February 1, 2007 - Volume 2, #20
Good Morning:
There are times when I realize that I'm a few cards short of a full deck. So I'm at the airport last night, returning from a great two days working with a client. I'm pretty tired and as I head down the escalator towards the parking garage I see a few new kiosks. Cool, I guess they are putting in some of those pre-pay parking machines at Hartsfield.
But the kiosks weren't ready yet. The yellow police tape tipped me off. Yet, on the screens was a "Windows XP Embedded" login screen. So the kiosks run XP. Now that's interesting. What's the first thought that comes into my mind? Would it be like 99.9999% of the regular population, that are just happy to maybe streamline their exit from the parking lot? Of course not. My first thought is, "I wonder if I could hack it." Hmmm. Are they wireless? Can I tap into the wire? Maybe some kind of proximity reader would allow me to get access to the OS... No, this is not normal. Yes, I should probably be in therapy.
For a change there is a deal in the security space. BT wasn't done when they bought Counterpane. Not with services companies or with companies headquartered in Silicon Valley. By buying INS (here [0]), they get some security capabilities (though mostly networking expertise), but more importantly for them - they really bolster their technical staff here in the US. And whatever they paid is a rounding error. I guess the Red Coats are coming. Where is Paul Revere when you need him?
I also want to rant a bit about strategy. Here [0] I point to a nice, crisp and concise strategy statement that VASCO put on the wire. Why doesn't every company do this? Instead, most leave the interpretation of their strategy to jokers like me. I'm not a big fan of leaving much to someone else's imagination, so if you are a vendor - you should think really hard about a one page strategy overview.
Finally, both parts of the Pragmatic CSO podcast interview with Alan and Mitchell are now up. Part 1 is here [1]. Part 2 is here [2]. To be clear, this is a LOT of free stuff. I go much deeper than the introduction, as well as tip my hand a bit about what's next for the Pragmatic CSO. Short of buying the book (which you should do anyway), this is the most comprehensive description of the program yet.
Have a great day.
Technorati: Information Security [3], CSO [4]
 [5] | The Pragmatic CSO is Here! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Top Security News
http://www.ins.com/about/pressroom/pr.aspx?id=2061 [7]
Link to this [7]
http://www.esj.com/news/article.aspx?EditorialsID=2429 [8]
Link to this [8]
http://www.informationweek.com/showArticle.jhtml?articleID=197002225 [9]
Link to this [9]
http://biz.yahoo.com/prnews/070131/aqw004.html?.v=4 [10]
Link to this [10]
Top Blog Postings
http://riskmanagementinsight.com/riskanalysis/?p=96
[11]Link to this [11]
http://technobabylon.typepad.com/tb/2007/01/can_microsoft_g.html
[12]Link to this [12]
http://www.darknet.org.uk/2007/01/visa-security-flaws-prior-to-consumer-release/
[13]Link to this [13]
http://techbuddha.wordpress.com/2007/02/01/biased/
[14]Link to this [14]