The Daily Incite - August 1, 2007

Submitted by Mike Rothman on Wed, 2007-08-01 09:34.
Today's Daily Incite

August 1, 2007 - Volume 2, #113

Good Morning:
Top 'o' the morning to you. I'm happy today. The drugs must be working. Or it could be the Black Hat fever that seems to be going around in Vegas. This show is like none other. Most technology shows have little to no excitement. I guess Comdex still has lots of booth babes, maybe Interop too. I haven't been to a Web 2.0 show, so maybe there is excitement there. But Black Hat is something else. The tattoos, the piercings (in public display, of course) and the different shades of hair colors are all pretty unique. Unless you go to a Motley Crue concert, I guess.

I got into Vegas yesterday after a little flight delay. Then the partying started almost immediately (SHHHH! Don't tell the Boss) and didn't end until late. But everyone is happy and congenial and excited to get their little mitts on some cool security research, even if there is some researcher drama. I'm certainly not in the middle of it, so I'm able to maintain my drama-free zone. I think we all should strive for no drama, although I guess if you have people you have drama. That's why I work alone. I got tired of spending more time dealing with drama than actually working.

The good news is that there is going to be some cool research and findings discussed over the next two days. I'm not sure how relevant the information will be in the short term, but it will provide lots of food for thought relative to what can happen and what we need to keep our eyes on. It's also great to see so many old friends and meet new folks. For me, that's why I go to some of these shows. It's about learning, but it's also about connecting. 

I'm running late, so I'm off to see the Wizard.

Have a great day.

Technorati: ,

The Pragmatic CSO

The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"
www.pragmaticcso.com

Top Security News

Black Hat preview: Lots of cool stuff
So what? - If you aren't at Black Hat, then I guess you'll just need to live vicariously through the 100s of bloggers and other press folks that are here. This show really has become a press fiesta. The major tech pubs send pretty much their entire staffs of reporters to make sure no one misses anything. Bill Brenner of SearchSecurity does a nice little wrap-up of the folks that decided to jump the shark, I mean gun, relative to what their sessions will be about. The king of security research marketing, Matasano Thomas, and his team will be showing their virtualization research - which will be cool. To be clear, Thomas does security research, but he's also a pretty fine marketer, since everyone seems to talk about him all the time. Though I'm sure he'll smack me upside the head for saying that. There will also be a bunch of stuff around application security or lack thereof. This makes sense because that's where all the action is. In terms of the sessions I'm going to, most are application security related. Guess it's just a sign of the times.
Link to this

Theory vs. practice
So what? - One of the things to be a bit wary of when coming to a research oriented show is to focus on the actual likelihood of something happening. Core's research on breaking a database is a good case in point. It's critical to see how timing attacks can theoretically work, but does this mean you should do something about it? Nope. And thankfully Ivan Arce comes clean about that. What we can't have is a bunch of bedlam running rampant because of a theoretical attack. To make the point once again, research is good. We need it to figure out where things are going and what new attacks will be materializing sooner rather than later. But that doesn't mean right now. Rob Newby does a good job of not being too curmudgeonly about not being at Black Hat and making the same point.
Link to this

60 days to PCI? Take that to the (blood) bank
So what? - Here is a non-Black Hat news item, which is a shocker. It seems that Ingrian is pushing a 60 day program to help companies get PCI compliant. I hate this kind of marketing. Really really hate it. First, it's disingenuous. Not knowing anything about your environment, maybe you can get to PCI in 60 days, maybe you can't. I guess you could install Ingrian's product in 60-days, but to make a claim about PCI compliance? Let's go over this again, you CAN'T buy compliance. There are too many moving parts. The whole thing seems fishy to me. So I advise everyone to ignore this. As opposed to taking the next 60 days to install a product that can maybe help you, use the two months to actually get your security program in gear. And I just couldn't wait for my "security marketing gone wild" series to talk about this. It's that annoying to me.
Link to this

The Laundry List

  1. You go where the money is, even if it makes no sense. Tim Wilson rails on the idea of a CFO driven security program, but I'm rather focus on getting it done - not who gets the credit. - Dark Reading blog
  2. These guys found the CFO. Perimeter raises another $50 million. MSS consolidation will continue. - Perimeter release
  3. Clearswift breaks new ground? Maybe for them, but having a common web and email management console isn't exactly new. - Clearswift release
  4. Q1 gets some Incite. Yes, I was the first victim of their Englishman, Irishman, and analyst podcasts. Good stuff here, if I do say so myself. - Q1 release

Top Blog Postings

Boy that's a hot seat you have there
Ravi Char channels the Pragmatic CSO in this post about the importance of having your incident response chops in working order. He's exactly right and given that I'm surrounded in Vegas by some of the greatest hacking and security research talent around, it's probably a good idea to once again revisit your process, procedures and make sure you are ready for the inevitable issue. Remember, these folks can break your stuff. Period. So you better be ready to respond and react faster.
http://ravichar.blogharbor.com/blog/_archives/2007/7/27/3123217.html
Link to this

Virtualization is like anything else, it will be broken
As I mentioned above, Black Hat has become quite the press fiesta. So it's not surprising, with VMWare's imminent IPO that someone would do some research to figure out how to break a hypervisor. And this time it's not even Matasano Thomas. It's Ed Skoudis. PaulDotCom does a good job of summing up the research and it's potential impact. Nothing is foolproof, so it's just a matter of time before someone figures out how to own a hypervisor. What do we do about it? Nothing yet. Virtualization is good, it saves money. Yet take some architectural precautions. Probably don't run a very valuable database server on the same physical box as an externally facing web server. Duh! But let's not over-react either. Let's just watch how things develop and take action when necessary.
http://blogs.zdnet.com/Ou/?p=636
Link to this


Recently on the Security Incite Rants Blog

Check out the latest on the Security Incite blog
http://blog.securityincite.com/

Read the most recent Daily Incite

http://securityincite.com/security-incite-rants/daily-incite