logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - December 14, 2007

By Mike Rothman
Created 2007-12-14 07:26
Today's Daily Incite

December 14, 2007 - Volume 2, #163

Good Morning:
Although the stock market has been a bit turbulent over the past few months, the major averages are still up nicely for 2007. Not too many more nicely than Apple, and Google has certainly done OK too, especially given the rapid run-up over the past two years. Both of these companies have super-sized market caps that would make Ronald McDonald proud. I also heard the Hamburgler is thinking about coming out of retirement to get some of that. OK, maybe not - but I just had to work the Hamburgler into the piece. Love the Hamburgler.

Cut the CordBut how do these companies maintain such astounding growth rates, given the size of their companies? They need more customers to use more of their stuff. Brain surgery, right? I can only look at my own purchasing and use habits, and I know I am consuming a lot more Apple and Google than I have in the past. Although my Mom may like to think I'm "unique," I suspect there are a lot of people with buying habits similar to mine.

I've got 4 Macs now (yes I bought the iMac, so I could stop using that nightmare that is Vista), a bunch of iPods, and I'm increasingly using Google for a lot more things. With word that Google can natively sync with the Blackberry calendar [1], it's time to now revisit whether I can leave Microsoft in the rear view mirror. At least for a little while.

The reality is that I've been held captive by Microsoft Exchange's superior integration with the Blackberry for years. I pay about $22 per month for my hosted Exchange service, and I'm starting to scratch my head and wonder if I'm still just married to my old corporate mentality and whether it's time to really cut the cord. I don't use Tasks and I don't use the Memopad often at all, so having to actually sync with my desktop (using PocketMac [2]) probably isn't that big of a deal.

Now I haven't used the Gmail application on the Blackberry, but I hear it's outstanding. But the key attraction of the Blackberry has always been push email. Do I really need instantaneous email? I probably won't get back to you instantaneously anyway. Won't email through IMAP to a mailbox provided by one of my 3 different hosting providers suffice? I'm trying to restrict my email usage to a morning and evening block anyway.

I've been waiting for Mac Office 2008 mostly for the allegedly enhanced connectivity with Exchange. But now it seems Microsoft is backpedaling a bit relative to how well Entourage 2008 will really stack up to Outlook [3]. It's just ridiculous that I need to run Windows on my Mac mostly for Outlook. It's even more ridiculous that I'll need to wait for better Exchange support to roll out in phases. The situation is pretty much non-tenable at this point. In my opinion, Entourage 2004 is the worst email client I've ever used. If Entourage 2008 is only marginally better, then it will still suck. And E 2008 still won't be able to import Windows Outlook .pst files, so a bunch of my old mail will still be trapped in Windows land, unless I want to use a cludgy work-around. Arghhh.

So I guess I'm wondering about this entire Microsoft hegemony. I'll need to get some more feedback from folks I trust, but it may be time to give iWork '08 a try as well. It takes a few more steps to work with the Office file formats, but it can be done. Or maybe I'll just go with Google Apps. I wonder if the editors I work with would take a link, instead of an attachment to the pieces I write every month? Then I can use Google Apps to provide my mail and calendar (since it's natively integrated with the BB now). I can also start using GDocs and the spreadsheet program as well. When was the last time I really needed a pivot table?

I think it's time to cut the cord. The more I think about it, the better idea I think it is. I'll ditch my hosted Exchange Service and try out Google Apps. I'll save about $200 and probably be a lot happier. Even after buying iWork, I'll still be ahead $120. Maybe I can push out the Mac Office 2008 upgrade (which will set me back $300 big ones). By then I'll have played around with Pages and Keynote enough to know whether I'll be able to make it work. I've heard good things about OpenOffice as well.

Am I crazy? Will I come running back to MSFT Office with my tail between my legs by February? Will Captain Privacy's hidden subliminal messages finally convince me that having all my stuff with Google is a bad thing? If anything it will be an interesting experiment. Interesting indeed.

In terms of properly managing expectations, publishing of TDI will be kind of lumpy through January. Between holidays and other work commitments, my goal is to do 3 next week to finish the year and then review the 2007 Incites during Xmas week. In January I'll be publishing when I can, but figure at least 2 TDI's per week. Have a great weekend.

Cutting the Cable image originally uploaded by George Reilly [4]

Technorati: Information Security [5], CSO [6], Security Mike [7], Internet Security [8]

The Pragmatic CSO [9]
The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com [10]
 Get Your Special Report:
6 Easy Steps to Protect Your Identity
and
get access to Security Mike's Portal today

www.securitymike.com
 [11]
Security Mike's Guide to Internet Security [12]

Top Security News

ITIL [13] is, but go with me here) is gaining steam because the complexity of today's IT environment requires an abstraction to help get our arms around it. Well, security is in the same boat and I've been hearing folks talk about applying ITIL practices to security for at least 18 months. Now it seems some folks are actually doing it, according to this NetworkWorld coverage. [14] Personally, I don't care where the program/framework/processes, etc. come from. As long as it's focused on solving on protecting the most important assets of the organization and structured in a way to ensure you can communicate your achievements, I'm all for it.
Link to this [14]

Opera deciding that complaining to the EU [15] was actually a better idea than competing in the market. Now if IE still had 97% market share, they may have a point. But with Firefox continuing to grow and make inroads, Opera just seems like they are suing because they can't compete. Basically it seems their entire intention is to figure out a way to be distributed with the base OS. Here's another idea, actually go to the PC makers and see if they are interested in bundling your app. Oh yeah, a little detail... customers don't want it. As evidenced by the special, Windows without Media Player version that was a result of Real Networks suing Microsoft in Europe, or something like that. I'm pretty sure that everyone is free to load software onto their devices and to use alternative technologies to the stuff that Microsoft bundles in. How many of you are using Windows Mail? Right, you can load up whatever is the standard for your companies email client. But I guess the mobile browser game is OK because it can fund Hail Mary's like this.
Link to this [15]

"New and Built in security technologies could soon make the PC safer than ever" [16] is a welcome idea. But then he goes on to talk about TPM. Right the Trusted Platform Module. What problem does having an on-board encryption chip solve again? Oh yeah, what about all the software that would be needed to use it in practice (I spent $30 million of other people's money in the late 90's to prove that if ANYONE has to do ANYTHING to make encryption work - they won't)? What about the fact that the data and user's identity is then married to the device. I know I use 3 devices very regularly, so that won't work for me. Then he goes on to talk about anti-bot technology and a sort of LoJack for your PC. But the close is the killer: "When these features are coupled with Vista SP1 and an adequate biometric authentication system, enterprises should be able to provide an unprecedented level of data security." An "unprecedented level of data security," by securing a laptop? There seems to be a disconnect about what data security is. I guess when all you know is a PC, everything looks like a laptop.
Link to this [16]

The Laundry List

  1. What's next OysterNAC? Sourcefire's plan to make customers pay for ClamAV support is to add DLP. Good luck with that. - Sourcefire release [17]
  2. nCipher shops at the NeoScale fire sale. Amazing what $2 million will buy you nowadays. - nCipher release [18]
  3. What is Security Risk Management again? I'm not sure, but you can now get it as SaaS from TraceSecurity. Remember the good old days when companies would actually try to create new categories, as opposed to everyone jumping into the same poorly defined buckets?  - TraceSecurity release [19]
  4. If at first you don't succeed...try try again. Marc Maiffret suddenly sees and decides to leave eEye to start another venture. Actually he's been gone since September, but no one seemed to realize he was missing. - NetworkWorld coverage [20]

Top Blog Postings

http://blogs.ittoolbox.com/security/adventures/archives/security-must-have-a-seat-at-the-table-21147 [21]
Link to this [21]

http://www.matasano.com/log/1002/the-wikipedia-advertising-vulnerability-and-how-not-to-mess-it-up/ [22]
Link to this [22]

http://securosis.com/2007/12/10/data-and-application-security-will-drive-most-security-growth-for-the-next-3-5-years/ [23]
Link to this [23]


http://sm-blog.securitymike.com [24]

Check out the latest on the Security Incite blog
http://blog.securityincite.com/ [25]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [25]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-december-14-2007

Links:
[1] http://googlemobile.blogspot.com/2007/12/no-more-excuses-for-being-late.html
[2] http://www.pocketmac.net/
[3] http://blogs.msdn.com/macmojo/archive/2007/12/12/it-s-about-the-data.aspx
[4] http://www.flickr.com/photos/george_v_reilly/361368348/
[5] http://technorati.com/tag/information%20security
[6] http://technorati.com/tag/CSO
[7] http://www.tecnorati.com/tag/Security%20Mike
[8] http://www.technorati.com/tag/Internet%20Security
[9] http://www.pragmaticcso.com
[10] http://www.pragmaticcso.com/
[11] http://tdi.securitymike.com
[12] http://tdi.securitymike.com
[13] http://en.wikipedia.org/wiki/ITIL
[14] http://www.networkworld.com/news/2007/120607-itil-security-management.html
[15] http://biz.yahoo.com/ap/071213/eu_microsoft_browser_wars.html?.v=3
[16] http://www.darkreading.com/document.asp?doc_id=139720
[17] http://biz.yahoo.com/bw/071212/20071212005127.html?.v=1
[18] http://biz.yahoo.com/bw/071211/20071211005488.html?.v=1
[19] http://biz.yahoo.com/prnews/071212/clw043.html?.v=101
[20] http://www.networkworld.com/news/2007/121207-eeye-founder-calls-it.html
[21] http://blogs.ittoolbox.com/security/adventures/archives/security-must-have-a-seat-at-the-table-21147
[22] http://www.matasano.com/log/1002/the-wikipedia-advertising-vulnerability-and-how-not-to-mess-it-up/
[23] http://securosis.com/2007/12/10/data-and-application-security-will-drive-most-security-growth-for-the-next-3-5-years/
[24] http://sm-blog.securitymike.com
[25] http://blog.securityincite.com/