logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - February 19, 2008

By Mike Rothman
Created 2008-02-19 08:31
Today's Daily Incite

February 19, 2008 - Volume 3, #16

Good Morning:
The Boss went away for the long President's Day weekend. So it was me and the kids all weekend. Talk about the inmates running the asylum. I did a quick check of the paper to see what fun activities we could do. We've been to the Children's Museum and the Aquarium plenty of times. Then I saw it. THE CIRCUS. Not any crappy circus. Ringling Brothers. The real deal. The Greatest Show on Earth. Now that will be fun.

We'll even make it truly an adventure by taking the train into the city. Yeah, we could have driven, but what fun would that be? Nothing like mixing up with the residents of our fine city. I guess I shouldn't have been surprised, when a clown walked up to us as we were waiting for the train. This guy was in fully clown get-up. Thankfully the kids don't have an aversion to clowns. Not yet anyway.

Scary Clown Cake [1]This wasn't any plain clown. This was Beebo the Wonder Clown. Think Roscoe P. Coltrain (from the Dukes of Hazzard) as a clown. A beer belly, a think Southern drawl and pocketful of balloons. And a pile of business cards, just in case I wanted to hire Beebo for the kid's next Birthday party. Thanks, but I'll pass.

Then we got to the arena. And the merchandising began. $14 for an elephant mug. Not a chance. $28 for 2 lemonades and 2 popcorns. Wow, I'm glad I went through the couch and got that extra change before we left. It wasn't going to be one of those budget activities.

The kids loved it. The acrobats and the clowns (normal clowns, not Beebo) and the tigers and the elephants. They drank it up. Truth be told, when the trainer was surrounded by the 10 tigers, I was amazed that the fellow didn't become dinner. Even one tiger could have made quick work of that little guy with the whip. I'm glad they were behaved. I shudder to think of the therapy bills for the kids if they saw that dude get mauled. 

As we were on the way home, I asked each kid what their favorite part of the circus was. The twins liked it when a clown got out of a very little car. They thought that was cool. Leah couldn't make up her mind. She liked it all.

What was my favorite part? Seeing the look of wonder as my kids got to experience the Greatest Show on Earth. That was priceless.

Have a great day.

PS: I've posted the next two Days of Incite Posts.

  1. Express Your Inner Bean Counter [2]
  2. It's time for an audit revolution [3]
  3. Best of Breed DOA [4]
  4. Weaving security into the network fabric [5]

Scary Clown Cake II image uploaded by meltzerbakery [6]

Technorati: Information Security [7], CSO [8], Security Mike [9], Internet Security [10]

The Pragmatic CSO [11]
The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com [12]
 Get Your Special Report:
6 Easy Steps to Protect Your Identity
and
get access to Security Mike's Portal today

www.securitymike.com
 [13]
Security Mike's Guide to Internet Security [14]

Top Security News

George Hulme talks a bit about the SIEM market [15], but it's pretty much yesterday's analysis. He goes into the history of why many of the SIEM vendors have struggled. By the way, it's not about firewalls and IPS maturing, it's about time to value. Yet driven by regulations, security management is evolving, integrating traditional SIM with log management and a bunch of other stuff. The latest example of this trend is NitroSecurity's new box, which brings a lot of these functions together [16]. The real question is whether a public, standalone security company makes sense anymore. I suspect not, and we'll see how it plays out. Sourcefire certainly had a train wreck in their first two quarters as a public company. 
Link to this [17]

This SearchSecurity tip by Ed Skoudis details a new technique called fast-flux [18]. This entails the bad guys using round robin DNS to distribute their phishing sites among a large number of bots. This eliminates the single point of failure issue (when the ISP takes down the site) and also puts yet another layer of abstraction between the victim and the criminal. If it wasn't nefarious, I'd say it was really cool. OK, it's really cool. What would be cooler was if we could get these folks to apply some of their innovation to the right side of the law. Alas, being good pays like crap, so it's not going to happen. Especially when these guys continue to find ways to make it a lot harder to find them and bring them to justice.
Link to this [19]

Ryan Naraine reports, Firefox 3 is getting close [20] and there is a lot of new security goodness in there. Beta 3 is out, which means hopefully we'll see the finished version by mid-year, if not sooner. New phishing filters and other structures to make it a bit safer for browsing use. But there is only so much they can do. At the end of the day, it's still a browser and it's still software, which means there will still be problems. So why do I push Firefox whenever I can? NoScript. It's as simple as that. Mozilla really should just integrate NoScript into the main core. Unfortunately that would probably scare off a lot of mass market users because it does break a lot of Internet stuff. Of course, it's the stuff that should be broken (like evil scripts, XSS attacks, and malicious Java), but that's beside the point. Ease of use trumps security - every time.
Link to this [21]

The Laundry List

  1. Who says there aren't' any margins in software? GFI cuts pricing 45%. Actually this is more indicative of the maturity of the security industry. Price is important now. - GFI release [22]
  2. NetClarity goes bulimic with a 10 oz NAC device. Maybe it's those overweight 1U appliances that are holding up NAC market adoption. - NetworkWorld NAC newsletter [23]
  3. Oracle posts SQL Injection defense training materials. Education is good. Now if only DBA's would pay attention. - Oracle Security Blog [24]
  4. Untangle integrates community contributions. I wonder if the developers get stock options? - Untangle release [25]

Top Blog Postings

http://www.cigital.com/justiceleague/2008/02/07/please-dont-fud-the-animals/ [26]
Link to this [27]

Chandler's KPI #1 [28], which is about understanding the % of hosts centrally managed and "protected." I'm not sure what protected means, but it's certainly a good place to start. His second KPI is trying to gauge "how secure they are?" by focusing on risk assessment gaps that are closed vs. made exceptions and where in the process the gaps occur. My issue with this one is that each application is different and it'll be hard to get apples to apples comparisons. But I'm a fan of trying stuff, so it'll be interesting to see if this yields any useful trending analysis over time. If not, then he can tune it. And we'll be able to watch and learn. That's what it's all about.
http://thurston.halfcat.org/blog/2008/02/14/kpi-2-how-secure-are-we/ [29]
Link to this [30]

http://www.cutawaysecurity.com/blog/archives/224 [31]
Link to this [32]

http://sm-blog.securitymike.com [33]

Check out the latest on the Security Incite blog
http://blog.securityincite.com/ [34]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [35]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-february-19-2008

Links:
[1] http://www.footballfanatics.com/NFL_New_York_Giants/Reebok_New_England_Patriots_vs_New_York_Giants_Black_Youth_Fight_Night_Super_Bowl_XLII_Dueling_T-sh
[2] http://securityincite.com/blog/mike-rothman/2008-doi-day-1-express-your-inner-bean-counter
[3] http://securityincite.com/blog/mike-rothman/2008-doi-day-2-its-time-for-an-audit-revolution
[4] http://securityincite.com/blog/mike-rothman/2008-doi-day-3-best-of-breed-doa
[5] http://securityincite.com/blog/mike-rothman/2008-doi-day-4-weaving-security-into-the-network-fabric
[6] http://www.flickr.com/photos/64348211@N00/264300036/
[7] http://technorati.com/tag/information%20security
[8] http://technorati.com/tag/CSO
[9] http://www.tecnorati.com/tag/Security%20Mike
[10] http://www.technorati.com/tag/Internet%20Security
[11] http://www.pragmaticcso.com
[12] http://www.pragmaticcso.com/
[13] http://tdi.securitymike.com
[14] http://tdi.securitymike.com
[15] http://www.informationweek.com/blog/main/archives/2008/02/arcsight_securi.html
[16] http://biz.yahoo.com/prnews/080213/new062.html?.v=40
[17] http://securityincite.com/TDI-2008-02-19#TSN1
[18] http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1288441,00.html
[19] http://securityincite.com/TDI-2008-02-19#TSN2
[20] http://securitywatch.eweek.com/browsers/security_features_high_in_firefox_3_beta_3_release.html
[21] http://securityincite.com/TDI-2008-02-19#TSN3
[22] http://biz.yahoo.com/iw/080214/0362056.html
[23] http://www.networkworld.com/newsletters/vpn/2008/0211nac1.html
[24] http://blogs.oracle.com/security/2008/02/18#a169
[25] http://biz.yahoo.com/bw/080214/20080214005121.html?.v=1
[26] http://www.cigital.com/justiceleague/2008/02/07/please-dont-fud-the-animals/
[27] http://securityincite.com/TDI-2008-02-19#TBP1
[28] http://thurston.halfcat.org/blog/2008/02/08/kpi-1-knowing-what-we-dont-know/
[29] http://thurston.halfcat.org/blog/2008/02/14/kpi-2-how-secure-are-we/
[30] http://securityincite.com/TDI-2008-02-19#TBP2
[31] http://www.cutawaysecurity.com/blog/archives/224
[32] http://securityincite.com/TDI-2008-02-19#TBP3
[33] http://sm-blog.securitymike.com
[34] http://blog.securityincite.com/
[35] http://securityincite.com/security-incite-rants/daily-incite