July 24, 2007 - Volume 2, #108
Good Morning:
I'm hoping it's true that "an apple a day keeps the doctor away." Never
one to go for the mean, I'm going for 5-7 apples daily for the next 7
days (actually next 5 days because I started on Sunday). As I mentioned
yesterday, I kind of fell off the health and wellness wagon for two
weeks and it was time to get back on. But I do have other motives for
the Apple plan, and it not just because I love my MacBook and iPods.
There is a history of colon cancer in my family. Colon cancer has some
bad juju,
especially if you don't catch it early. Though not yet 40, I've got my
first colonoscopy scheduled for next month. My Doctor said the age of
diagnosis is trending downward. That's not good news. I'm opting for
knowing, rather than playing the odds that I've got no problems. Given
that I had
been a bad boy lately and the news of my imminent scoping, I'm not
waiting to get back into fighting form. So what the hell, I
decided to try a cleansing and detox program for a week.
Then I'll be clean as a whistle for Black Hat.
I could have done a juice-only cleanse or
even a full-on fast. But that is a little hardcore, even for me. So I
went with the "apple cleanse [1]."
All I do is eat apples until dinner. For dinner I have a small entree
(200-300 calories - no meat) and lots of steamed vegetables. I take
some supplements and fiber to accelerate the cleansing, and it's
working. I'll do this for a week. Today (which is day 3), I'm feeling
good. My Mom warned me not
to stray too far from the bathroom this week, but it hasn't been bad at
all. I do keep a pretty high fiber diet most of the time anyway (lots
and lots of salad), so I guess it's not that much of a departure.
One more thing, I'm sure many of you couldn't care less about my health
trials and tribulations. Sorry about that, but as I've always said - I
write the Incite for me and I'm just fortunate that other folks find
value in it. This is what I feel like writing about this AM. Now back
to our regularly scheduled programming, since I
need to go drop
the kids off at the pool [2].
Have a great day.
Technorati: Information
Security [3], CSO [4]
 [5] |
The
Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Top Security News
hyping
up the big new iPhone exploit [7]. Funny that the Errata guys
haven't weighed in on this hole, since they tend to push the Apple
security bandwagon as much as anyone. Of course, the Apple fanboys come
rushing to the defense of 1 Infinite Loop, but the reality is it's
a losing battle. Everything can be broken and the unprecedented hype
around the iPhone makes it a plum target for the bad guys. Not that
this attack is so special, though getting access to the password vault
could be problematic for those folks doing banking or trading on their
iPhone. What it really shows to me is the need for anyone with an
Internet connected device to know about good security practices. Like
not storing your very sensitive passwords on the iPhone, for instance.
As Naraine points out, this drive-by attack doesn't require the user to
do anything but connect to a bogus hotspot or web site. Unfortunately,
this is going to be the first of many issues identified with the
iPhone. So if you have one, make sure to keep it up to date and patch
it immediately when an update hits. Connect to WiFi only in trusted
places, and don't click on random links. Not a lot different than what
you should be doing with your laptop.
Link to this [7]
InformationWeek
piece on how GE Healthcare
has embraced encryption [8] is interesting, they are phasing it
in (starting with laptops and then moving on to structured and
unstructured data, storage, backup tapes, and USB drives) and clearly
they
plan to encrypt everything. The risks of bad guys compromising the data
are real, but the complexity of managing the keys to all of that data
is also significant. Not sure this is an indication that encryption is
really ready for prime time, wide-scale deployment - but we'll see. We
need to protect data, the question is what's the best way to skin that
cat.
Link to this [8]
Wharton
is running with a little help from
their friends at Gartner [9]. Technology is a business function,
yet so many technical people are not trained and really don't
understand pretty simple business acumen. I do wonder how a CIO would
be placed in the position without some semblance of business skills,
but I'm probably not supposed to think that hard about it. For those of
you that enjoy breaking things, you can check out this
program to become Masters in security
stuff [10]. Just bring your check for $21K and pray these folks
get accredited. The reality is you are much better off looking at existing
programs [11]. I'm all for
start-ups, but not when I'm investing 20 grand for a piece of paper. I
need to make sure the parchment will be worth the plaque it's mounted
on.
Link to this [11]
The Laundry List
- Looks like NAC is taking off in education and government. Not surprising, though anyone care to bet which vendor this is - with over 1,000 NAC customers? I'd bet it starts with C and ends with -isco. - NetworkWorld VPN newsletter [12]
- Check Point's quarter doesn't suck. Who knew? Certainly not the Street, as CHKP beats Wall Street estimates. - Check Point earnings release [13]
- EMC also announces. RSA is doing well, showing over 20% growth to a $125M top line. Worth $2.1B? Not clear yet, but 20% growth is pretty good. - EMC earnings release [14]
Top Blog Postings
http://riskmanagementinsight.com/riskanalysis/?p=228 [15]
Link
to this [15]
http://www.securitycatalyst.com/2007/07/20/the-psychology-of-fraud-revisited/ [16]
Link
to this [16]
http://jeremiahgrossman.blogspot.com/2007/07/7-deadly-sins-of-website-vulnerability.html [17]
Link
to this [17]