May 29, 2008 - Volume 3, #52

Good Morning:
I've got a big problem and I'm not sure what to do about it. Basically, my kids like crap TV. I am not one of these crazy parents that thinks all TV is bad. I think there is a lot of value in some of the shows they used to watch, like Dora and Blue's Clues. But help me understand what they are learning from shows like SpongeBob and the Power Rangers?

My 7 (almost 8, just ask her) year old knows how to use the DVR. So now I'm totally screwed because she can read the guide, figure out what crappy show she wants to watch and then she proceeds to record 5 of them. That's how I became familiar with the Fairly Odd Parents. Arghhhh.

Why can't we just go back to the good old days? When Superheros were super heroes. When they had a message in each of their stories about fighting evil and doing the right thing and supporting your community. I guess somewhere buried under a ton of campy eye candy that message kind of resonates from Power Rangers, but the villains are so wacky and the stories so contrived that it's very hard for me to watch.

So I've become the parent that goes through the DVR list every couple of days and cleans out the crap. I never wanted to be that guy, but it my kids brains are going to atrophy at the ripe old age of 7, then I'd rather it be with a show at least I can tolerate. There it is, it's all about me - for a change.

I guess there is a generation gap, as much as I'm trying to be a "cool dad." I let the kids listen to Hannah Montana and the High School Musical soundtracks. Some of the songs are kind of catchy and the movies have decent messages. I wonder if my folks every "understood" the TV that I watched back in the early 70's. A friend reminded me of the great, educational TV I used to watch. Like Hong Kong Phooey [1], H&R Pufnstuf [2] and the Land of the Lost [3]. I loved those shows and I wasn't even stoned. They were classics I tell ya! Yes, classic piles of crap. And then I got older and graduated to timeless classics like the A Team [4]. Right - more crap.

So the moral of the story is that the more things change, the more they stay the same. You'll still have some shows that are decent and others that are crap. And your kids will like the crap and it will make you crazy. I guess like it made my folks crazy when I did a B.A. Baracus [5] on my kid brother's head. 

Have a great weekend.

Photo: "spongebob effigy" originally uploaded by blurradial [6]

Technorati: Information Security [7], CSO [8],Security Mike [9], Internet Security [10]

[11] The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [12]

Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [13] [14]

Top Security News

Farnum totally unloads [15] on this video interview of TPTI's Brian Smith [16], which I think it pretty entertaining. I guess there is no Tejas love between those folks. I guess I'm much more sanguine about the whole discussion. I've seen this movie before and I know how it ends. Regardless of what TPTI wants to believe. And that means more and more security capability will end up in the network. Will everything be in the network? Not for another two generations or so - best case, but this ongoing migration is going to create a problem for those folks that just do one aspect of network security. That's right, TPTI and Sourcefire need to expand their product visions rather dramatically because doing network security and not having a network device is going to be problematic over time. FIRE is focusing on management with their 3D stuff and that is certainly one direction to go in. It's not clear what direction TPTI is going to go in, once they are liberated. Fact is, the 3Com deal has likely killed their ability to compete. When they are spun out, it's not clear what their balance sheet is going to look like, and if they don't do some deals to broaden their product family QUICK, they are dead meat. But hey, don't shed a tear for those guys. $430 million a couple of years ago was a huge (actually way too huge) number, so they already got their money. It's 3Com shareholders that are left holding the bag.
Link to this [17]

NetworkWorld does a decent job summarizing a lot of the challenges of these offerings [18]. But I want to (once again) play a bit of a counter indicator to what the rest of the business is thinking. There is clear value in the process of scanning your network and applications every day. That's good stuff. You can get a bit of an early warning of an issue and move quickly to remediate. Of course there will be a lag between when an attack happens and when you can test for it. It's called "zero day" sports fans. My issue remains providing some kind of "cert" that indicates some level of safety. You can post a little badge that says "I was scanned today." Kind of like the little sticker that you get when you vote. But to claim "HackerSafe" or "Vendor X Secure" is a load of crap. So I'd certainly like to see more companies, especially small retailers using these services. At the same time, I'd like a better clarification on the web site badges to indicate that scanning <> security. Is is too much to ask to have my cake and eat it too?
Link to this [19]

Clearly their security performance leaves a bit to be desired [20]. For single sign-on and identity management, where there is a clear ROI - sure. But security, not so much. Why? Because once you get beyond the 5 biggest managed care providers, you have a huge number of very small institutions. These institutions are being squeezed by insurance and big pharma and patients that don't pay their bills. These folks don't have a lot of money to spend on security, not until they have to. And when would they have to? After a data breach? Not so much. HIPAA is still an empty suit. There have been zero public executions, even after these data breaches. There is no TJX and a community is a captive audience. I can see it now: Someone is in the ambulance and tells the driver to direct them to another facility because their local hospital has crappy data protection policies. I suspect that isn't really an option in most cases. So there is no incentive to really fix the problem, and we scratch our heads and gnash our teeth that it isn't fixed.
Link to this [21]


The Laundry List

Top Blog Postings

Lonervamp [26], Dan Sullivan [27] and Stuart King [28] and the voices are all over the map. Personally, I'm with Stuart. This isn't a real whistle blower case because this guy didn't follow the proper chain of command. I don't really have definitive proof about who he talked to, but a regional manager isn't the right place. After losing 97 million identities, I figure TJX has someone in charge of regulatory compliance. That person is the place to complain, not a regional manager - who is more worried about margins and same store sales. And he posted his thoughts on a web site. A real whistle blower would go to the Feds or to TJX's PCI assessor or someone that has some power to poke someone in the eye and get some action going. So if you just want to vent, then by all means vent. But do it anonymously troll-boy. If you want to change things, then find out who has the biggest bat and throw them a meatball.
http://ha.ckers.org/blog/20080522/tjx-whistle-blower/ [29]
Link to this [30]

http://labs.neohapsis.com/2008/05/22/easiest-way-into-a-company/ [31]
Link to this [32]