September 17, 2007 - Volume 2, #132

Good Morning:
All work and no play makes Mike... Well you know how that one turns out. I definitely have a love/hate relationship with product launches. I love the creation process. Taking an idea and making it into something. It provides a real sense of accomplishment. You focus all your efforts for weeks and months to get ready for THE DAY. Then as the day rapidly approaches, there are the million (it definitely seems like a million) little details that have to get worked out. The clock is ticking, the wheels are in motion, and there is always something that doesn't get done. Usually quite a few somethings don't get done.

I guess it's just the nature of the beast. Thankfully the Boss is pretty understanding when I go into crunch time. It only happens a couple of times a year, but I do tend to get pretty focused. Thankfully we had plans on Saturday night to go see see Matt Kirschen, one of the finalists from this season's Last Comic Standing, to provide a little bit of R&R. Kirshen's the little British guy. Having met him and chatted a bit after the show, I can tell you he is very little and pretty British. He uses words like cupboard and trench foot. Not your usual Americana dialog. He put on a great show - very funny with a dry wit. So if you have a chance to see him live (or any live comedy for that matter) - go do that.

I mean how many times can you see Bruce Willis or Russell Crowe shoot the bad guys and blow up things? I guess a lot, but in my humble opinion, there is nothing like live comedy. Live music comes in a close second.

But back to product launches. I've been mentioning this elusive "summer project" for a while, and within the next 24 hours I'll be taking the wraps off and providing a sneak peak to what I believe is the most important thing I've ever done. Career-wise anyway. The product will officially ship (so to speak) on October 15, but I'm doing a pre-launch and providing some good discounts to folks that jump on board early. The first couple of modules are hot off the presses, the shopping cart and web pages are fired up and ready to go, all I need to do is polish up the announcements.

Much more on that later. But now it's back to the remaining 500,000 details, so I can get this thing over the finish line.

Have a great day.

Technorati: Information Security [1], CSO [2]

[3]	The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [4]

Top Security News

their list of the "8 most dangerous consumer technologies" [5] and it's pretty predictable. Instant messaging is #1 and stalwarts web mail (#2) and USB drives (#3) follow close behind. Of course, we can't forget camera phones (#5) and Skype (#6). It's interesting they mention virtual worlds to bring up the rear at #8. I figure the biggest threat there is that folks that get immersed in that technology will lose their minds - Matrix-style. But they really missed the single biggest issue with consumer technology and that's the CONSUMER themselves. A jackass with a keyboard can do a hell of a lot more damage than instant messaging. I know a lot of folks believe that security awareness training is a waste for businesses, and my position on that is pretty clear. But it's all the MORE important to get education/training right for consumer markets and no one is really addressing that. Hmmm, that's an interesting idea.
Link to this [5]

NetworkWorld coverage of Jericho's latest conference [6] highlights some of the issues. It's not that Americans aren't getting the message, it's that it's not resonating. Probably for lots of reasons. Most of all is saving face. We've spent a ton of money and time building out our perimeter, so admitting that it wasn't the best use of money makes the guy who pushed for it look like an ass. Thus, you have an immune system reaction to Jericho because it's easier to keep the status quo than to admit you were wrong. To be clear, those still advocating a strong perimeter security posture are RIGHT, but even if they weren't - they wouldn't admit it readily. If you need some more perimeter ammo, Mike Chapple provides some other points in favor of the perimeter [7] in his SearchSecurity tip this month.
Link to this [7]

keyloggers in Internet Cafe (predominately in India) to cut down on terrorist communications [8]. Yeah, not so much. I'll leave the purple suit to Captain Privacy, but I believe this is a slippery slope. Sure the bad guys do things in public Internet locales, but they are also (if they are smart anyway) using anonymizing technology (like Tor) to stay further cloaked. But those details aside, the biggest issue is just the shear amount of data. It's kind of like the big dust up last year with AT&T allowing the NSA access to store huge amounts of phone calls. Has that worked? Who has the time or even the algorithms to wade through tons and tons of keystroke data and draw any kind of actionable conclusions. Maybe I'm just not privy to these kinds of analysis engines, but I suspect that's a pretty hard problem to solve. Make that a very hard problem to solve. FYI, I'm sure within 15 minutes of publishing this TDI, I'll have 10 vendors tell me they can do this. Ah, the wonders of 800 vendors in a space that can hardly support 100.
Link to this [8]

The Laundry List

Top Blog Postings

http://techbuddha.wordpress.com/2007/09/13/the-birth-of-the-endpoint-protection-platform/ [12]
Link to this [12]

http://chuvakin.blogspot.com/2007/09/guide-to-hating-competitors.html [13]
Link to this [13]

http://rationalsecurity.typepad.com/blog/2007/09/epiphany-the-vi.html [14]
Link to this [14]

http://blog.securityincite.com/ [15]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [15]