September 29, 2006 - #127
Good Morning:
Today I want to talk about repenting. None of us are perfect, and I am no exception. Most days I feel like I'm screwing more stuff up than doing right, but that's part of the process. I try to learn from every mistake and know that if I'm not pushing out of my comfort zone, I'll never improve. And this coming Monday, I'll make my peace, repenting for the ill-advised, inconsiderate, and just plain stupid things I did over the past year. I guess some folks repent constantly, but that's not for me. I'm too busy screwing things up. So there will be no Daily Incite on Monday.
In security-land, the big news this week is DEMO. It never ceases to amaze me how crappy security ideas are able to get some visibility from folks that should know the difference (here [0]). I only wonder about the security companies that didn't make the DEMO cut. I'm sure there were some beauties in there. Let me also point out an interesting offering from CyberTrust (here [0]) to help police partners and other companies that are granted access to your network. It's a good use of the MSS model, even for those folks that want to continue managing their own stuff.
In blog-land you MUST check out Ross Brown's post on how to compete with Microsoft (here [0]). Ross has been there and done that, both successfully (with Citrix) and unsuccessfully (with IBM) and you can learn from him. The bit about Symantec making the same mistakes as IBM in the OS/2 days had me rolling, but it's scarily true.
Since many of my readers do their own blogging, Steve Rubell wonders whether it's better to join the "blog herd" or be you own cow (here [1])? Do you do original work or just link to and add depth to the discussions of other folks? Both Steve and I figure the answer is both. Each day, I use the Daily Incite as a way to focus attention on the things that I think are most important, providing my spin on each news item. But I also try to do at least one other original post each day, to make sure I'm pushing myself to think and document that thinking consistently. Obviously there is a pretty steep time commitment to do both, and that's not for everyone.
Have a great weekend and I'll see you on Tuesday.
Technorati: Information Security [2]
Top Security News
here [3]). It's got a big adoption curve (you need both sites and users to play), but this seems to be the most promising thing I heard of from the show.
http://www.eweek.com/article2/0,1895,2021837,00.asp [4]
Link to this [4]
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1210562,00.html [5]
Link to this [5]
here [5]) and wait for an issue before taking action.
http://www.darkreading.com/document.asp?doc_id=104437
[6]Link to this [6]
http://www.networkworld.com/news/2006/100206-specialfocus.html [7]
Link to this [7]
http://www.networkworld.com/newsletters/lans/2006/0925lan1.html [8]
Link to this [8]
Top Blog Postings
http://technobabylon.typepad.com/tb/2006/09/how_to_compete_.html
[9]Link to this [9]
http://techbuddha.wordpress.com/2006/09/28/how-to-survive-a-zombie-attack/
[10]Link to this [10]
http://mcwresearch.com/archives/316
[11]Link to this [11]
here [12]) and your customers credit card info is being stolen as he was speaking to you. Ouch. I certainly feel for these companies being victimized and of course, the customers whose information was stolen, BUT if you are first learning about a security issue from Brian Krebs - you probably have taken your eye off the ball. Thanks to Martin for pointing out this article and he brings up a couple of good points relative to what data should be stored and whether it's encrypted or not. As Brian points out, even those HackerSafe seals are no protection and at worst present a false sense of security. Given the prevailing environment out there, you are best off storing the least amount of data possible. And protecting it. I know that's easier said than done, but you don't want to be on the other end of a call from the Grim Reaper, now do you?
http://www.computerworld.com/blogs/node/3603
[13]Link to this [13]