There is an interesting post over at hackosis talking about using deceptive security models. I’ve always thought this was a good technique in theory. I wrote about it early last year in something called matrix as a security model, wherein you confuse the attacker by giving them completely different results.
I’ve also written about it on Darkreading regarding widespread use of blacklisting having the effect of causing hackers to become better. The problem of how to deal with an attack may be a better problem for evolutionary biologists to solve than computer scientists.