=X11R6.9.0-7.0 local root
TSEAD-200509-5 - Multiple Netscape.com vulnerabilities.
TSEAD-200512-3 - Multiple vulnerabilities in KISBG <=v5.1.1
fsigk_exp.py - FSIGK for Linux <=2.10-431 local root
TSEAD-200510-4 - FSIGK for Linux <=2.10-431 advisory
ritk.php - remote inclusion pentest tool
owm_exp.py - openwebmail <=2.51+ local root
perliodebug_exp.py - perlIO_debug 5.8.* local root
bankfix.py - bank card number lookup tool
TSEAD-200412-2 - AOL XSS/file read vuln
TSEAD-200412-1 - AOL redir vuln

September 2005 / October 2005 / November 2005 / December 2005 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / September 2006 / October 2006 /