logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - September 21, 2006

By Mike Rothman
Created 2006-09-21 09:39
Today's Daily Incite

September 21, 2006 - #121

Good Morning:
I'm back in chilly ATL after a quick trip to NY for Interop. I hoped to stay another day, but family obligations brought me back early. But not before I had one of those famous New York moments. Running through the airport trying to get an earlier flight home, I see American Idol's Randy Jackson and The Biggest Loser's Caroline Rhea chatting it up with basketball legend Scotty Pippen. I guess for folks that hang out in LA or NY a lot, star sightings are commonplace. But in the Northern suburbs of ATL - not so much. Another interesting point is that Randy is shorter than I thought. And Pippen is taller. On to business.

I'll do a Interop wrap post this AM to go into my thoughts a bit more, but there was a bit of news in security-land. We saw one example of rear-view mirror analysis here [0]. But I guess when you are the G-people, you don't need to look forward. We also have another Big Yellow positioning (here [0]), jumping on the "Everything 2.0" bandwagon. I'm sure they are just tickled pink that there are folks like me, who actually remember history to point out that Symantec is on at least version 8.0, if not 13.0. And when security industry heavyweights go at it, it's fun to watch. So check out a little discussion that Ranum and Schneier have about maintaining the security of strategic software (here [0]).

And this HPGate scandal is getting out of control. Now it seems that HP was sending reporters basically a Trojan e-mail to track whether they were reading the messages and who they sent it to. Is it illegal? Probably not. Is it ethically murky territory, absolutely. Read more in this ZDNet story here [1]. And it seems that CEO Mark Hurd was in the loop on this (here [2]). There is no way he escapes unscathed. This guy works for two years to turn HP around, and now his credibility is shot because he approved snooping on reporters. Now look for the spinning to start to salvage Hurd's "brand." And marketers take note. Do something stupid and years of hard work go poof! We all know that, but sometimes forget.
 
Have a great day.

Technorati: Information Security [3]

Top Security News

http://www.esj.com/news/article.aspx?EditorialsID=2111 [4]
Link to this [4]

http://www.infoworld.com/article/06/09/18/HNrootkitidthefts_1.html [5]
Link to this [5]

here [5]), this next deal with Dell for "Secure Exchange" is the right thing to do. By baking their technology into a lot of other solutions, SYMC will be taken along for the ride. And they won't have to worry about competing in games that over time they won't win - like against Microsoft and Cisco.
http://www.informationweek.com/story/showArticle.jhtml?articleID=193004118
 [6]Link to this [6]

http://www.symantec.com/about/news/release/article.jsp?prid=20060919_01 [7]
Link to this [7]

http://news.yahoo.com/s/afp/20060920/ts_alt_afp/afplifestyleitinternet [8]
Link to this [8]

Top Blog Postings

Celebrity Deathmatch [9] guys can make this battle come to life. Now THAT would be entertaining. But I digress. In this discussion, these two go at it about "strategic software," and really about who controls that software. This was driven by the inability of CheckPoint to buy SourceFire because it was deemed too sensitive. Marcus makes the point that a lot of the stuff we use is "strategic" and it's controlled by foreign companies. Check Point already controls Zone Labs, which is basically a "good rootkit" because it totally controls the IP stack of a computer. And then he mentions that RIM (a Canadian company) basically drives the communications of the US Government. He makes lots of good points. Then Schneier weighs in with reality. Reality says there will be back doors and we won't find all of them. So we need to rely on security layers and defense in depth. Exactly right. No one thing can be trusted implicitly - now that's a good message.
Ranum: http://www.ranum.com/security/computer_security/editorials/point-counterpoint/strategic.html [10]
Schneier: http://www.schneier.com/blog/archives/2006/09/is_there_strate.html
 [11]Link to this [11]

http://blogs.zdnet.com/BTL/?p=3642
 [12]Link to this [12]

http://www.emergentchaos.com/archives/2006/09/cso_breach_sop_fud.html
 [13]Link to this [13]

here [13]). The world really has changed.
http://andyitguy.blogspot.com/2006/09/os2-you-could-have-been-so-much.html
 [14]Link to this [14]

here [15]). Check out the comments on this post as well, since Stiennon actually agrees that this one represents true consolidation. I guess wonders never cease.
http://securityincite.com/blog/mike-rothman/deal-miss-consolidation-secureworks-lurhq-merge [15]

Read yesterday's Daily Incite
http://securityincite.com/TDI-2006-09-20 [15]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-september-21-2006

Links:
[1] http://news.zdnet.com/2100-9584_22-6117497.html
[2] http://blogs.zdnet.com/BTL/?p=3643
[3] http://technorati.com/tag/information%20security
[4] http://www.esj.com/news/article.aspx?EditorialsID=2111
[5] http://www.infoworld.com/article/06/09/18/HNrootkitidthefts_1.html
[6] http://www.informationweek.com/story/showArticle.jhtml?articleID=193004118
[7] http://www.symantec.com/about/news/release/article.jsp?prid=20060919_01
[8] http://news.yahoo.com/s/afp/20060920/ts_alt_afp/afplifestyleitinternet
[9] http://www.mtv.com/onair/deathmatch/
[10] http://www.ranum.com/security/computer_security/editorials/point-counterpoint/strategic.html
[11] http://www.schneier.com/blog/archives/2006/09/is_there_strate.html
[12] http://blogs.zdnet.com/BTL/?p=3642
[13] http://www.emergentchaos.com/archives/2006/09/cso_breach_sop_fud.html
[14] http://andyitguy.blogspot.com/2006/09/os2-you-could-have-been-so-much.html
[15] http://episteme.ca/cblog/index.php?/archives/20-I-love-consolidation.html