October 9, 2006 - #132

Good Morning:
Big Monday. Hope you enjoyed your weekend. Thanks to all that sent in their birthday well wishes. I had a great B-day and a nice weekend to boot. But now it's back to business. Don't have a lot of time this AM, so I'll be brief. The biggest news you are likely to hear this week is about the US Commerce Department hacks (here [0]). It's another opportunity to vilify China and let the xenophobes strain their vocal cords. Oh joy. We also see an audacious goal for Symantec to get to $10 Billion in revenue (here [0]). Fathers, chain your young ones to the fence post because the Big Yellow checkbook is coming to your town. That's the only way they get there.

In blog-land it was a pretty slow weekend, but Ed Moyle weighs in on the Symantec/McAfee vs. Microsoft battle (here [0]) and George Ou highlights Google dipping their toes into the web filtering waters (here [0]). I'm sure the SiteAdvisor folks are glad they took the money and ran. Probably to their own islands in the Caribbean.

Have a great day. And here's another reminder that there will be no TDI next Thursday or Friday. I'm going on vacation, so you'll have to make due without me for two days.

Technorati: Information Security [1]

Top Security News

http://news.yahoo.com/s/cmp/20061007/tc_cmp/193105174 [2]
Link to this [2]

http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1220179,00.html [3]
Link to this [3]

http://news.yahoo.com/s/nm/20061008/bs_nm/symantec_targets_dc_1
[4]Link to this [4]

http://www.gcn.com/online/vol1_no1/42229-1.html [5]
Link to this [5]

here [5] and here [5]), now seeing fewer distribution options will impact choice. Is that bad? Not sure, but the really big security vendors like Cisco, Symantec, and McAfee will be able to start pushing more packaged offerings (including best of breed and not so best of breed stuff) down the throats of their distributors. Since crap rolls downhill, VARs will increasing be pushed to take the packages to market as well, and as such customers will be buying them. Depending on your size and expertise, this is not a bad thing. But it's a thing and you should pay attention.
http://www.channelweb.com/sections/allnews/article.jhtml?articleId=193104955 [6]
Link to this [6]

Top Blog Postings

here [7]). And they are both small and European - so they'd be able to make a good case if there was any through to it.
http://www.securitycurve.com/blog/archives/000460.html
[8]Link to this [8]

http://blogs.zdnet.com/Ou/?p=340
[9]Link to this [9]

http://episteme.ca/cblog/index.php?/archives/46-CISOs,-Quality-and-Enabling-Business.html
[10]Link to this [10]

http://www.mckeay.net/secure/2006/10/being_an_evangelist.html
[11]Link to this [11]

http://securityincite.com/blog/mike-rothman/profiling-analysts-forrester-style [11]

A NAC for Open Source
There is a new alternative for NAC and it's open source. There was rejoicing in the streets. Actually, calling this NAC right now would be a little generous, it's more like device authentication and VLAN assignment - but you've got to start somewhere. And I also got an opportunity to poke Shimel a little bit, and he weighed in on the topic (here [12]). I'm not surprised that he's not threatened and generally supportive of FreeNAC.
http://securityincite.com/blog/mike-rothman/a-nac-for-open-source [12]

Read Friday's Daily Incite
http://securityincite.com/TDI-2006-10-06 [12]