July 21, 2006

Good Morning {!firstname}:
TGIF or so they say. Felt like a very long week and getting longer. But again, busy is good. Not busy is bad, so I'll stop whining and get on with it. Actually a lot of interesting activity going on, including the conviction of the UBS insider. It seems the good guys won this one, but we all need to take some lessons about how to make sure you can get the bad guy dead to rights if something goes down.

On an unrelated note, I know many of you travel pretty frequently. You've got to check out this post [1] on the Dilbert blog (yes, Scott Adam's Dilbert) where he rails about "phone whores." If you've been in an airport more than once in the past year, you'll both laugh and cry at Scott's description of his recent experience. I tend to have pretty eclectic reading tastes and I really enjoy Scott's blog. It makes me laugh and also think about stuff that isn't security. I heard he writes a comic strip too - maybe I should check that out.

A portion of you at one time or another have worked for yourselves. Whether it's a boutique security consulting/integration shop or trying to start the next great security vendor, this post [2] by Brad Feld about hiring folks too early is a must read. Having been through the entrepreneurial process a few times myself, this advice is golden. Never forget that cash is king and paying someone else before you are ready is the best way to make that cash disappear.

Have a great weekend.

Top Security News

here [3]). That's a good result. If he had skated away (given what was overwhelming evidence against him), that would have made prosecuting insider attacks very very difficult. Have fun and send us a postcard, Roger. Make sure Bubba (your new soul mate - I mean cell mate) signs too. All kidding aside, this article provides some good tips about what UBS did right and wrong from the investigator on the case. Again, a lot of this stuff is common sense (look for outside help, backup), but I'm a fan of reminding myself of the simple stuff frequently because the complicated stuff will burn up all your time if you let it.
http://www.informationweek.com/story/showArticle.jhtml?articleID=190900365 [4]
Technorati tags: security best practices [5], insider attacks [6]
Link to this [6]

http://www.darkreading.com/document.asp?doc_id=99291 [7]
Technorati tags: Dark Reading [8], security [9]
Link to this [9]

http://www.infoworld.com/article/06/07/21/30OPsecadvise_1.html [10]
Technorati tags: passwords [11], authentication [12]
Link to this [12]

http://www.informationweek.com/story/showArticle.jhtml?articleID=190900465 [13]
Technorati tags: AT&T [14], eavesdropping [15]
Link to this [15]

here [16]).
http://biz.yahoo.com/prnews/060720/sfth085.html?.v=49 [17]
Technorati tags: VeriSign [18], VRSN [19], SSL [20]
Link to this [20]

Recently on the Security Incite Rants Blog

Comment Watch: The role of vulnerability research
Since many of my readers don't either have the time or desire to follow the comments on the blog, sometimes when there is an interesting exchange, I'll post it. This is one of those times as Thomas Ptacek of Matasano and I debate a bit about the evolving role of vulnerability research. This discussion happened due to my coverage this week of Symantec's analysis of the Windows Vista network attack surface. After showing the blow by blow, I go into what I think will become the new role of vulnerability research - competitive intelligence.
http://securityincite.com/blog/mike-rothman/comment-watch-the-role-of-vulnerability-research [32]

Read yesterday's Daily Incite
http://securityincite.com/blog/mike-rothman/TDI-2006-07-20 [32]

The Daily Incite - July 21, 2006

July 21, 2006

Top Security News

Top Blog Postings

Recently on the Security Incite Rants Blog