January 22, 2008 - Volume 3, #7
Good Morning:
I remember the first time I fixed something in my in-laws house. I
replaced a light switch or something like that. They were absolutely
shocked and wanted to check out my family tree. Guys like me aren't
supposed to handy. As long as we
have the plumber, electrician and handyman on speed dial, it's all
good. I am
happy to say that I'm a fairly handy dude. My first car was a VW bug
and I spent many a day futzing around with the engine and installing a
kick-ass sound system.
Even today, I routinely do simple plumbing,
electrical and home theater wiring. I'm a mean plunger, have sweat
soldered
copper pipes, and have
been known to even change faucets and replace lighting fixtures. The
only thing I can't stand is drywall. That is a tough job. To get it
smooth and bump free is brutal, and the Boss is a pretty exacting
customer. So I
leave the drywall to experts.
Over
the long weekend, I was called to duty. First there was the case of the
leaking sink faucet. Actually, I discovered the leak when we were
having a new dishwasher installed. Incite Central is about 8 years old,
so things are starting to go kaput, including the dishwasher. The
opinion of the installer was to just get another faucet. COOL. Get the
tools!
So I dutifully surfed the Internet, found the right faucet and had it
shipped. Then I installed the fixture. I kind of looked like that guy
on the Birthday cake. Guess I need a new belt or something. I also have
had some issues with my loo. It gets stuffed up pretty frequently.
Thankfully I discovered maybe the greatest
friend an amateur plumber can have...
Are you excited? It's the Kleer Drain Instant Drain Opener [1].
It's highlighted here on BoingBoing [2].
It's not new, but it's new to me. And boy does it work. Thank the Lord
for the splash guard, or things would have gotten really yucky.
As I was mopping up the floor (again), I kind of wondered whether this
was a
good use of my time. I've read countless people talking about
outsourcing things that you can pay someone to do. I'm sure my billing
rate is more than what I'd pay a plumber to fight with a faucet and
unclog the toilet. Especially when you consider the 5 or 10 trips I
need to make to Home Depot during a typical repair mission. (Crap, why
didn't I buy that 1.5" o-ring?)
After some quiet contemplation, I became one with my decision to spend
time fixing the plumbing myself. Why? Because I actually enjoy it. I'm
not great at it and it probably takes me a lot more time than it would
someone who knows what they are doing. There is definitely a sense of
accomplishment when I get something done. Is it worth the opportunity
cost of doing some more work? To me it is. I guess that's why they call
it a hobby.
Have a great day.
Plumber's birthday cake originally uploaded by abbietabbie [3]
Technorati: Information
Security [4], CSO [5],
Security
Mike [6], Internet
Security [7]
 [8]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [9] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [10]  [11] |
Top Security News
Yahoo! is going to support OpenID 2.0 for
authentication [12]. Big whoop. It's not that I don't think a
common authentication mechanism wouldn't be great. How cool would it be
to actually get REAL single sign-on? But Dana Epp makes the exact point about why
this doesn't matter [13]. Everyone wants to jump on the open
standards bandwagon, but no one wants to show some trust. In the
identity space, that's the crux of the issue. It's wonderful that Yahoo
will act as a provider, but it doesn't seem they are going to trust
anyone else's OpenID credentials. So this is the same old, same old.
There is no web of trust here, it's all one way. And that's not good
enough. With the exception of using an open standard, this is no
different that Microsoft's ill-fated attempt to get Passport broadly
accepted - which went over like a lead balloon.
Link to this [14]
the CSO of EMC talks about security [15]
and why it's important to them. EMC is a Fortune 500 company, thus
unless they use their own stuff to make operations work better - why
would a customer trust them to do the same. This approach worked
wonderfully for Cisco through the years. Whether it was how e-business
transformed their operations (like closing the books in a day) or how
Cisco runs security - it helps to build credibility with the customer
base. So what do we learn about EMC here? Not a hell of a lot besides
that they encrypt laptops, do data leakage prevention, and take a look
at their SIM data. All of which are products that RSA now sells. Hmmm.
Funny how that works.
Link to this [16]
Ellacoya being taken out by Arbor Networks [17].
First of all, this is a private company deal, which means Ellacoya
couldn't find a real buyer with a real currency to take them out.
That's not a good sign. Secondly, as
Stiennon points out [18], this is a bit far afield for Arbor. But
in differing with Richard, I don't think that's so much of an issue.
Arbor dominates the space for NBA in the carrier market. But there are
only 120 or so carriers that can buy their product. You need to do one
of two things to keep growing. Sell more to your existing customers or
find new customers for your existing products. This deal indicates that
Arbor is focusing on the former and using Ellacoya's technology to
expand beyond "security." The reality is in a carrier context NBA does
a lot more than just security, but that's another post for another day.
To net this out, this is just yet another indication that NBA is not a
stand-alone market.
Link to this [19]
The Laundry List
- XSS 101. Kevin Beaver does a good intro on cross-site scripting. If you don't understand XSS, you better learn fast. The bad guys certainly understand it. - SearchWindowsSecurity coverage [20]
- Oh crap, another OPSEC. This time from McAfee, which launches their "Security Innovation Alliance" program. I guess we better order a bunch more of the purple suits for all the Barney announcements happening in 2008. - McAfee release [21]
- The secret to security? Authentication?!?!? According to Roger Grimes anyway. Sure, snap your fingers and make hardware impervious to hacks. Someone get this guy a time machine, so he can go back to 1955 and design the stuff right in the first place. - Grimes InfoWorld Column [22]
Top Blog Postings
http://andyitguy.blogspot.com/2008/01/pci-compliance-why-bother.html [23]
Link
to this [24]
http://seekingalpha.com/article/60358-security-patch-paradox-not-just-a-problem-for-oracle [25]
Link
to this [26]
ISC2's new site [27] that is focused on
hiring. Of course, most of it gets back to why you should hire CISSPs -
but if you can look past that dogma, there are some interesting papers
there (registration required) including compensation information.
http://taosecurity.blogspot.com/2008/01/how-can-blog-reader-find-competent.html [28]
Link
to this [29]
http://sm-blog.securitymike.com [30]
Check out the
latest on
the Security Incite blog
http://blog.securityincite.com/ [31]
Read the
most recent Daily
Incite
http://securityincite.com/security-incite-rants/daily-incite [32]