logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - March 28, 2007

By Mike Rothman
Created 2007-03-28 09:50
Today's Daily Incite

March 28, 2007 - Volume 2, #52

Good Morning:
I, like Rich Mogull (here [1]) and Mike Murray (here [2]), was appalled when I read the story of Kathy Sierra being harassed and threatened by people in the blogosphere. It brought me right back to something that I take very seriously and that's accountability. People need to be responsible and accountable for their actions. They should NOT be allowed to hide behind the shield of anonymity to say whatever they want with no repercussions.

If you can't own up to your statements or positions, then keep you mouth shut. It seems pretty simple to me. A lot of my security blogger friends went around quite a bit last night via email on what we can/should do. The first thing is to talk about it. We all have different takes on the situation, but to bury it or feel bad for her silently is the wrong thing to do. Second, I will no longer publish anonymous comments on my blog. No exceptions. If you don't have enough stones to put your name down and a valid email address, stuff a sock in it. And AnonEMoose (at) someisp.com is not a valid email address. It's also unlikely that your name is JFK or John Doe.

During the discussion last night, one guy pointed out that sometimes things are too sensitive or controversial or unpopular to say, so anonymity allows folks to do that. I call bullshit on that. Anonymity is the tool of a coward. I follow a pretty simple rule, if I wouldn't say it to your face, I won't say it to someone else or write it. It's not that hard. The guys harassing Kathy don't live by the same rule. They probably cower in her presence.

I just hope the authorities find those transgressors and make them pay. We'll see how tough they are when they are pulled out from behind their keyboards and have to own up to what they've done. I'm sure they'll make real purty girlfriends for Bubba and Gus. Maybe they'll luck out and just have Bernie Ebbers or Dennis Kozlowski go medieval on them. I hear those guys are learning all sorts of new "boardroom tactics" in the clink. 

Have a great day.

Technorati: Information Security [3], CSO [4]

The Pragmatic CSO [5]
 The Pragmatic CSO is Here!


Read the Intro and Get
"5 Tips to be a Better CSO"


www.pragmaticcso.com [6]

Top Security News

here [7]) This is actually something I talk about frequently and am usually greeted with blank stares. Candidly, I don't think there is a right or wrong answer. And Tim is correct, when the incident goes down - even the most practices and comprehensive plan will need to be adapted on the fly. You can't prepare for every scenario, but you MUST prepare for some. I equate it with my time at Engineering school. I don't do linear optimizations or simulations anymore, but my education taught me how to solve a problem. How to find the resources to get a job done. And how to adapt to changing situations. It's those lessons that have served me throughout my career, not how to find the area on the inside of a sphere. An incident response plan can't teach you how to think, but it will start to get your head around the logical progression of events that need to happen. Depending on the situation, those events may differ a bit, but ultimately you'll need to do certain things (contain the problem, fix the mess, notify the powers that be, etc.) and if you don't practice A LOT, you won't be ready. And you need to be ready.
Link to this [7]

here [8]. The early reviews have been good and I can't stress the importance of "assurance tools" enough. The bad guys do not adhere to a code of ethics and you need to ensure your environment will stand up to the heat. The only way to do that is to use live ammo. Or at least paint balls. Some folks won't run open source exploits, but there are commercial alternatives. We will increasingly see "security assurance professionals" who's job in life is to test the security of the systems that run your business. Those folks need tools like this, and even if testing is only one (small) part of your job, don't neglect it. I can assure you the bad guys are getting very familiar with Metasploit 3.0 right about now.
Link to this [8]

here [9]). It's all about volume. The volume of spam and other bad email ebbs and flows, and fundamentally organizations need to decide if it's their job to manage the flows. Like last November when image spam hit hard. Lots of companies were caught flat footed and they needed to buy a lot more equipment to keep up with the volumes. That's always fun at the end of the year when you are trying to complete your strategic projects. Farming that task out alleviates all of those problems. Volumes are the other guy's problem now. Is it more expensive? Sometimes yes, and sometimes no. And sometimes organizations have very specific policies that can only be implemented on their own site, with their own gateway. My point is that you should at least take a look at a managed alternative when your maintenance renewal comes up. It can't hurt to look, right?
Link to this [9]

The Laundry List

BioPassword updates it's enterprise offering, optimizing for Citrix. - here [10]
Cisco revs IP surveillance technologies. Big Brother is watching. - here [11]
I guess Websense is OK too, announcing an offering exactly like McAfee's OK - but a day late (and probably a dollar short). - here [12]
Finjan discovers that malware still exists and it's coming to a neighborhood near you. - here [13]
Webroot confirms that malware exists. Got to love these quarterly "research" reports. Thank you Captain Obvious. - here [14]

Top Blog Postings

here [15]) and largely comes to the same conclusion, though I'm not sure he realizes it. SIM can be useful for incident response, BUT ONLY IF YOU DON'T MESS WITH THE RECORDS. Any kind of normalization, data reduction or anything else is a no-no. You mess with the data, it ceases to be evidence. And given the amount of data we are talking about, you are probably looking at a purpose-built device to solve the problem.
http://chuvakin.blogspot.com/2007/03/anton-security-tip-of-day-9-but-he.html [16]
Link to this [16]

http://www.realtime-itcompliance.com/information_security/2007/03/dont_be_a_security_slacker.htm [17]
Link to this [17]

http://www.riskbloggers.com/irawinkler/2007/03/the-most-important-thing-in-security-is-responsibility/
 [18]Link to this [18]

http://blog.securityincite.com/ [19]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [19]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-march-28-2007

Links:
[1] http://securosis.com/2007/03/27/we-cannot-tolerate-this/
[2] http://www.episteme.ca/index.php?/archives/272-Fear-and-Weakness.html
[3] http://technorati.com/tag/information%20security
[4] http://technorati.com/tag/CSO
[5] http://www.pragmaticcso.com
[6] http://www.pragmaticcso.com
[7] http://www.darkreading.com/document.asp?doc_id=120472
[8] http://blogs.zdnet.com/security/?p=140
[9] http://www.networkworld.com/news/2007/032307-question.html?nltxsec=0326securityalert1
[10] http://biz.yahoo.com/iw/070326/0230550.html
[11] http://biz.yahoo.com/iw/070327/0231039.html
[12] http://biz.yahoo.com/prnews/070327/latu079.html?.v=94
[13] http://biz.yahoo.com/prnews/070326/uksu001.html?.v=69
[14] http://biz.yahoo.com/bw/070328/20070328005407.html?.v=1
[15] http://pmelson.blogspot.com/2007/03/me-vs-mike-rothman-could-i-possibly-win.html
[16] http://chuvakin.blogspot.com/2007/03/anton-security-tip-of-day-9-but-he.html
[17] http://www.realtime-itcompliance.com/information_security/2007/03/dont_be_a_security_slacker.htm
[18] http://www.riskbloggers.com/irawinkler/2007/03/the-most-important-thing-in-security-is-responsibility/
[19] http://blog.securityincite.com/