March 11, 2008 - Volume 3, #25
Good Morning:
By the time you read this, I'll be in the air probably mid-way over the
Atlantic on my way back to the States. As I mentioned yesterday, it was
great to get "across the pond," but I'll also be glad to be in my bed
and hanging with mi famiglia tonight. Of course, I have some other
observations about Europe.
[1]For those of us
in the States, we take room for granted. I guess in some cities, they
build up - but for the most part folks in the US build out. That's what
urban sprawl
is about. In Europe, that's not really an option. Space is a premium,
so they do everything they can to conserve it and use it effectively.
The most obvious indication of that is the cars.
The cars are small. Like ALL of them. Many of you have seen Mini
Coopers. The Mini is a giant over in Europe. The Smart
fortwo [2] is real small deal and kind of cute in a weird Luigi [3] kind of way. But I will
admit that every
time I saw one pass by, I checked for clowns. Seriously, anything that
small has to be a clown car in the circus. The Europeans thought I was
crazy, but so now they can join the Americans in that realization.
The fortwo is so small I wanted to put it in my carry-on bag and take
it home. I'm pretty sure it would fit in the overhead bin. But knowing
Delta, they'd charge me for an overweight bag. They have to get paid
somehow. And the Europeans drive these things fast. As you are walking
on the sidewalk, they'd buzz by - but you'd pay no heed. How much
damage could a toy car do?
Of course, the car isn't a toy. And allegedly it's coming to the US
very soon. I'm not sure how it will go over with the US mentality -
bigger is better and more power is best crowd. They say it's safe, but
I learned a bit about Physics in college and I have to imagine the
Smart fortwo versus the Expedition doesn't really end well, for the
passengers in the Smart anyway.
Though interestingly enough, I saw no mini-vans. I wonder what the
soccer moms drive over here, although I guess they should be called
futbol moms to be geographically correct. I did see one Hummer
on the streets. I guess that guy got lost and took a wrong turn
somewhere along the line. That car was sorely out of place. Can you
imagine the conversation? "Damn Alice, we should have made a LEFT at
Ocean City - what kind of crappy navigator are you?" Again, it is good
to get out of my little comfort zone and see other cultures.
Hopefully you've gotten a little flavor for my quick roadtrip, if you
consider 9 hours in a plane quick. We'll
tackle important stuff on Thursday. Like the idiocy of Daylight Savings
Time. Or maybe Eliot Spitzer's most excellent adventure [4]
and my new favorite acronym - KYDIYP. Bonus points for anyone that can
tell me what it means. And no, don't put a blog comment in, this is a
family blog. Send me an email.
Have a great day.
Photo credit: Blue Smart fortwo uploaded by Fleur-Design [5]
Technorati: Information
Security [6], CSO [7],Security
Mike [8], Internet
Security [9]
 [10]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [11] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [12]  [13] |
Top Security News
SearchSecurity tip from Sasan Hamidi brings
up an interesting point [14]. If you are going to marry the
networking folks and the security folks, well... I'm not going to go
there. The reality is integration is happening pretty much everywhere.
Yes at the endpoint. And yes, in the perimeter. Yes, we are trying to
get as much security "into the cloud" as we possibly can. So the idea
of integrating the operational centers for security and networking does
have some merit. How many screens with green and red network maps do
you need? Of course, Level 1 integration is pretty straight-forward.
But I'd caution against trying to truly integrate some of the more
technical nuances. At least now. As the tools get better and we see the
networking vendors continue to increase their security quotient - this
will become more feasible. But now, we are still talking about
integration on the glass.
Link to this [15]
this article in SecurityProNews [16]
indicates that it's not just inappropriate behavior that is getting
people thrown out of the car. It's excessive surfing. How can that be?
If folks are surfing too much, then they aren't getting their work done
and they are fired for being crappy at their job. How is that
"excessive surfing?" Maybe I'm splitting hairs here, but to me the
distinction is important. If your policy is to basically trust your
employees (though you should also be verifying their behavior), then
excessive surfing is not a crime. As long as they get their work done -
that is. Although you read about shops like Patagonia [17], where
excessive surfing could really be an issue. Though it's the REAL McCoy.
Link to this [18]
this coverage about a conference pitch made
by Chevron's CSO [19] - they are certainly acting pragmatic. Of
course, the fact that CSO Richard Jackson was probably doing this stuff
when I
was still hawking PKI software notwithstanding, there are a lot of good
nuggets in here. Don't be afraid to take a stand about where things are
going. Be creative about how the security program is positioned within
the context of the business. The reality is, there isn't much novel
about this kind of approach. I certainly don't claim to have found the
secret to cold fusion. But most security folks don't get it yet. Don't
bury your senior team with security metrics they just don't care about.
I say it in pretty much every pitch I give nowadays. Security is not a
technical function. Unless you want to do a crappy job at it.
Link to this [20]
The Laundry List
- Free as in steal your identity. Be wary of those free widgets that require you to enter personal data, especially with your email account. This story should send chills down your back. Or through your Gmail anyway. - ReadWriteWeb Blog [21]
- Since TippingPoint's 10G box is the first "true" solution, who has a "false" solution? Got to love those vendor my box is bigger than your box games. - TippingPoint release [22]
- Interesting packaging from the Big Yellow on AV "Dual Protection" for Mac. They include the Windows version for your Parallels or Fusion VM. Bravo. Good marketing for a product that probably doesn't sell too much. - Symantec release [23]
- F5 and White Hat announce a deal pumping new web app firewall rules down to a F5 box based on a White Hat scan. Mostly taking humans out of the equation. Next stop - Skynet - F5 release [24]
Top Blog Postings
http://www.stillsecureafteralltheseyears.com/ashimmy/2008/03/dave-cowan-of-b.html
[25]Link
to this [26]
http://www.modsecurity.org/blog/archives/2008/03/web_application_4.html [27]
Link
to this [28]
Big is the New Small [29] indicates
that it will be the suites that win over time, and I still think they
will. But the idea that the answer is neither and that outsourcing will
be the death knell in the security business is interesting, but
ultimately wrong. It's true that customers don't really care about
security, but I can tell you they absolutely HATE their carrier or
cable company. The idea that they would trust them to provide security
in the cloud is a joke. Even now, most of the ISPs offer some variant
of a free AV offering and most customers don't use it. They've been
conditioned to buy a product and not from their carrier. Sure it's
nonsensical, but inertia is a hard thing to fight. And how long would
it be before the AV vendors were whining to Brussels about the telcos.
They don't even do business there, but you think that's going to stop
anti-trust sniping. And the other thought I have is that even if these
markets were to go away over the long haul, the companies will be
around for years and years and years. Just consider that Novell is
still around and they still have like a cool billion on the balance
sheet. Trying to wait for Big Security to die would give new meaning to
the long and slow goodbye.
http://www.schneier.com/blog/archives/2008/03/security_produc_1.html [30]
Link
to this [31]