Good Morning:
Ah Friday. On vacation, every day is Friday, isn't it? But when are are at the beach, it always helps to have Plan B. Inevitably it rains and when it rains, you better have a plan to keep the kids occupied. Or it gets messy pretty quickly. Optimally, you get a half and half. Glorious sunshine in the morning with the weather rolling in around 2 PM. 

By then, the kids are beached out and they probably don't need any more sun at that point. Then we can bring them back to the house, feed them and get some naps in. Maybe a late afternoon movie would be on the plan as well. It's also good to have some games to play and art projects ready to go. Better to be prepared than have a bunch of bored kids writing on the walls of the rented house. 

It used to be a lot easier. There was one thing we'd do on a rainy beach day BK (before kids). Right to the bar. It could be 10 AM or 2 PM, no matter. If it was raining, I was drinking. That always helped my sleep habits too, since I'd usually be incoherent right around dinner time, so I'd eat and then pass out. After a few hours of sleep, I'd go for round 2. What we could do when we were young...

But I am not that young anymore. Nor do I live in the past. So right about now, it's probably time to break out Sorry or Chutes and Ladders. I can't wait until we can bust out the Monopoly and Stratego. Of course, by then the kids will want to play online with kids from around the world, I'm sure. Yet, I can still hope for family game day, can't I?

Have a great weekend.

Incite #5: Night of the Internet Dead

With a majority of attacks (like drive-by downloads) no longer requiring user interaction; the number of active zombies continues to exponentially multiply. Organized fraud networks increasingly use targeted, social engineering-based attacks because they work, forcing users to put a premium on REACTING FASTER and training users to stop doing stupid things, as opposed to hoping a new shiny product will solve the problem.

Read the original Days of Incite post on this topic.

6-month grade: A

I'm happy to wind up the first week of Incite Redux on a high note. This Incite (although obvious) has certainly come to pass. We hear about new and more sophisticated bot networks weekly. We are starting to learn just how advanced the crime organizations are that drive much of the cyber fraud around the world. 

I heard (anecdotally, of course) that one of the crime networks has built a database of private information that rivals "legal" information sources like ChoicePoint. Of course, that could be boasting and hyperbole, but to think that a crime database that size is within the realm of possibility is nothing short of shocking.

If you've made it through the first half of the year with no issues, none of your users losing their devices, none of your trading partners firing someone who had access to your stuff, and no public disclosures, then pat yourself on the back. I'm not sure if you are lucky or good, but all the same - the likelihood that you'll have the same answer next year is pretty small.

So plan for the inevitable. There are a lot of very smart guys that I hang around with, who make a living trying to figure out what attack is next. They find a lot of bugs and they do the right thing by responsibly disclosing those "features" to the vendor in question. Most of the time anyway. But of all the smarts these guys have, they missed little things like Melissa and SQL*Slammer. They missed many of the new social engineering attacks and crimeware, spyware and other x*ware variants that have been compromising machines and converting devices into zombies at an alarming rate.

And this has nothing to do with the talent and capabilities of the researchers. My entire point is that no one has a crystal ball. None are practicing fortune tellers. One of the most valuable roles that security research plays in the ecosystem is to find new attacks, pull them apart, and figure out how to defend against them. But to be very clear, in most cases, these folks are not working ahead of the curve. They are working against the clock because the bad guys have already weaponized the attacks.

Which is why the REACT FASTER doctrine is so important. No widget is going to protect you against an attack you've never seen. Although truly new attacks are fairly infrequent, they happen enough that we need to plan for the next one. So we monitor our networks and our servers. Also our databases and applications. We look for anomalies and other funky behavior that is not the norm. Then we investigate to see if that strangeness is just random or representative of a real issue.

Then we address the issue. Once that work is done, we live to fight another day. Take pride in the fact that most of the world reacts slowly, if at all. They are the ones that get to disclose breaches to their customers and mop up a real mess, if they can. Or they are constantly working on their resume and hoping their number doesn't come up before they get that new job.

It's true you can run, but you can't hide. All you can do is REACT FASTER. And that deserves an A.


Photo credit: "fortune teller" originally uploaded by yunheisapunk