Friday Summary

I have to say, Moscow was definitely one of the more interesting, and difficult, places I’ve traveled to. The city wasn’t what I expected at all- everywhere you look there’s a park or big green swatch down major streets. The metro was the cleanest, most fascinating of any city (sorry NY). I never waited more than 45 seconds for a car, and many of the stations are full of beautiful Soviet-era artwork.

In other ways it was more like traveling to Japan- a different alphabet, the obvious recognition of being an outsider, and English (or any Western European language) is tough to find outside the major tourist areas. Eating was sometimes difficult as we’d hunt for someplace with an English menu or pictures. But the churches, historical sites, and museums were simply amazing.

We did have one amusing (after the fact) incident. I was out there for the DLP Russia conference, at a Holiday Inn outside of Moscow proper. We requested a non-smoking room, which wasn't a problem. Of course we're in a country where the average 3 year old smokes, so we expected a little bleed-over. What we didn't expect was the Philip-Morris conference being held at the same hotel. So much for our non-smoking room, and don't get me started on the smoking-only restaurant. Then there was my feeble attempt to order room service that led to the room service guy coming to our room, me pointing at things on the menu, and him bringing something entirely different.

Oh well, it was a good trip anyway. Now on to the week's security summary:

Webcasts, Podcasts, Outside Writing, and Conferences:

• I spoke at a DLP Executive Forum in Dallas (a Symantec event).
• Over at TidBITS I explain how my iPhone rescued me from a travel disaster.
• Although I wasn't on the Network Security Podcast this week, Martin interviewed Homeland Security Secretary Chertoff.

Favorite Securosis Posts:

• Rich: I finally get back to discussing database encryption in Data Encryption, Option 1- Media Protection. (Adrian's follow up is also great stuff).
• Adrian: Examining how hackers work and think as a model for approaching Data Discovery & Classification.

Favorite Outside Posts:

• Adrian: Nothing has been more fascinating this week than to watch the Spam stories on Brain Krebs blog.
• Rich: Kees Leune offers up advice for budding security professionals.

Top News:

• One small step at the ISP, one giant leap for the sanity of mankind.
• 8e6 and Mail Marshal merge.
• AVG Flags Windows DLL as a virus, scrambles to fix false positive
• Jeremiah Grossman on how browser security evolves.
• Apple updates Safari. Oh yeah, and Google Chrome and Firefox also issued updates this week.
• Google also fixes a critical XSS vulnerability in its login page.
• Microsoft patches a 7 year old SMB flaw, which leads Chris Wysopal to talk about researcher credit.
• Researchers hijack storm worm. I think it's this kind of offensive computing we'll need to manage cybercrime- you can't win on defense alone.

Blog Comment of the Week:

Ted on my Two Kinds of Security Threats post:

You get more of what you measure. It's pretty easy to measure noisy threats, but hard to measure quiet ones. Fundamentally this keeps quiet threats as a "Fear" sell, and nobody likes those.

—Rich