November 1, 2007 - Volume 2, #149
Good Morning:
It's the first day of November. How did that happen? I'll tell you,
this year has been a blur. But on the first day of November, we in Chez
Rothman always take a breath to celebrate a bit. It's my oldest
daughter's 7th birthday today. Hard to believe that it's already been 7
years. I remember it like it was yesterday and it kind of feels like it
was. Of course, I had a lot more dark hair back then, but I feel pretty
much the same. Leah has become quite a spectacular little
girl, so I guess it has been 7 years - but it doesn't seem that way.
It's been an eventful 7 years for all of us. I remember staying up all
night watching the 2000 election returns. Hanging chad, anyone? Leah
was
4 days old and under a billi-light to deal with birth-onset jaundice
while I learned more about electoral law than I ever wanted to know.
It really does seem like yesterday, but it also seems like a lifetime
ago. That's the thing about memory, you kind of lose track of time and
context.
Leah has seen a lot of change in her 7 years - 4 houses and 4
schools. Oh yeah, two siblings have shown up as well. She
still remembers living in Virginia. The twins don't, they were less
than a year when we moved to Atlanta. I'm on my 5th "job," if you count
the two months I was employed by Authentica after the SHYM deal closed.
Over a 7 year period I guess a lot does change. I've had unbelievable
highs and some pretty low lows.
Sometimes I wonder what the next 7 years has in store. But not too
much. I'm pretty happy just letting it roll nowadays. At work, I'm
operating more on a project/product basis. I have a few big ideas that
are constantly gestating in my head and I'll get to them - when I get
to them. I've got decent optics on this projects/products I'm working
on right now and the next 2 or 3 that will hit over the next 6 months
or so. Beyond that, I'm not sure. To be honest, I love the flexibility.
That may be the biggest change of all over the past 7 years. I've
thrown out the Gantt chart that specified wealth and materialistic
milestones.
When I lived in Virginia, I had one of those motivational posters in my
home office. It said, "Success is a journey, not a destination." I'm
not even sure what success means anymore, but I'm trying my best to
enjoy the journey. I hope you are doing the same.
Have a great weekend.
Technorati: Information
Security [1], CSO [2],
Security
Mike [3], Internet
Security [4]
 [5]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and pre-order your copy today www.securitymike.com [7]  [8] |
Top Security News
the folks as SANS discuss - this is the
first indication of a professional, business oriented Trojan being
built for the Mac [9]. There is a screen shot on
the Sunbelt blog [10]. Does that all of us Mac fanboys need to go
out and get AV? Of course not, since we (as security professionals)
should know better than to install a random codec when surfing adult
sites. More interesting to watch will be Apple's response to this. Will
they release a little DNS changer patch to restore the settings? Will
they change their tune on AV? Will this result in the AV industry (all
3 or 4 companies that sell Mac AV) jumping on the Mac as a new
opportunity, especially in light of continued OS X market share gains?
Interesting times for sure.
Link to this [10]
McAfee continues to exercise their
checkbook, this time buying the folks behind the HACKER SAFE service [11]
for $51 million, with another $24 million riding on an earn out. To be
clear, I've never been a fan of these low cost (like $99/year) web site
"certification" services. Personally, I've always thought these certs
set the wrong expectations with consumers. Since a large scale attack
usually involves much more than just a simple web application or
network attack,
the fact that a web site is scanned everyday doesn't really mean much.
But it seems consumers do feel safer with these certs and will spend
more money, based on this MarketingSherpa study [12].
Though when I put myself in McAfee's shoes, this deal makes a lot of
sense. DeWalt is thinking out of the box, that's for sure. This deal
brings 8,000 primarily small business customers into the fold. Now the
success of the deal will hinge on a compelling bundle of
products/services to follow the HACKER SAFE offering. Scan
some folks, find out they are broken and sell them some more stuff.
This is McAfee's new SMB Trojan, especially for their channel - who are
now in a great position to fix the issues found during the scans.
Link to this [12]
The title of this coverage on the Big4alumni
blog is that security is "getting stronger." [13] But I will push
back on that conclusion. Because we continue to spend money DOES NOT
mean we are more secure. If anything, the fact that monitoring and
enforcement are lagging means we really have no idea whether we are
more secure or not. Just because you have a firewall in place doesn't
mean it's configured correctly. That's what kills me about these
studies and most security practitioners as well. They think throwing
money at the problem will fix it. As the elfin security guru (just ask
him) says, "Security is a process, not a product." I think that's his
quote anyway. And monitoring is a key part of that process. We may as
well flush that money down the drain because if we can't substantiate
what we do and contain damage that is occurring, then why are we even
bothering?
Link to this [13]
The Laundry List
- Deal: Cisco acquires Securent for $100 million. This is pretty interesting because Securent managed entitlements in applications. Looks like Cisco is finally trying to get some application layer security, but applications don't have flashing lights and plugs. - Cisco release [14]
- Speaking of throwing money at the problem, IBM plans to spend $1.5 BILLION on security product R&D in 2008. Not sure they can find the resources to do that effectively, but big companies spending big money is not usually a bad thing for the ecosystem. - AP coverage [15]
- Big research gets bigger. Gartner announces Q3 with modest 13% revenue growth and 18% contract value growth. They did reduce expectations for events revenue. More interesting is a 102% wallet retention rate, which means clients continue to write bigger checks to Gartner every year. - Gartner earnings release [16]
- Another integrated security management device is upon us. eIQnetworks joins Q1 by announcing a SIM with NBAD and visualization and whatever GRC means. Yes, I know what the acronym stands for, but I don't know what it means. - eIQnetworks release [17]
Top Blog Postings
http://spiresecurity.typepad.com/spire_security_viewpoint/2007/10/no-such-thing-a.html [18]
Link
to this [18]
http://www.bloginfosec.com/2007/10/23/how-i-unmasked-a-craigslist-poster/ [19]
Link
to this [19]
http://www.realtime-itcompliance.com/identity_theft/2007/10/many_kinds_of_identity_theft_c.htm [20]
Link
to this [20]
http://securitymike.blogspot.com [21]
Check out the
latest on
the Security Incite blog
http://blog.securityincite.com/ [22]
Read the
most recent Daily
Incite
http://securityincite.com/security-incite-rants/daily-incite [22]