February 7, 2008 - Volume 3, #12

Good Morning:
As you get involved in the day to day grind of life, sometimes it's hard to appreciate where we've been and where we are going. A good friend of ours recently had his first child. He's in his 40s and he waited a long time to find the right partner and for the timing to work out. I don't think I ever saw a happier Dad in the pictures sent around. Yet over time, that happiness and sheer joy fades into a morass of deadlines, bills, and responsibilities.

Over 4 years removed from our own little miracle with the twins, sometimes it's hard to remember when they were that little. Yet, it's also hard to appreciate how quickly they are growing up. I seems like yesterday that we were in the hospital and loading up our two infant seats and starting the adventure of parents with twins. On the other hand, it seems so long ago that it's hard to remember a time without three kids running around the house. That memory is a funny thing.

[1]Yes, there is a point to my nostalgia. Last weekend, I took Leah to our first Father/Daughter dance. We got all dressed up, but only after a couple of attempts. Evidently my first try, a nice sweater and khakis wasn't good enough. So the "little Boss" sent me back to try again. Like mother, like daughter. She wanted me to wear a tie, but that wasn't going to happen. The dress shirt and blazer was a good compromise. It's never too early to teach your kids to negotiate.

Then we went out to a nice dinner. It was a special night, so I didn't give Leah a hard time about only eating French Fries. Normally we force her to eat something else, but not tonight. We looked too fancy to argue.

Then it was off to the dance. Leah started off a bit bashful and wanted to watch for a dance or two. But once she got going, it was great. She's a pretty good dancer and got that from the Big Boss. Me? Not so much. But even I can do the Macarena, Hokey Pokey and Chicken Dance. Boy, I must really love that girl for me to do the Macarena in public. After a few dances, I had lost track of her. She found her way into a pack of girls dancing to the Cha-Cha Slide. That was OK by me because she was having fun.

It was a great time and I'm sure I'll have lots of experiences like that through the years with my girls. There is always something special about the first dance with the oldest daughter. It's hard to have the discipline to remember these times, when you are stuck in the quicksand of daily existence. But it's important because it's too easy to forget.

Thankfully I have an outlet, so I can write about this stuff a couple of times a week. Maybe someday I'll even go back and read some of these posts. That's the plan anyway. Thanks for listening. Who knew that signing up for a security newsletter would make you into a shrink? The check is in the mail. 

Have a great weekend.

 "Daddy Daughter Dance..." picture originally uploaded by Jamie Fender [2]

Technorati: Information Security [3], CSO [4], Security Mike [5], Internet Security [6]

[7] The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [8]

Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [9] [10]

Top Security News

NIST has responded by figuring out an acceptable configuration [11] and certifying a bunch of configuration tools to enforce that configuration. By the way, this is not new. The Center for Internet Security has been offing configuration guides for years. And amazingly enough, they actually work. But only if you use them. So Larry Seltzer is right in point out that FDCC is a good thing [12], but it's going to be a bear to get all of the wild west (our computing environments) on board anytime soon.
Link to this [13]

SearchSecurityChannel has a piece by Johnny Long (excerpted from his book) that goes through 10 searches [14] that can yield some very interesting results. Tom Bowers also did a video of some additional simple Google hacking techniques [15], like Google Alerts and the cache. So here is the money shot: Are you Google hacking yourself? If not, you should be. Remember, we don't like surprises and if you aren't using the same techniques the bad folks are using, then you will inevitably be surprised. No question about it.
Link to this [16]

Tizor's recent announcement of a content discovery service [17] would seem to fit into the latter bucket. Regardless of how they got there (and they are not unique in offering a service to discover content), for those of you worried about leaking intellectual property - this kind of thing is important. How do you know what is leaking, if you don't even know what you are supposed to be protecting? That's why it's so important to build relationships with business leaders. You don't know what needs to be protected, but they do. And the only way to figure that out is to ask them.
Link to this [18]

The Laundry List

Top Blog Postings

http://taosecurity.blogspot.com/2008/01/tsa-lessons-for-security-analysts.html [23]
Link to this [24]

http://www.modsecurity.org/blog/archives/2008/01/is_your_website.html [25]
Link to this [26]

http://rationalsecurity.typepad.com/blog/2008/02/omg-availabilit.html [27]
Link to this [28]

http://sm-blog.securitymike.com [29]

Check out the latest on the Security Incite blog
http://blog.securityincite.com/ [30]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [31]