logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - March 27, 2007

By Mike Rothman
Created 2007-03-27 07:28
Today's Daily Incite

March 27, 2007 - Volume 2, #51

Good Morning:
Time just flies when you are having fun. Or fun most of the time anyway. Yesterday was the 50th Incite of 2007. Wow! Doesn't seem like that many, but when you get into a daily rhythm you just go and don't really pay attention. Another thing that took me by surprise yesterday was the in-flight entertainment system on the plane. I fly a decent amount, not like I used to before the kids, but maybe once a week or every other week. I usually put on my headphones, crack open the MacBook and tune out.

But yesterday I spent a few minutes checking out the entertainment system on Delta. Live TV, about 100 different CDs, 20 on demand movies. It was pretty cool. I turned off my iPod and just listened to some stuff that I don't own (The Killers and Raconteurs). Made the time just fly, no pun intended. What's amazing to me is how technology has evolved over the past 15 years. I remember arguing with a friend, who happened to be working for a shop called TeleTV in the mid-90's, that was trying to build an entertainment system that would be delivered over the telecom carriers network. I didn't think they could make a big video jukebox in the sky really work.

That was a crazy idea back then. Larry Ellison funded a company that was building multi-million dollar, highly parallel servers to host the video feeds. In the 90s that was way ahead of its time. But now? You can have a server like that on a plane. And I assure you, it didn't cost millions of bucks. It's these times where Moore's Law really amazes.

And technology also becomes just part of your experience. For instance, last night I got to watch my favorite TV show, Prison Break, on the night it actually broadcast. Knowing I wouldn't have time to catch it when I got home, I diligently watched the clock and at 8 PM turned on the TV. I have to say I really missed the DVR experience. Most of the commercials were horrible and it took an extra 20 minutes to get through the show. Not that I was in a rush, but I've gotten spoiled. I was forced to recall a day when TV was done on their schedule, not mine. I didn't like it one bit. And I don't watch TV enough on the road to buy a Slingbox.

That's the thing about some technologies. They become so ingrained in your life that you don't even notice it's there. Until it's not. Then you notice it's NOT there big time.

Have a great day.

Technorati: Information Security [1], CSO [2]

The Pragmatic CSO [3]
 The Pragmatic CSO is Here!


Read the Intro and Get
"5 Tips to be a Better CSO"


www.pragmaticcso.com [4]

Top Security News

here [5]). I'm on board with this, especially unsophisticated users that don't focus on security but more on broader IT issues. Who's to blame? The traditional firewall vendors, of course. These guys roll out fancy terms like "deep packet inspection" and "application intelligence" to convince their installed base that they have all the answers. Is a traditional firewall going to stop a XSS attack or SQL injection? The good news is that at some point they will. So the web application firewall has a limited lifespan like most other product categories in security. At some point, the real functionality (not the vendor data sheet functionality) will be integrated into the base perimeter platform. Then unsophisticated users will be none the wiser, but more protected. Until then, that's why some ridiculous percentage of commerce web sites are vulnerable.
Link to this [5]

here [6]). Of course they are. A big fat cash cow says they are. Are they late with new capabilities? Yes. Have they executed well in the enterprise security business for the past 2 years? Of course not. Their channel is pissed and they should be. But inertia is a very powerful force and the Big Yellow has inertia in the AV business. That being said, Novell had inertia in LAN operating systems and WordPerfect had inertia in word processing. Lotus had inertia in email and collaboration also. Why do I mention those three vendors specifically? Because they were all crushed by Microsoft in their respective spaces. And guess what? Microsoft has targeted the anti-virus business. So inertia is all good and well, but at some point you better push the envelope and change the game. Inertia won't help you when Microsoft finally gets it right. The good news for the Big Yellow is that it takes time for Microsoft to get it right. The clock is ticking.
Link to this [6]

here [7]). I didn't think there was a market for personal firewalls anymore. Strom talks about two options for deploying personal FWs - either as "a hardware appliance for perimeter protection that works in conjunction with software for each desktop" or one that works with "an enterprise gateway or centralized anti-virus solution." And those are different how? Before you waste a lot of time reading this rubbish, here's what you need to know. Answer two questions: is the Windows (or Mac) firewall good enough? There are definitely use cases where that is the case. If so, move on - you've got other things to do. If not, then you need to look at a broader suite that includes the personal firewall, AV, anti-spyware, and probably some other stuff. Every client security product includes all of these capabilities. So if you need them, you get them. Don't pay a lot. It's not that hard.
Link to this [7]

The Laundry List

I'm OK, you're OK. McAfee introduces OK to "certify" mobile content as secure. And this is a problem? - here [8]
Symantec jumps on the mobile security bandwagon (partnering with Bluefire). Wait, Symantec is early for a security market? - here [9]
IPLocks introduced yet another SOx reporting offering. The auditors aren't going away, even if you bury them in paper. - here [10]
Your ISP will soon tell you what you can navigate to, if Simplicita has it's way. Something feels very wrong about my ISP navigating me where they want. - here [11]
Reconnex gets into the endpoint agent business. - here [12]

Top Blog Postings

http://taosecurity.blogspot.com/2007/03/sans-software-security-institute.html [13]
Link to this [13]

http://www.cigital.com/justiceleague/2007/03/21/the-curse-of-the-installed-base/ [14]
Link to this [14]

http://dondodge.typepad.com/the_next_big_thing/2007/03/why_did_cisco_p.html
 [15]Link to this [15]

http://blog.securityincite.com/ [16]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [16]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-march-27-2007

Links:
[1] http://technorati.com/tag/information%20security
[2] http://technorati.com/tag/CSO
[3] http://www.pragmaticcso.com
[4] http://www.pragmaticcso.com
[5] http://www.networkworld.com/news/2007/032007-web-apps-firewall-security.html
[6] http://www.crn.com/security/198500308
[7] http://www.informationweek.com/security/showArticle.jhtml?articleID=198500292
[8] http://biz.yahoo.com/prnews/070326/sfm041.html?.v=93
[9] http://biz.yahoo.com/iw/070326/0230644.html
[10] http://biz.yahoo.com/bw/070326/20070326005139.html?.v=1
[11] http://biz.yahoo.com/bw/070326/20070326005198.html?.v=1
[12] http://biz.yahoo.com/prnews/070326/sfm032.html?.v=81
[13] http://taosecurity.blogspot.com/2007/03/sans-software-security-institute.html
[14] http://www.cigital.com/justiceleague/2007/03/21/the-curse-of-the-installed-base/
[15] http://dondodge.typepad.com/the_next_big_thing/2007/03/why_did_cisco_p.html
[16] http://blog.securityincite.com/