October 27, 2006 - #144
Good Morning:
Sorry I'm a bit late on this rainy Friday here in ATL. The boss was under the weather this AM, so I got to play Mr. Mom and get the kids ready for school. As hard as I try, "Daddy's working" doesn't seem to sit will with rambunctious 3 year old twins who are very interested in whatever is on my computer screen at any given time. So I gave up, put on the Backyardigans [1] and toasted some waffles. And it was nice. All work and no play, well you know how that ends.
No real themes emerged today in either security or blog-land. McAfee beat the number (here [1]), so Wall Street is all aflutter, but let's see what happens two quarters down the road, deep in the midst of integrating 3 new companies. There shall be no victory lap before it's time. I'll also point to a PC Mag interview with rootkit queen Joanna Rutkowska (here [1]), which is interesting. You can find out about her first computer, how she became interested in computers, and what she uses to protect her own PC. Truthfully, I'd rather stick to hearing security people talk about security (which is the 2nd half of the interview), since personal profiles of security folks are not very interesting to me. Most are normal, some are freaks. If I want drama, I watch Access Hollywood. There is a much higher percentage of freaks in Hollywood than in security anyway.
In blog-land, Martin says we need a blogger code of ethics (here [1]), which is fine. Personally, I just accept that a percentage (rather large I might add) of folks everywhere (not just in the blogosphere) are going to be scum. So I calibrate my expectations accordingly. Let me also highlight a good piece on acquisitions on the SCADA Security blog (here [1]). For the most part, customers always get screwed when a key vendor gets bought. But it's part of the game, so if you are a user and you are not experienced in putting together Plan B when a vendor gets bought, do not pass GO and do not collect $200. That is security vendor management 101.
I also need to correct a statement I made in TDI yesterday. Given it was #143, this is the first correction - so that's pretty good. The kind folks from Proofpoint pointed out to me yesterday that they do in fact have a reputation capability within their MLX technology, they just don't talk much about it. So I stand corrected, but if anything this bolsters the point that anyone without a reputation capability (either built or bought) will be at a marketing disadvantage to those that do.
Have a great weekend.
Technorati: Information Security [2]
Top Security News
http://www.mcafee.com/us/about/press/corporate/2006/20061026_191010_m.html [3]
Link to this [3]
http://www.eweek.com/article2/0,1895,2037121,00.asp [4]
Link to this [4]
VI Labs [5] is trying to do, but can you do it scalably? Hmm.
http://news.yahoo.com/s/zd/20061026/tc_zd/192403
[6]Link to this [6]
here [7]) and it SCREAMS. Seriously, it's noticeably faster. I can't wait until Microsoft Office comes out in a Universal Binary next year, as at that point it may be time for me to bid adieu to my PC. But I digress. Both browsers have added some new security capabilities in the area of phishing and additional privacy capabilities. So whether you swing IE or FFX, upgrade to the new stuff and have all your users do the same.
http://www.securityfocus.com/brief/337 [8]
Link to this [8]
http://www.channelweb.com/sections/allnews/article.jhtml?articleId=193402428 [9]
Link to this [9]
Top Blog Postings
http://www.mckeay.net/secure/2006/10/bloggerethics.html
[10]Link to this [10]
http://technobabylon.typepad.com/tb/2006/10/the_illusion_of.html
[11]Link to this [11]
http://www.digitalbond.com/SCADA_Blog/2006/10/security-vendor-consolidation.html
[12]Link to this [12]
http://www.symantec.com/enterprise/security_response/weblog/2006/10/hacking_the_blackberry.html
[13]Link to this [13]