February 21, 2007 - Volume 2, #32
Good Morning:
Let's talk about the ripple effect a bit today. Which will explain (at least partially), why I'm so damn late this morning. The morning started out fine, got Leah off to the bus and went to start my normal morning activities. Of course, I saw a stack of checks on the table to deposit and since I'm traveling this week, I knew I needed to take care of that. Easy enough, put the checks into Quicken, fill out the deposit slip and we're done, no?
Well actually no. One of the checks was a distribution from a limited partnership the boss and I are investors in. So I had to dig up information about the cost basis and the like for the investment. Pain in the ass, for sure - which included one password reset on the investment firm's website and digging through my office closet recently reorganized by my dear mother in law for some other info. Once I got that taken care of, I realized I needed to do payroll as well, since next week is the end of the month. Got to love the one-man band thing. I get to do everything.
By now it's 9:45 and I had a scheduled press call at 10. 30 minutes later the boss needed to come and vent about a situation regarding some furniture we recently bought. 20 minutes after that, I'm starting TDI and the stack of other crap I've got to get done today is untouched. And I'm recording a webcast at 1:30 as well. I guess it's going to be one of those days. I guess it's good that I don't punch the time clock at 5 PM.
It's one of those days for Cisco as well. They announced yet another acquisition of Relativity this morning (release here [1]). Only $135 million for this one, on what is probably minimal revenue. This continues Cisco's assault on security, moving up the stack. Relativity makes an XML gateway (yes, it's a box) that does some hygiene on XML traffic (encryption, filtering, authentication, acceleration, etc.). Of course, this market is really early and there were only maybe 2 or 3 other players (Forum and Vordel come to mind). But let's be very clear, Cisco intends to be a player at the application layer. And they are flexing their checkbook to get there.
Speaking of days, the Days of Incite continue, with yesterday's piece on "You (Mal)ware it well" (here [1]). Today's piece will be on leak prevention.
Have a great day. I may or may not do TDI tomorrow. I have an early flight and I'll try to get it done tonight, but who knows if that will happen. If not, then I'll see you Friday.
Technorati: Information Security [2], CSO [3]
 [4] | The Pragmatic CSO is Here! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [5] |
Top Security News
here [6]). Which is pretty much every customer because inevitably someone you bought something from gets bought by someone else (presumably bigger). That bigger someone proceeds to bungle the integration, causing product delays, support snafus, and channel confusion. Causing, you guessed it, angst on the part of the acquired company's customers. Like we haven't seen this movie a thousand times. But if you only buy stuff from companies that won't get bought, you can't really solve all your problems. So grin and bear it and make sure you have a plan to deal with the inevitability that your vendor will be bought.
Link to this [6]
here [7]), the folks at Harvard Pilgrim use PGP to encrypt email sent to customers. But it seems that they depend on the employee to hit a "send secure" button. Like they'll always remember to do that. They don't mention any outbound gateway filtering or leak prevention gateways to ensure the employees don't inadvertently forget. And then the recipient needs to go to a web server and download a certificate for decryption. Right, very ponderous. I know other vendors say they have a better way (so don't send me nasty grams), but the fact still remains - until it's transparent, adoption will be minimal.
Link to this [7]
here [8]). That's interesting. Are the requirements in Europe are different? Or is that another revenue stream for Visa and MasterCard? And Cambia announces a PCI ecosystem (here [9]). Now we need an ecosystem? Jeez, give me a break. A bunch of resellers that are trying to spin a configuration auditor do not a PCI ecosystem make. But we will see more of this, I guarantee it. Every Tom, Dick and Harry will be chasing the Chuck Wagon to get a taste of those delightful bird droppings. And then they'll get sued by compromised retailers, who have been sued by compromised banks, because they've been owned after passing a PCI audit. Compared to that pile of crap the bird droppings will be quite yummy indeed.
Link to this [9]
The Laundry List
Oakley Networks announces their new line of hacker bags, I mean leak prevention gizmo - here [10]
Seltzer on OpenID, which is the great white hope of interoperable user-centric identity - here [11]
Watchfire thinks developers will actually security test something before it goes into production. I guess we can hope! - here [12]
Top Blog Postings
http://blogs.ittoolbox.com/security/investigator/archives/why-bob-got-fired-14549
[13]Link to this [13]
http://infosecplace.com/blog/2007/02/19/you-need-to-have-a-security-program-in-place-before-it-can-be-assessed/
[14]Link to this [14]
http://erratasec.blogspot.com/2007/02/high-performance-security-appliances.html
[15]Link to this [15]
http://securityviews.com/blog/2007/02/15/going-blind-for-privacy-and-spam-reduction/
[16]Link to this [16]