November 29, 2007 - Volume 2, #158
Good Morning:
I keep getting reminded almost every day that this new media thing is
disrupting
all sorts of existing business. Probably none more than the traditional
technology print media. It's not like the Big Tech Media folks (CMP,
IDG, CNET) are starving, but they are certainly not partying like it's
1999 either. Business changes and it needs to evolve.
I'll also lay a little more context in the fact that I'm an information
junkie. I have over 400 feeds in my RSS reader. I also get 40-50
different newsletters of some sort every day. No, I don't read every
word, but I skim and then dive down into the things that are
interesting. I like to get newsletters from the likes of NetworkWorld,
TechTarget, and eWeek. Not because I read everything they send to me
(and they send a lot to me),
but every so often there is something of value.
The key word there is SKIM. To keep up with the volume of crap that
comes at me, I need to be quick about getting through the morass and I
can only afford to handle a message once. So now that NetworkWorld is
only putting a frickin' single paragraph of their newsletters in the
email and forcing me to actually navigate to their web site to read
the article, it really impacts my ability to utilize their content.
In practice, unless that first paragraph is really compelling, I'm
sending the newsletter into the circular bin. If my job wasn't to wade
through all this information (most of it crappy), so you don't have to
- I'd just ditch all their newsletters altogether. They've made it hard
to consume their content. I suspect many people will opt out, which
could potentially kill their cash cow of selling advertising in the
newsletter.
Listen, I understand the need to try new models and to see which one
will yield the most from a revenue standpoint. But that doesn't mean I
need to like it.
Before I go, I want to wish my Mom and very Happy Birthday. She's
having a big milestone B-Day today and we are all ecstatic that now you
are taking time to enjoy the
spoils of all those years of hard work.
Have a great weekend. I'll see you in December!
Technorati: Information
Security [1], CSO [2],
Security
Mike [3], Internet
Security [4]
 [5]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [7]  [8] |
Top Security News
the new cybercrime bill that passed through
the US Senate [9] a couple of weeks ago (H/T to Steve Gold [10] for pointing it out).
It allegedly addresses a number of the loopholes within the previous
legislation in terms of now allowing victims (not just companies or the
government) to go after the bad guys without requiring a civil
proceeding. They also lower the bar on defining computer fraud subject
to prosecution under the federal statutes. In concept, I'm all for
tightening up the laws based on what we've learned over the past few
years of actually trying to go after these criminals. We've also seen
some fairly high profile prosecutions of bot masters and the like,
which is also good. Yet, there are a couple of things that also need to
happen in order to really take a bite out of cyber-crime. First, we
need better extradition arrangements with many of the countries where a
lot of the malicious activity happens. Yes, in some of the Eastern
European countries and South America and maybe even China. A guy
running a botnet from Seattle is taking some big risks. The same guy in
Estonia? Not so much... Secondly, we have to continue focusing on
training the consumer base about what to do and what NOT to do online.
Until we impact the revenue side of the equation, and make cybercrime
less lucrative, it'll be the same old same old.
Link to this [10]
automated patch management will be the next
subject of Network Computing's Rolling Review [11] process. I've
already vented a bunch of times about how annoying a rolling review is,
so I won't go there yet again. I'm also a bit surprised at the choice
of topic. This feels kind of like having a rolling review of AV or a
firewall. Patch Management is a pretty mature space now. Of course, you
have some vendors that are trying to transcend "patching" in lieu of
the broader "configuration management" discipline - which is were the
business really needs to go. So maybe I'm just a bit surprised at
dusting off the old Patch Management term. I think the biggest problem
they are going to have with this review is to actually get an apples to
apples comparison. How do you compare HP Opsware with WSUS? It's like
comparing a Howitzer to a .38. But ultimately for large organization,
getting a handle on configurations and patching is critical (for small
organizations too, but the pain is not as acute), so the results of the
review should be interesting.
Link to this [11]
Spam Arrest has won the right to keep their
trademark prevailing over the real purveyors of SPAM (as in the fake
meat) - Hormel [12]. There is bedlam in the streets of Seattle
now, rivaling the parties when the Sonics won the NBA Championship in
1979 (long live Jack Sikma!). Having been involved in useless trademark
litigation (and it was my company that was the plaintiff), it's all
about proving damages. I guess the folks at Hormel couldn't prove that
having SPAM ARREST on the loose hurt their ability to slowly, but
surely poison a large portion of the world that partakes in canned
lunch meat. Congrats to the Spam Arrest folks in standing their ground,
many of the other folks sued by Hormel settled. Although on a strictly
economic basis, it was probably cheaper to settle than fight. Let's
have a final cheer for the lawyers, who win regardless of the outcome.
Long live the billable hour.
Link to this [12]
The Laundry List
- I did a post on the Rants blog this week about the Fake Steve Jobs site being allegedly hacked. I speculate on what the attack may have looked like. And where else can you read "SquirrelBoy found with nuts in his mouth?". - Security Incite blog [12]
Top Blog Postings
Dan Morrill's original Top ten information
security issues to tackle now [13] piece. I need to drum on the
vamp a bit relative to the first point he makes. I'm all for having an
"evangelist" to play liaison between the security team and the
business. In fact, that is really the CISO's job. But to say that
everyone in the organization doesn't have to understand the
fundamentals of their business is just wrong. Having someone to
translate grungy technical speak does not let security professionals
off the hook for understanding how your employer keeps the lights on.
Even
a lowly firewall administrator needs to understand the business process
that underlies the traffic flows that the firewall is supposed to
protect, or how else can they do their job? The examples he uses (the
accountant making the sales pitch and the sales guy fixing their own
PCs) are contrived. At the end of the paragraph he softens a bit
relative to business savvy, but if anything that confuses his point.
Maybe I am misconstruing what LonerVamp is trying to say. So what is it
Mr. Vamp? Do
security folks need to improve their business savvy or not? I think
everyone knows where I stand on the issue.
http://www.terminal23.net/2007/11/morrills_top_ten_things_in_inf.html [14]
Link
to this [14]
http://blogs.computerworld.com/thanksgiving_gobblers [15]
Link
to this [15]
http://sm-blog.securitymike.com [16]
Check out the
latest on
the Security Incite blog
http://blog.securityincite.com/ [17]
Read the
most recent Daily
Incite
http://securityincite.com/security-incite-rants/daily-incite [17]