June 5, 2008 - Volume 3, #54
Good Morning:
Earlier in the week I talked about time flying and the need to
prioritize it. I've been trying very hard not to be dominated by my
watch or the Gantt chart that floats in my head. Most of my life I've
viewed time based upon what I haven't gotten done, rather than what I
have. Of course, that is the two ways of looking at the issue, eh?
There are half-empty people and there are half-full people.
I can tell you it's very hard for a half-empty person to become
half-full, though I am working on it every day. After reading the news
clippings about Senator Obama becoming the presumptive Democratic
presidential candidate, I finally figured out why I've been obsessing
about time lately.
Basically, the US ebbs and flows in 8 year cycles. And yes, it seems
(at least throughout my adult life) that the ebbs and flows tend to
coincide with regime change in Washington DC. So I've been a bit
pre-occupied in thinking about the next 8 years. Probably because of
the major and significant life events that have happened over the past
8 years.
Just a few little things like bringing 3 kids into the world, buying
and/or selling 6 houses, selling a company, getting fired from two
others, moving my residence, starting a new business, and probably a
bunch of other "minor stuff." I wonder what the next 8 years have in
store. I can look at the issue relative to how I'm not where I thought
I'd be back in the fall of 2000. Or I can think about how far I've come
since the fall of 2000. I'm going to choose to bask in all of my
accomplishments for a few minutes anyway.
I know that time flies. It felt like yesterday that I was up all night
watching the returns from the 2000 election, while my 3 day old
daughter was lying in a bili light to clear up some post-birth
jaundice. Now she's almost 8 and a real person with real opinions,
dreams, desires, and perspectives. The twins are getting there
shockingly fast as well. It's hard for me to imagine the discussion
around the dinner table in the summer of 2016, as we are talking about
the next Presidential election.
So I won't. I'll just enjoy how time is flying and do my best to enjoy
the ride. Have a great weekend.
Photo: "Time Flies"
originally uploaded
by sergei.y [1]
Technorati: Information
Security [2], CSO [3],Security
Mike [4], Internet
Security [5]
 [6]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [7] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [8]  [9] |
Top Security News
Network Computing article goes over some of
the basics relative to putting a potential outsourcer through the paces [10].
I'm not so concerned about the process, I'm concerned to make sure that
at least someone asks this question BEFORE the contract is signed. I
know of a lot of deals where the implementation and transition of the
services are problematic because no one paid attention to data
security, until the data was in someone else's hands.
Link to this [11]
Microsoft Vista's UAC technology, which
requires authorization to make O/S level changes in the Registry and to
install software, does a good job of stopping rootkits [12]. The
product was architected to stop these kinds of intrusions. And it's
also not surprising that most of the AV suites suck at rootkits, given
that they suck at most things - except finding the stuff we've already
seen - maybe. My point is that it's all about the user experience. UAC
works, but it's vilified because users hate it. It took 8 years to
build that O/S and you're telling me that not one of their focus groups
thought the user experience was terrible? Not one? Ultimately Microsoft
will fix the issue and make it less obtrusive. You know, kind of like a
Mac. (Couldn't resist) Until then, knowing that there is no great
desire to move all PC's to Vista, make sure your containment plan is
top notch. You are going to need it.
Link to this [13]
InformationWeek has a decent article here
about how to secure those devices [14]. Simple things like using
VPNs and not using Public WiFi. Duh! As I mentioned yesterday,
tomorrow's smart-phones (and with next week's imminent announcement of
iPhone 2.0, tomorrow is here soon!) are really more like computers than
cell phones. So you should treat them like computers and have similar
defenses in place. Doesn't seem like brain surgery, but I guess
everyone thinks it is.
Link to this [15]
The Laundry
List
- Maybe HD should send the Metasploit download link to all the other jokers at his hosting provider. It's always fun to clean up after some dumb network admin at a co-lo. - Zero Day blog [16]
- The only thing that worries me is when folks upgrade their "worry-free" offerings. Hope is not a strategy. So buying something that tells you it's worry-free doesn't make it so. - Trend release [17]
- VeriSign adds ArcSight gear to its managed log offering. Guess they missed the case in B-school about how Southwest is the only profitable airline because they manage ONE type of device. - VeriSign release [18]
- Fortinet gets ICSA anti-spam certification. The paper says it's 2008, but sometimes I'm not so sure. Seems like a circa-2005 announcement. - Fortinet release [19]
Top Blog Postings
http://www.computerweekly.com/blogs/stuart_king/2008/05/david-lacey-makes-the-importan.html [20]
Link
to this [21]
http://1raindrop.typepad.com/1_raindrop/2008/05/software-and-security-separateness---youre-doing-it-wrong.html [22]
Link
to this [23]
http://www.tssci-security.com/archives/2008/05/29/software-security-a-retrospective/ [24]
Link
to this [25]