Friday Summary - January 8th, 2010By Adrian Lane
I was over at Rich’s place this week while we were recording the network security podcast. When finished we were just hanging out and Riley, Rich’s daughter, came walking down the hall. At 9 months old I was more shocked to see her walking than she was at seeing me standing there in the hall. She looked up at me and sat down. I extended my hand thinking that she would grab hold of my fingers, but she just sat there looking at me. I heard Rich pipe up … “She’s not a dog, Adrian. You don’t need to let her sniff your hand to make friends. Just say hello.” Yeah. I guess I spend too much time with dogs and not much time with kids. I’ll have to work on my little people skills. And the chew toy I bought her for Christmas was, in hindsight, a poor choice.
This has been the week of the Rothman for us. Huge changes in the new year – you probably noticed. But it’s not just here at Securosis. There must have been five or six senior security writers let go around the country. How many of you were surprised by the Washington Post letting Brian Krebs go? How freakin’ stupid is that!?! At least this has a good side in that Brian has his own site up (Krebs on Security), and the quality and quantity are just as good as before. Despite a healthy job market for security and security readership being up, I expect we will see the others creating their own blogs and security continuing to push the new media envelope.
And as a reminder, with the holidays over, Rich and I are making a huge press on the current Project Quant metrics series: Quant for Database Security. We are just getting into the meat of the series, and much like patch management, we are surprised at the lack of formalized processes for database security, so I encourage your review and participation.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Mike’s podcast with Amrit Williams on Log Management and SIEM.(transcript)
- Podcast with Dennis Fisher on Metrics and the Securosis/Security Incite Merger.
- Blog post on TechTarget’s Security Bytes regarding the merger.
- Securosis takes over the Network Security Podcast.
- Rich’s excellent article for Macworld on Mac security reality check: scams.
- Adrian’s Dark Reading post on Data Masking.
Favorite Securosis Posts
- Rich: Quant for Database Security, Patches.
- Mike 2009 Wrap: Changes in Perspective - It’s critical to take some time every quarter and reflect on what you’ve learned and how that will change plans/tactics moving forward. Things move too quickly to just plod along doing the same old, same old.
- Adrian: Introducing Securosis Plus: Now with 100% More Incite!
- Meier: Google, Privacy, and You.
- Mort: Password Policy Disclosure.
Other Securosis Posts
- Getting Your Mindset Straight for 2010
- Incite - 1/6/2009 - The Power of Contrast
- RSA Treks to Sherwood Forest and Buys the Archer
- Password Policy Disclosure
- Securosis + Security Incite Merger FAQ
- Mike Rothman Joins Securosis
- Prison Computer ‘Hacker’ Sentenced
- Rich’s Personal Security Guiding Principles
- Hosting Providers and Log Security
- The POPE visits Security Incite + Securosis.
- Security Incite Contracts a Case of Securosis.
Favorite Outside Posts
- Rich: Matt’s Guide to Vendor Responses. Should be required reading for vendors.
- Mike: A Way Forward - Shostack gets into our heads and makes the point that our issues are partly self-inflicted. He’s dead on.
- Adrian: Maybe this will Help by Jack Daniels. And it did. We talk about being pragmatic here, but I catch myself once a week, at least, yanking content out of a post of presentation because it is simply not accessible to the IT masses. This is a nice encapsulation of the perspective you need to have when producing for non-security audiences interested in accomplishing security tasks.
- Mort: Top 10 Reasons Your Security Program Sucks and Why You Can’t Do Anything About It Amrit does it again – funny, snarky, and all too true.
- Meier: Brian Krebs on FBI investigating $3M in stolen funds.
- Pepper: Schneier’s TSA Logo Contest Motto: either “Tedium, Stupidity, & Arrogance” or “Terror, Slowdowns, & Aggravation”.
- Pepper #2: NIST Certified USB Encryption Broken.
Project Quant Posts
Top News and Posts
- Blogger’s Twitter account implicated in ‘Leak’.
- Wired post on changes to No-Fly list.
- Hacker demonstrated how to Geographically Locate Servers.
- Jeremiah Maps WASC to OWASP list, mum on blood feud.
- Political Websites Hacked.
- New Botnet Infiltrated.
- NIST Hash Competition.
- FBI Investigates $3M Theft in eWeek.
- Not security, but a glimpse at the dirty underbelly of technology PR.
- And Dave Lewis on Cyber-Ninjas post deserves honorable mention for making me laugh out loud.
Blog Comment of the Week
Remember, for every comment selected Securosis makes a $25.00 donation to Hackers For Charity. This week’s best comment comes from ‘smithwill’ in response to Mike Rothman’s post on Getting Your Mindset Straight for 2010:
Bravo. Security common sense in under 1000 words. And the icing on the cake: buy our s#it and you won’t have to do anything line. Priceless.
Congratulations! We will contribute $25.00 to HFC in ‘smithwill’s name!