July 31, 2007 - Volume 2, #112

Good Morning:
Dead. Gone. Sayonara. End of the road. Yes, that's right. My power supply Hail Mary didn't pan out yesterday. So the PC is gone. Moved on to the great junk heap in the sky. Or more likely the computer recycling center, after I strip out all the interesting hardware.

What was general annoyance has now become pretty sharp anger. I'm just pissed because going out and buying a new machine will cost time and money. I won't lose any data, so that is a positive. But I'm not looking forward to setting up the new machine over the weekend. It's not like I don't have better stuff to do. Reinstalling software, copying files, testing everything before my trip to Metricon on Monday. What a hassle.

My annoyance was compounded in trying to explain to the Boss why some machines last 5 years and some only 2. A general discussion of MTBF (mean time before failure) wasn't going to work. So I just held my hands up, gave a shrug, and got back to work on the Mac. I'll get home from Black Hat, make a beeline to one of the computer retailers, be somewhat thankful that the computer died the week before school starts - which is a tax free weekend in GA - and move on. What else can I do?

Speaking of passing on, I was saddened to hear of the passing of Bill Walsh yesterday [1]. Walsh was a legend, even though I'm no 49ers fan - the innovation that Walsh's teams brought to the league still amazes today. His legacy will be more than the Super Bowl wins, but the number of players and coaches that have prospered in the NFL under his tutelage. Have a good trip Bill, all football fans will miss you.

While I'm on the topic of football (one of my favorite topics, besides myself), things aren't looking good for hometown QB Mike Vick. One of his posse rolled yesterday [2] and that's not a good thing for Vick. This guy didn't even have a deal on the table in exchange for a guilty plea, which means the evidence must be pretty damning and ironclad. Word is the US Government Attorney is going to expand the indictment sometime next month. What a train wreck. What's next, a low speed white Hummer H2 chase through Metro Atlanta?

I guess I wasn't surprised to see on Monster an ad for NFL-caliber QB - position requires solid moral and ethical compass. Membership in PETA and Westminster Kennel Club a big plus. Sure Stabler and Pastorini were a bit wacky, maybe trashed a hotel room or ten, but some of the stuff the NFL guys do today is appaling. What is it with these kids today? Vick couldn't just buy a share in a strip club or something? OK, off soap box.

I'm off to Black Hat. Hope to see many of you there. Have a great day.

Technorati: Information Security [3], CSO [4]

[5]	The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6]

Top Security News

eWeek column, by Steven Vaughn-Nichols [7], does some interesting derivative analysis. Basically his contention is that not only was Fox compromised, but also any of their syndication partners that feed content to the news organization. You don't need to be a brain surgeon to extrapolate a bit further and see the clear downside of this information-sharing based network economy. Lots of folks have talked about the need to perform some due diligence on trading partners to make sure their security is up to snuff. The reality is that's a fools errand. Unless you are constantly assessing and monitoring the partner's network, you won't know when things have adversely changed, thus impacting your security. The answer? Drum roll please... There is none. Basically, you need to assume that the partner's network is compromised and share only the bare MINIMUM amount of data required by the business process and isolate any access the partner has to your environment. Oh yeah, you also need to monitor the crap out of your networks to make sure you are on top of any possible malfeasance.
Link to this [7]

NetworkWorld does a reasonably exhaustive review of NAC gear [8] and come to the conclusion that (for the most part) pre-admission NAC works pretty OK. Too bad that is the least interesting part of NAC. Symantec takes home the prize with Forescout, Lockdown and Juniper coming in close behind. McAfee and Cisco bring up the rear. The challenge with this kind of review is that they are just assessing one feature, albeit the feature that most unsophisticated buyers would call NAC. The products are also pretty early, given the issues in complex policy configuration and crappy reporting - both hallmarks of immature product sets. So NAC will get here, it's just going to take a while. I've spoken to a bunch of folks in and around the NAC business (users, VARs, etc.) and there is interest - but people are still trying to figure out which NAC is up.
Link to this [8]

Crackberry.com about Blackberry's upcoming support of WiFi [9] is a case in point. It seems folks that don't know much of anything are figuring putting a WiFi radio in a Blackberry creates all sorts of security concerns. Actually, not so much. First, it seems that all the Blackberry will do is sync up data (as opposed to support voice) and pretty much since the beginning of time, the BB has encrypted the transmissions between the device and the BES server (or Internet service). Just because the communications medium is different, doesn't mean the protocols riding on top change. The other major attack vector is connecting to a bogus access point and downloading a Trojan. Anyone know of a Trojan that will 0wn a Blackberry? I don't. So this is, once again, much ado about nothing. At least for now... 
Link to this [9]

The Laundry List

Top Blog Postings

http://www.securitydreamer.com/2007/07/featured-post--.html [14]
Link to this [14]

http://blogs.zdnet.com/Ou/?p=636 [15]
Link to this [15]

http://robnewby.blogspot.com/2007/07/driving-data-security-forwards.html [16]
Link to this [16]

http://blog.securityincite.com/ [17]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [17]