June 26, 2007 - Volume 2, #98
Good Morning:
Thank you very much (in my best Elvis voice). It's great to be back
here at the Incite Cafe. After a loooooooooooong weekend, it's time to
return to some normalcy. The Boss was at a family event this weekend,
so she was gone from Friday afternoon and didn't return until the wee
hours of the morning last night. So it was a Mr. Mom long weekend, and
it
was a lot of fun. But I can't say I was overly productive on the work
front, which is fine by me.
Evidently drugging the kids before they go to bed is a good idea, since
they slept in on both Saturday and Sunday. Lots of activities and a
trip to the pool kept us busy all weekend. And getting the 3 of them
ready for camp yesterday was a lot of fun (I don't envy my wife for
doing that pretty much every day). Another highlight was trying to do a
call with some clients yesterday afternoon, with the twins parked in
front
of Dora. That is, until a driving rainstorm knocked out power, so no
more Dora. The good news is they didn't miss a beat and my UPS worked.
I also entered the world of virtuality. No I didn't spend all weekend,
with the Boss away, building a fiefdom in Second Life. It's hard enough
for me to stay on top of my First Life, so the idea of adding a second
one is just not interesting. I went virtual on my MacBook, and it's
very niiiiiiice (in my best Borat brogue). I did agonize a bit between
Parallels and VMWare Fusion, but ended going with VMWare. It's still a
bit raw (it only corrupted one virtual machine - causing me to start
over - thus far) and the best
feature (Unity) isn't available for Vista yet. But I'll be patient, and
I figure VMWare will get it right. And it's half the price until the GA
release hits in August. I like that!
Basically I only need it for email and GoToMyPC, whose Universal Viewer
on the Mac is pretty weak. Yes, I know there are lots of ways to
interact with
Exchange from the Mac, but they all pretty much suck. Until Mac Office
2008 ships (which should be soon), Outlook is still far and away the
best way to interact with Exchange. So that was the main driver for me
to go virtual, since it will cost me less to do that than to move my
email to Zimbra.
I'm running Vista in the VM and I can confirm (or deny) that User
Account
Control does interfere with things. But not that much. The arrows shot
by Apple are a non-factor (though great marketing) because I get almost
as many requests for authentication from Mac OS X. My biggest issue is
that UAC doesn't ask for a password. Maybe because I'm logged in as
Administrator (Hmm. Maybe I shouldn't be doing that?) it assumes I'm
trusted. That's a bad assumption IMO.
It was also weird to have to start worrying about AV again, but that's
the Windows world we live in. I'm also using NAT (as opposed to
connecting the VM directly to the Internet), so I can leverage the
mobile VPN running in Mac space and the Mac firewall. So far, so good.
Having Windows
available to me while traveling may come in handy some day. Stranger
things have happened.
Have a great day.
Technorati: Information
Security [1], CSO [2]
 [3] |
The
Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [4] |
Top Security News
as covered by the AFP [5]. Then the
blow hards in Congress give the Homeland Security CIO a beat down on just how insecure that agency is [6].
It turns out DHS got shredded during an internal pen test [7].
As always there are lessons to be learned here, including the
complexity of trying to secure an environment comprised of over 20
different fiefdoms, with little central control, even less
collaboration, suspect funding and little accountability. Is it any
wonder it took 2 years to fill the cyber-czar position? The Feds have
problems on the scale that no other organization on earth has to deal
with. So if you don't work there, thank the heavens that you don't. If
you do? Hemlock is one option. Or continuing to fight the good fight
because there really isn't any other option. And just know a few years
in that purgatory will position you for a good private sector job soon
enough.
Link to this [7]
Harry Potter hack [8] seems to be yet
another wily social engineering scheme. Though I can't wait for my book
to show up in late July and I'll be disappearing for a few days. I
don't want to take the risk of a spoiler ruining it for me. The Paris job is a little bit worse [9]
because it goes to show how a stupid commerce web site can absolutely
kill you. Those jackasses has little to no security on their website.
So change a URL and get access to the subscriber database. I guess I
don't feel too bad for the folks that were compromised, since they
probably aren't
the sharpest tools in the shed. $20 for a 30-day subscription?!?!?
Evidently
they don't realize there is lots of free stuff available. Or so I've
heard.
Link to this [9]
closed the IronPort deal yesterday [10]
and with it took the opportunity to relaunch their Self-Defending
Network story. Personally, I think the closest we'll ever get to a
self-defending network is watching the Terminator or maybe Battlestar
Galactica, where the machines gain consciousness. Interestingly enough,
and counter to some of my public statements, Cisco plans to add
reputation to their routers and switches. Hmmm. I still don't get it,
despite NetworkWorld's attempts to explain it [11].
I understand how reputation can certainly make content security more
effective, but network security? I'm still not getting how reputation
does much on a UTM device or even a switch. But Cisco has now taken
that potential differentiator off the table from everyone else with a
reputation system. Not sure if you noticed but this whole SDN 3.0 thing
is about both infrastructure and information/data security, as Cisco
pokes its head into the content layer. Having lived through the early
email security wars, I can tell you network security and content
security are TOTALLY different animals. We'll see if Cisco figures that
out. On a related topic, IronPort
resellers are worried about margins [12], and they should be.
Margins will go down, but resistance is futile.
Link to this [12]
The Laundry List
- Mirror mirror on the wall, who is the most secure of all? Vista? You have to be kidding me, but the answer really doesn't matter because they are all distinctly insecure in the hands of the common user - eWeek article [13]
- Speaking of eWeek, private equity takes out ZD's Enterprise Group. Good luck with that. Publishing is a hard business. - ZD Release [14]
- Your firewall sucks, so buy a new one. OK, Palo Alto isn't saying that, but they really are. The question is whether users understand that UTM isn't a new kind of firewall. - NetworkWorld coverage [15]
- Why buy it once, when you can buy it twice for twice the price? eIQ and Mazu combine SIEM and NBA, which is a good idea, but they seemed to miss the part where customers said they want INTEGRATED solutions. - Mazu release [16]
Top Blog Postings
pick a good market [17]. That is the #1
reason for company
success or failure. The good news for Jeremiah and the other handful of
players focusing on application security is that it's a fantastic
market. It's early, but it's big. Jeremiah's point of the post is to
rationalize (at least from his perspective) the reasoning for the SPI
and Watchfire deals. I've covered that already and I largely agree with
JG's viewpoints. I also believe that web application security is a real
segment and I'm surprised there isn't more start-up activity.
http://jeremiahgrossman.blogspot.com/2007/06/web-application-security-market-is-hot.html [18]
Link
to this [18]
http://mcwresearch.com/archives/496 [19]
Link
to this [19]
http://www.cutawaysecurity.com/blog/archives/156 [20]
Link
to this [20]