May 19, 2008 - Volume 3, #48
Good Morning:
As I mentioned on Friday, the school year is rapidly winding down. Here
in the south of the US, we end the school year in late May and then
camp starts right after Memorial Day. Yes, when you live on the surface
of the sun you try to keep the kids inside during the dog days of
August.
One of the other
rituals that mark the end of the year is Olympic Day. Those are the
athletic competitions for each grade. My daughter's school really goes
all out, having a full "opening ceremony" that precedes two days of the
games. They have a parade and all the kids get t-shirts showing their
respective countries.
I guess my kid's teacher drew the short straw because they are Portugal
this year. Nothing against Portugal, but it's not like you get that
many world-class athletes there. Name one top tier hula-hoop star from
Portugal. I dare ya! What about the wet sock toss? Yes, they have some
strange games in these Olympics, but they could be stranger. I guess in
other parts of Georgia they have the shooting events, but not where I
live.
Being the good Dad, I got to the field early to stake out a good
position. They were kind enough to set up flags for all the teams, so
you'd generally know where your kid was going to stand. But I have a
bit of a problem. What the hell does Portugal's flag look like? So I
look at a bunch of different one's, like Mexico and Italy and Korea and
even Bangladesh. How embarrassing. I'm going to miss out on a prime
spot because I don't know what Portugal's flag looks like.
Let's start thinking about excuses I can tell the Boss. Hmmm. I got
lost on the way to the field? Nope, that one
won't fly. I had to go
potty? Not likely. I got mugged getting out of the car? Thankfully no,
not really in my neighborhood. I guess I'll just suck it up and be
ridiculed at least for the next 12 months until I can redeem myself.
Then the light bulb went off in my head. The Internet. HA! So I whip
out the iPhone and do a quick Google search and there it is in all its
weird green and red beauty. Once again the iPhone saves the day. The
device has already paid for itself in angst avoidance.
Have a great day.
Photo: "Kids Get Olympic Fever"
originally uploaded
by alokemon [1]
Technorati: Information
Security [2], CSO [3],Security
Mike [4], Internet
Security [5]
 [6]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [7] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [8]  [9] |
Top Security News
SearchFinancialSecurity think folks can do
weather this economic downturn [10]? Focus on low-cost activities,
articulate business value and do some career management. Normally I'd
beat down the piece for being so damn obvious, but actually that's
exactly the pragmatic type of message that we need to be focusing on as
an industry. Don't spend a lot of money, if you don't have to. Duh! If
you can't justify your existence in the language that your bean
counters understand (yes, that means dollars and cents), then you don't
have much of a future - now do you? And finally career management is a
no-brainer. And that doesn't just mean managing up and maybe looking to
broaden responsibilities. It also means networking in your area and
maybe looking at external opportunities. If your business tightens its
belt to the point you can't be successful, then hopefully you have Plan
B to find a place where you can be. Overall, it's about relevance.
Either security adds value to the business process or it doesn't. And
if it doesn't, you better dust your resume off - you'll need it sooner
rather than later.
Link to this [11]
Core finding a Cisco rootkit [12] that
can cause some pretty significant damage. And routers kind of run a
little thing called the Internet, so having a bunch of the pwned is a
bit problematic. That's the bad news. The good news is that the attack
isn't weaponized yet, so without some way to insert the root kit - it's
not going to do a lot of damage. Folks, look to your left. Do you see
the writing on the wall? Right, it's just a matter of time and this
will be weaponized and some routers will start going down and traffic
will be misdirected and a lot of folks will gnash their teeth. But I
assure you, the sun will rise, the transactions will continue, and most
people won't even know the difference. Yet, it is a constant reminder
that everything is open to attack and if smart folks focus long enough,
they are going to figure it out. Another interesting sub-story will be
whether Cisco wields the legal big guns and threatens all sorts of
nastiness before the pitch (Mike Lynn anyone?). Maybe they learned
their lesson from that Black Hat fiasco, but most likely not.
Link to this [13]
The Laundry
List
- Whoops. VeriSign gets to reissue lots of certificates after a Debian flaw results in bad key pairs being generated. We just take it for granted that these encryption key pairs can't be broken. Taking things for granted remains pretty dangerous. - VeriSign release [14]
- MailChannels adds a plug-in to SpamAssassin to add some connection management to the systems. I guess lots of folks use SpamAssassin, but given the price of some of these services, I'm not sure why. - NetworkWorld coverage [15]
- Web-based malware continues to grow, according to ScanSafe. I guess fraud never goes into a recession. - ScanSafe release [16]
- Secure Computing and Sourcefire do their earnings calls last week. The transcripts show not much interesting, besides only 4 analysts showing up for FIRE's. Ouch. SCUR smoked them with 11. - FIRE transcript [17] SCUR transcript [18]
Top Blog Postings
http://securosis.com/2008/05/14/grc-average-deal-size-and-the-dangers-of-venture-capital/ [19]
Link
to this [20]
http://andyitguy.blogspot.com/2008/05/life-through-eyes-of-security-geek.html [21]
Link
to this [22]
http://www.shortinfosec.net/2008/05/8-golden-rules-of-change-management.html [23]
Link
to this [24]