logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - March 15, 2007

By Mike Rothman
Created 2007-03-15 06:45
Today's Daily Incite

March 15, 2007 - Volume 2, #45

Good Morning:
They like me. They really like me. The folks over at ITSecurity have named yours truly (and pretty much all my blogging buddies) as a few of the top 59 influencers in IT Security (here [1]). Not that I like to kick a gift horse in the mouth, but eat some New Balance Secretariat. How did they arrive at 59? They couldn't find 60? But I am flattered to be recognized. My Mom will be really proud. I'm sure your RSS readers will be all aflutter with folks linking to the list. Maybe this is IT Security's sweeps week, so they are trying to juice page views or something.

I also appreciate all the SIM vendors that sent me another message telling me I'm an ass and that they really are different and "next generation." Yup. My broker just called and said he's got a bridge he wants to show you. Evidently a great deal. Maybe I am an ass, but this ass will tell you what I think - whether you like the answer or not.

Which brings me to a point, though I'm not sure what it is. OK, now I remember. I'm working on some really cool stuff now and I spent the day with a buddy (that many of you know, but it's a secret - shhhh) planning out how we are going to really push forward the practice of security education and training. We'll be making a big announcement at the end of the month, and it will be BIG. We both left the meeting really jazzed about the potential of what we can build and the impact that it can have.

But that's all I can say about that right now. Don't you just love folks that pre-announce stuff with no details to pique your curiosity? Me neither, but I pretty much can't contain my excitement, which is a rarity. Really a rarity. So I think I'll enjoy it for a few minutes. Tick tock tick tock tick tock tick tock. Ding. OK, fun time is over - back to work.

Have a great day, a restful weekend (I'm spending a boys weekend with my son and my Dad), and I'll see you on Monday.

Technorati: Information Security [2], CSO [3]

The Pragmatic CSO [4]
 The Pragmatic CSO is Here!


Read the Intro and Get
"5 Tips to be a Better CSO"


www.pragmaticcso.com [5]

Top Security News

here [6]). Having a blogging policy is a good idea, but I suspect that most employees realize that a blog is a publicly accessible document. So it would be a bad idea to post the Coca-Cola recipe on one. Interestingly enough, USB thumb drives and instant messaging fit into the Web 2.0 bucket. So does user education and awareness training. Maybe Web 2.0 means "whatever I need to call this article to get some search engine optimization." Not that I'm sure what Web 2.0 means, but I'm pretty sure thumb drives aren't one of the key technologies. 
Link to this [6]

here [7]). Most of the wireless infrastructure folks do some security, and as happens with every technology market - over time it's going to get better. So does that leave an opportunity for those folks selling stand-alone/overlay security capabilities? Not really and not for too long. These folks (wireless IPS, anyone?) better find a chair soon - because at some point the music will stop - and those without partners will go away. 
Link to this [7]

here [8]) wasn't so damn wrong, I would have let it go. But this shows you cannot learn how and why tech mergers take place by talking to one lawyer who clearly doesn't have a clue. Mergers (or acquistions) have very little to do with strong balance sheets. Or a tired founder. Give me a break. Microsoft buying TellMe isn't about some octogenarian selling out the family business because the next generation is a bunch of prep school nincompoops. Tech mergers are about either growth or getting assets on the cheap. There is very little in between. What's next, a tutorial on the P/E ratio? I guess today is "be frustrated with Tech media" day.
Link to this [8]

The Laundry List

Apple's MSU (massive security update), driven by MOAB. Where is Ahab when you need him? - here [9]
Fortinet finds ePO holes. Telegram for Mr. DeWalt. Hot poker in the eye, courtesy of Ken Xie. - here [10]
Postini finds bot nets killed JFK. - here [11]
HiJack finds a Trend (who also are worried about their reputation) - here [12]

Top Blog Postings

http://rationalsecurity.typepad.com/blog/2007/03/the_semantics_o.html [13]
Link to this [13]

here [14].
http://www.matasano.com/log/719/more-on-pen-testing-2/ [15]
Link to this [15]

http://jeremiahgrossman.blogspot.com/2007/03/big-trouble-if-pci-dss-requires-csrf.html
 [16]Link to this [16]

http://blog.securityincite.com/ [17]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [17]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-march-15-2007

Links:
[1] http://www.itsecurity.com/features/top-59-influencers-itsecurity-031407/
[2] http://technorati.com/tag/information%20security
[3] http://technorati.com/tag/CSO
[4] http://www.pragmaticcso.com
[5] http://www.pragmaticcso.com
[6] http://www.networkworld.com/news/2007/031207-security-survival-tips-for-the.html
[7] http://www.merunetworks.com/products/index.php
[8] http://www.informationweek.com/blog/main/archives/2007/03/acquisitions_an.html
[9] http://www.darkreading.com/document.asp?doc_id=119476
[10] http://biz.yahoo.com/iw/070314/0226674.html
[11] http://biz.yahoo.com/prnews/070314/sfw089.html?.v=88
[12] http://biz.yahoo.com/prnews/070314/sfw080.html?.v=88
[13] http://rationalsecurity.typepad.com/blog/2007/03/the_semantics_o.html
[14] http://mcwresearch.com/archives/438
[15] http://www.matasano.com/log/719/more-on-pen-testing-2/
[16] http://jeremiahgrossman.blogspot.com/2007/03/big-trouble-if-pci-dss-requires-csrf.html
[17] http://blog.securityincite.com/