September 26, 2006 - #124

Good Morning:
OK. I'm done rejoicing. For a few weeks anyway. I need to call some folks out today because conflict is good for business (here [0]). It really is. I'm not sure that explains my daily behavior, but it at least gives my rationalization engine something to work on when I'm dismantling yet another vendor telling me it goes to 11. How about the TSA (here [0])? Now we can bring on little bottles of Scope? And drinks that we bought in the airline terminal? Maybe Starbucks was complaining about decreasing sales in airport terminals.

In security-land, it seems that a majority of consumers out there are just idiots. I guess we already knew that, but it's hard to see it in print. This survey from AuthenTec (here [0]) makes the point that 24% think protecting themselves from identity theft is TOO EXPENSIVE. More expensive than having some joker run rampant at Target with your credit card? And it looks like Check Point is back in the business of poking their OEM's in the eye (here [0]). I know they don't have too many strategic options to make themselves exciting, but that's how they treat their friends? I guess it's true, conflict is good for business.

Do we have any right to privacy anymore? The Constitution says we do, but can that be enforced anymore? The Mogull takes on that topic today (here [0]) and it's making my brain hurt. Pandora's privacy box is open and it's not clear we'll ever get it back under control. I guess there go my political aspirations, since there are a ton of skeletons in my own Internet closet probably logged somewhere. Finally, I don't much care how many bugs my browser has (here [0]). The industries pre-occupation with vulnerabilities, as opposed to RISK is annoying. I'll need to stir up some conflict there too because it seems we spend a lot of time fixing stuff that is not an issue (here [0]).
 
Have a great day and Happy Birthday to my brother Barry. We rejoiced last night, so now it's back to the business of being grumpy.

Technorati: Information Security [1]

Top Security News

http://www.infoworld.com/article/06/09/22/39OPsecadvise_1.html [2]
Link to this [2]

http://biz.yahoo.com/ap/060925/slow_computer_viruses.html?.v=6 [3]
Link to this [3]

here [3]) probably applies to consumers as well.
http://biz.yahoo.com/bw/060926/20060926005272.html?.v=1
[4]Link to this [4]

here [5]). They are claiming 10Gbps of throughput, 2 million packets per second and 3.17 Gbps of encrypted VPN throughput. Most interesting is how CheckPoint is once again spinning the virtues of software on an industry standard platform, as opposed to custom security appliances. I guess they are dead set against bringing their own "custom" platforms to market, even though Nokia and Crossbeam at least slowed the erosion of their customer base by bring the products to market in a form factor customers wanted to buy. And who is to say that some of these appliance vendors won't be using Intel's newest processors to drive their "custom software appliances?" For 95% of the world, speed is not the deciding factor in what platform they buy. It's manageability. It's ease of use. It's the ability to make things simpler. That's why customers like appliances. Now they want more stuff in those appliances (beyond FW, VPN, and IPS) and they want better integration of the pieces. I wonder how Intel is going to help CheckPoint with that.
http://www.eweek.com/article2/0,1895,2016675,00.asp [6]
Link to this [6]

http://news.yahoo.com/s/ap/20060925/ap_on_go_ca_st_pe/air_travel_security [7]
Link to this [7]

Top Blog Postings

http://37signals.com/svn/archives2/conflict_is_good_for_business.php
[8]Link to this [8]

http://securosis.com/2006/09/23/sorry-logging-is-a-privacy-risk/
[9]Link to this [9]

http://episteme.ca/cblog/index.php?/archives/21-Taking-the-Long-View.html
[10]Link to this [10]

here [10]) - the increasing targeting of consumers, which will require the ISPs to step up and do something about all of those zombies lurking on their networks. It seems I was wrong. The most interesting part (according to the media anyway) is that Firefox has more vulnerabilities that IE, but they get fixed faster. Who gives a rat's ass? If you want to secure browser, then use Opera. No one else does, so you don't have to worry about the hackers targeting you. I want to know that my browser will be updated when something breaks. Firefox seems to have an advantage there. But most of all, I want and need a productivity tool. I use Firefox not because I'm anti-establishment, but because it has plug-ins that make me MUCH MORE PRODUCTIVE. I've got lots of other defenses in place to make sure even if my browser is buggy, that I'll still be protected.
http://www.computerworld.com/blogs/node/3566
[11]Link to this [11]

http://securityincite.com/blog/mike-rothman/security-state-of-the-union-status-quo [11]

Does PCI have teeth?
I did a real quick post here about what seems to be MasterCard and Visa increasingly starting to enforce the PCI standards. That's a good thing because any regulation (listen up HHS about HIPAA) that has no real enforcement teeth is an empty suit. We are all too busy to deal with empty suits.
http://securityincite.com/blog/mike-rothman/does-pci-have-teeth [11]

NetworkWorld Column: Security awareness Cisco-style
In this week's NetworkWorld Column, I cover how Cisco does security awareness. As many of you know, I think security awareness and training are a critical part of any security program, and Cisco shows once again why they are the pre-eminent practitioner of poster child marketing.
http://securityincite.com/blog/mike-rothman/networkworld-column-security-awareness-cisco-style [11]

Read yesterday's Daily Incite
http://securityincite.com/TDI-2006-09-25 [11]