September 7, 2006 - #111
Good Morning {!firstname}:
Running a bit late this AM. Sorry about that. I'm not in the excuses business, but I do want to mention that my hangover this morning was sponsored by Chris Hoff [1]. Thanks for your hospitality buddy. I'll be feeling those Guinesses for most of the day. I'm still at the Security Standard conference for part of the day and John Chambers of Cisco did his keynote to kick things off. He always puts on a good show and I'll have a summary later today. In general I think the conference has been pretty good and brings up some issues relative to how to interface with the executive branch, as opposed to the technical issues many of these conferences typically address.
In security-land I want to call out Entrust for announcing just a ridiculous guarantee for FFIEC compliance (here [1]). First, they have a bunch of caveats and the legalese is so think you need a bull-shittake cutter to get through it. Next they say their software is not the only thing compliance can be based on. Huh? Finally, you only get a year of support if they mess up. Now that's some guarantee. Thank you sir, may I have another!
I also attack idiocy on a number of other fronts (yes my heartburn and hangover have made me grumpy), first being an asinine position from the G-men about what Microsoft should be doing post-Vista (here [1]) and why it's not an issue for security vendors to actually warn us about security problems (here [1]). And the fun doesn't end because I pile on with Oltsik and Ogren about the Cisco/Microsoft NAC-NAP deal (here [1]). All in all, lots of crap to wade through today. Glad I brought my hip boots up to Boston.
Have a great day.
Technorati: Information Security [2]
Top Security News
http://www.forbes.com/2006/09/07/hewlett-packard-dunn-cx_po_0907autofacescan01.html [3]
Link to this [3]
here [4].
http://www.entrust.com/news/2006/6363_6625.htm [5]
Link to this [5]
http://www.informationweek.com/news/showArticle.jhtml?articleID=192503689
[6]Link to this [6]
http://www.eweek.com/article2/0,1895,2011765,00.asp [7]
Link to this [7]
http://www.informationweek.com/blog/main/archives/2006/09/airing_dirty_se.html [8]
Link to this [8]
Top Blog Postings
here [8]), this is a non-factor and an attempt by both Cisco and Microsoft to freeze the NAC market until their products catch up to their PowerPoints. Jon is a bit partial to TCG, which I think is misguided because in an early market standards are a red herring that are leaned on by those folks without market power to try to equalize things. Most of the time standards only come into play as a market matures and commoditizes. We aren't even close with NAC right now. Jon's colleague Eric "EO" Ogren weights in here [9] as well, basically supporting my position. Shimel weighs in as well (here [10]) making the point that networks are heterogeneous, which isn't true for 60-70% of the world that buy all of their stuff from Cisco.
http://news.com.com/2061-11203_3-6112960.html
[11]Link to this [11]
http://blogs.ittoolbox.com/security/adventures/archives/desperation-doesnt-justify-bad-security-11441 [12]
Link to this [12]
LinkScanner [13] site before they click on a link. That's unlikely. Scandoo [14] requires that you do searches from their site (at this point anyway). I won't use them, even if I should because it would dramatically slow down my work process. SiteAdvisor has the best integration with the way I work, but unfortunately I still haven't been able to get it to operate without breaking Yahoo! Mail. It also broke the web browser on the home PC that my kids use, so there are still problems, but the browser integrated model makes the most sense to me.
http://blog.washingtonpost.com/securityfix/2006/09/scan_those_links_before_visiti.html
[15]Link to this [15]
http://rogerksullivan.blogspot.com/2006/08/miles-to-go-before-we-sleep.html
[16]Link to this [16]