Thursday was totally shot. I wasted the entire day standing around. Eight hours and twenty nine minutes standing in line. I got in line at 5:50 AM and did not get back in my car until 3:00.
Yep, it was Apple iPhone day. And I did not have a reservation.
If you like people-watching, this is about as much fun as you will ever have. There were some 700 people at the mall by 6:30 AM. Close to me in line were two women with infants, and they were there all day. There were small children with their grandparents. The guy next to me had a shattered foot from a recent car accident. There were people calling their bosses, not to call in sick, but to tell them they were taking the day off to buy iPhones. These people were freakin’ dedicated.
I have not stood in line for any length of time since 1983, trying to get a good seat for Return of the Jedi. I have not stood in line without knowing whether I would get what I was there for since the Tutankhamun exhibit in, what, 1979? This is not something I do, but I wanted the phone. And actually I did not want the ‘phone’, but everything else. I wanted a (mostly) secure way to get email on the road. I wanted a mobile device to surf the web. I wanted a way to find Thai food. I wanted a better camera. I wanted a way to get directions when traveling. I wanted to have music with me. I wanted to access files in Dropbox whenever and wherever. And the BlackBerry did none of these thing well, if at all. Plus, as a device, the BlackBerry is a poorly-engineered turd in comparison. I was just done with it, and I wanted the iPhone, and I wanted it before Black Hat.
So there I stood, for eight and a half hours, holding a place in line for a guy with a broken foot so he could sit on the mall couch.
I have to say the Apple employees were great. Every 30 minutes they brought us water and Starbucks coffee. Every 15 minutes they brought snacks. They sent employees into the line to chat. They brought sample phones and sat with us, in line, to demo the differences. They thanked us for sticking it out. They asked us if we needed anything, holding places in line and bringing food. They took care of every part of the transaction, including dealing with AT&T and their inability to process credit cards without dialing up Equifax. Great products and great service … it’s like I was transported back in time to an age when those things mattered.
All in all I am glad I waited it out and got my phone. Camera is amazing. Display is crystal-clear. The phone does not have the hideous ‘pops’ in audio that blow my ears out, or randomly shut off for 20 seconds like the BlackBerry. And the FaceTime feature works really well, for what it’s worth. Would I do it again? Would I stand there for 8.5 hours? Ask me in another 25 years.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Chris Pepper gives us The Sun Also Sets. Time to kick Oracle a little. What a bloody fiasco!
- Adrian’s Dark Reading post on Open Source Database Security Issues.
- Rich on the Network Security Podcast, number 202.
Favorite Securosis Posts
- Rich: Understanding and Selecting SIEM/LM: Deployment Models. Adrian and Mike do a great job of diagramming out the different deployment models. Really clear.
- Mike Rothman: The Open Source Database Security Project. Adrian needs to flex his database security kung-fu, and we aren’t going to get in his way. Help him out – it’s a great project.
- Adrian Lane: Trustwave Acquires Breach. I have not seen anyone openly discuss the apparent conflicts of interest, nor how this changes PCI compliance, the way Rich has captured it.
Other Securosis Posts
- Understanding and Selecting a Tokenization Solution: Introduction.
- Are Secure Web Apps Possible?
- Incite 6/23/2010: Competitive Fire.
- FireStarter: Is Full Disk Encryption without Pre-Boot Secure?.
- Return of the Security Start-up?
- Friday Summary: June 18, 2009.
- Doing Well by Doing Good (and Protecting the Kids).
Favorite Outside Posts
- Rich: Why the Disclosure Debate Doesn’t Matter. Dennis nails it. Bad guys don’t give a rat’s ass what we think of disclosure, they still have plenty to own us with.
- Mike Rothman: Security Intelligence: Defining APT Campaigns Good analysis of what’s involved in detecting a multi-faceted complex intrusion from Mike Cloppert. If you have a great forensics person who is good at this, pay them more. Those skills are gold.
- Adrian Lane: Anti-WAF Software Only Security Zealotry. Only because Jeremiah wrote this before I did.
Project Quant Posts
- DB Quant: Manage Metrics, Part 1, Configuration Management.
- DB Quant: Protection Metrics, Part 4, Web Application Firewalls.
- DB Quant: Protect Metrics, Part 3, Masking.
- DB Quant: Protect Metrics, Part 2, Encryption.
- DB Quant: Protect Metrics, Part 1, DAM Blocking.
- NSO Quant: Manage IDS/IPS Process Map.
- DB Quant: Monitoring Metrics, Part 2, Audit.
- DB Quant: Monitoring Metrics, Part 1, DAM.
- NSO Quant: Manage Firewall Process Map.
- DB Quant: Secure Metrics, Part 4, Shield.
- DB Quant: Secure Metrics, Part 3, Restrict Access.
- DB Quant: Secure Metrics, Part 2, Configure.
Research Reports and Presentations
- White Paper: Endpoint Security Fundamentals.
- Understanding and Selecting a Database Encryption or Tokenization Solution.
- Low Hanging Fruit: Quick Wins with Data Loss Prevention.
- Report: Database Assessment.
Top News and Posts
- Firefox & Opera updates.
- Improving HTTPS Side Channel Attacks
- Google wins Viacom suit.
- MS plans 10 new patches. SharePoint and IE are the big ones.
- Cyber Thieves Rob Treasury Credit Union.
- Ukrainian arrested in India on TJX data-theft charges. These incidents go on for years, not days or even months.
- iPhone PIN code worthless. Rich published on this a long time ago, but automounting on Ubuntu is new and disturbing. Previously people believed you had to jailbreak the iPhone first.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. I was going to call Mike out for having male menopause, bu this week’s best comment goes to LonerVamp for taking the high road in response to Security Incite: Competitive Fire.
@Mike: Amen! Play the game the makes you happy and you win. Who knows, maybe for some of those guys it’s no win, no booty!
RE: Cyber-insurance: Yikes. What if the PCI Council offered insurance. They’d say something like, meet these checklist requirements. If you meet these requirements and get hacked, we’ll pay you out. If you say you meet these requirements, but get hacked due to not truly meeting these requirements, you don’t get paid out. The problem is this leads down the road of the PCI Council being your consultants and managed services provider, because you need to be meeting those requirements constantly. Not just during the audit week. It doesn’t help that few orgs know what data they even have let alone know what they’re doing to protect it appropriately. Cyber-insurance stills feels about as useful as Lifelock, to me.
Comments