logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - December 20, 2006

By Mike Rothman
Created 2006-12-20 08:53
Today's Daily Incite

December 20, 2006 - #175

Good Morning:
Does it feel like Xmas time to you? Even though I don't celebrate the formal holiday, my memories of the holiday season involve cold weather, vacation, family, and some more cold weather. My definition of cold (growing up in NY) is probably different than my Canadian or Icelandic friends, but nonetheless I've been walking around in a light fleece pretty much all year. So it's kind of strange, but I like it. I guess that's one of the advantages of living in the Southern US - my snorkel coat gathers dust.

The holidays are also in large part about family. Yet, I have this nasty habit of launching new products in the first week of January. So, NO VACATION FOR YOU! I'll be cranking away at getting The Pragmatic CSO [1] ready for publication on January 2, then I turn my attention to getting the Pragmatic CSO community up and running (target is Feb 1). For a change, it'll be a busy holiday season and January. But no better way to start the year than with a burst of activity that should drive things throughout 2007.

In security land, looks like Gil of Check Point has gotten out his checkbook and he likes the feeling (here [1]). Yesterday, they upped the offer for Protect Data and also acquired IPS vendor on life support NFR Security. I thought NFR stood for "No F*****n Reason" to exist, but evidently Check Point saw something that not too many customers saw over the past few years. What's interesting is how different the Protect Data and NFR deals are. Protect Data (and Zone Labs before it) were leading products in growth markets. NFR is a lagging product in a maturing market. Hmmm. So much for consistency.

In blog land, it seems that Oracle still doesn't get it. I know I know, what makes me thing they'd get security after so many years of not even being close, but this blog post (here [1]) just cements it for me. Basically it's more about not breaking the application than it is about security. In practice, I get that's the way the world works. But to put out an insecure default configuration guide because you want to make sure it doesn't break anything? That seems very strange to me.

Have a great day.

Technorati: Information Security [2]

The Pragmatic CSO [3]
Coming January 2, 2007		 Webcast promo [3]

Top Security News

http://www.checkpoint.com/press/2006/nfrsecurity121906.html [4]
Link to this [4]

http://www.networkcomputing.com/showArticle.jhtml?articleID=196603139 [5]
Link to this [5]

http://www.darkreading.com/blog.asp?blog_sectionid=325 [6]
Link to this [6]

http://www.channelweb.com/sections/allnews/article.jhtml?articleId=196700414 [7]
Link to this [7]

http://www.darkreading.com/document.asp?doc_id=113096 [8]
Link to this [8]

Top Blog Postings

http://www.computerworld.com/blogs/node/4191 [9]
Link to this [9]

http://blogs.oracle.com/security/2006/12/08#a42
 [10]Link to this [10]

http://andyitguy.blogspot.com/2006/12/what-were-they-thinking.html
 [11]Link to this [11]

http://riskmanagementinsight.com/riskanalysis/?p=69
 [12]Link to this [12]

http://securityincite.com/TDI-2006-12-18 [12]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-december-20-2006

Links:
[1] http://www.pragmaticcso.com
[2] http://technorati.com/tag/information%20security
[3] http://www.pragmaticcso.com
[4] http://www.checkpoint.com/press/2006/nfrsecurity121906.html
[5] http://www.networkcomputing.com/showArticle.jhtml?articleID=196603139
[6] http://www.darkreading.com/blog.asp?blog_sectionid=325
[7] http://www.channelweb.com/sections/allnews/article.jhtml?articleId=196700414
[8] http://www.darkreading.com/document.asp?doc_id=113096
[9] http://www.computerworld.com/blogs/node/4191
[10] http://blogs.oracle.com/security/2006/12/08#a42
[11] http://andyitguy.blogspot.com/2006/12/what-were-they-thinking.html
[12] http://riskmanagementinsight.com/riskanalysis/?p=69