Blog

Incite 7/7/2010: The Mailbox Vigil

By Mike Rothman

The postman (or postwoman) doesn’t really get any love. Not any more. In the good old days, we’d always look forward to what goodies the little white box truck, with the steering wheel on the wrong side, would bring. Maybe it was a birthday card (with a check from Grandma). Or possibly a cool catalog. Or maybe even a letter from a friend.

Now that is one happy mailbox... Nowadays the only thing that comes in the mail for me is bills. Business checks go to Phoenix. The magazines to which I still stupidly subscribe aren’t very exciting. I’ve probably read the interesting articles on the Internet already. The mail is yet another casualty of that killjoy Internet thing.

But not during the summer. You see, we’ve sent XX1 (that’s our oldest daughter) off to sleepaway camp for a month. It’s her first year and she went to a camp in Pennsylvania, not knowing a soul. I’m amazed by her bravery in going away from home for the first time to a place she’s never been (besides a two-hour visit last summer), without any friends. It’s not bravery like walking into a bunker filled with armed adversaries or a burning house to save the cat, but her fearlessness amazes us. I couldn’t have done that at 9, so we are very proud.

But it’s also cold turkey from a communication standpoint. No phone calls, no emails, no texts. We know she’s alive because they post pictures. We know she is happy because she has a grin from ear to ear in every picture. So that is comforting, but after 9 years of incessant chatter, it’s a bit unsettling to not hear anything. The sound of silence is deafening. At least until the twins get up, that is.

We can send her letters and the camp has this online system, where we log into a portal and type in a message, and they print it out and give it to her each day. Old school, but convenient for us. That system is only one way. The only way we receive communication from her is through the mail. Which brings us back to our friend the postman. Now the Boss rushes to the mailbox every day to see whether XX1 has sent us a letter.

Most days we get nada. But we have gotten two postcards thus far (she’s been gone about 10 days), each in some kind of hieroglyphics not giving us much information at all. And we even gave her those letter templates that ask specific questions, like “What did you do today?” and “What is your favorite part of camp?” As frustrating as it is to get sparse communication, I know (from my camp experience) that it’s a good sign. The kids that write Tolstoian letters home are usually homesick or having a terrible time.

So I can be pragmatic about it and know that in another 3 weeks the chatter will start again and I’ll get to hear all the camp stories… 100 times. But the Boss will continue her mailbox vigil each day, hoping to get a glimpse of what our daughter is doing, how she’s feeling, and the great time she’s having. And I don’t say a word because that’s what Moms do.

– Mike.

Photo credits: “happy to receive mail” originally uploaded by Loving Earth


Recent Securosis Posts

  1. Know Your Adversary
  2. IBM gets a BigFix for Tivoli Endpoint Management
  3. Tokenization: The Business Justification
  4. Understanding and Selecting SIEM/LM: Advanced Features
  5. Understanding and Selecting SIEM/LM: Integration
  6. Understanding and Selecting SIEM/LM: Selection Process
  7. Friday Summary: July 1, 2010

Incite 4 U

  1. The ethics of malware creation – The folks at NSS Labs kind of started a crap storm when they dropped out of the AMTSO (anti-malware testing standards organization) and started publishing their results, which were not flattering to some members of the AMTSO. Then the debate migrated over to the ethics of creating malware for testing purposes. Ed at SecurityCurve does a good job of summarizing a lot of the discussion. To be clear, it’s a slippery slope and I can definitely see both sides of the discussion, especially within the context of the similar ethical quandary around developing new diseases. I come down on the side of doing whatever I can to really test my defenses, and that may mean coming up with interesting attacks. Obviously you don’t publish them in the wild and the payload needs to be inert, but to think that the bad guys aren’t going to figure it out eventually is naive. Unfortunately we can’t depend on everyone to act responsibly when they find something, so we have to assume that however the malware was originated, it will become public and weaponized. And that means we get back to basics. Right, react faster/better and contain the damage. – MR

  2. Mission to (Replace) MARS – When Cisco announced last year they weren’t supporting third party network and security devices on their MARS analysis platform, it was a clear indication that the product wasn’t long for the world. Of course, that started a feeding frenzy in the SIEM/Log Management world with all 25 vendors vying to get into Cisco’s good graces and become a preferred migration path, whatever that means. Finally Cisco has announced who won the beauty content by certifying 5 vendors who did some kind of interoperability testing, including ArcSight, RSA, LogLogic, NetForensics, and Splunk. Is this anything substantial? Probably not. But it does give sales reps something to talk about. And in a pretty undifferentiated market fighting for displacements, that isn’t a bad thing. – MR

  3. More goodies for your pen testing bag – Yes, we are big fans of hacking yourself, and that usually requires tools – open source, or commercial, or hybrid doesn’t matter. Sophisticated folks leverage memory analysis, reverse engineering apps and/or application scanners. The good news is there are no lack of new tools showing up to make the job of the pen tester easier. First hat tip goes to Darknet, who points out the inundator tool, which basically floods an IPS and makes it hard to detect the real attack. The folks at Help-Net also cover the XSSer tool, which is designed to find cross-site scripting vulnerabilities on web apps. Like any pen testing tool, these are useful for both good and evil, and you can be sure there are folks on the wrong side of the fence using them. That means at worst you should check them out and see what they find. Better that than be surprised when the bad guys find stuff. – MR

  4. How real is cyberwar? – Rich has gone on record calling hogwash on this whole cyberwar phenomenon, pointing out that unless you have blood running through the streets and lots of body bags, it’s not war. Then I read one of Bejtlich’s weekend missives (Cyberwar is real) and it gets me thinking. Of course, any time you bust out Sun Tzu, I need to take a step back and consider. I think the point is cyber attacks will clearly be a part of most wars moving forward. Not from the standpoint of directly hurting folks, but by crippling critical systems. Now we bomb airports and power stations and media installations in the initial phases of an attack to cripple the enemy. In the future, it would be a lot cheaper (though less reliable and shorter-lived) to pwn the air traffic control, shut down the power plants, and take over radio and TV broadcast to start a propaganda barrage. So yes, cyberwar is real, but it gets back to how we define cyberwar. – MR

No Related Posts
Comments

I’m interested in the Cisco MARS replacement info you mentioned.  Are you referring to the “Security Management Partners” thing on the Cisco Developer Network?
http://developer.cisco.com/web/siem/partners

If so, it looks like they’ve expanded the list to 6 already - SenSage was added to the list.  Also, the RSA product listed (no link) is RSA EnVision. http://www.rsa.com/node.aspx?id=3170

Anyway, looking at the “Security Management System Design Guide” (June 2010) is eye-opening, but not completely a surprise. It appears they have just completely given up on MARS at this point ...

———
If CS-MARS is already deployed for monitoring and correlating events from Cisco devices, organizations can archive data from CS-MARS and import it into third-party SIEM solutions for consolidating events into a single dashboard. In a heterogeneous environment, it is recommended using third-party SIEM solutions. (p.14)
———

That’s the first mention of MARS in the document, save a cursory sentence in the opening paragraphs.  Sad.

By MikeInSeoul


If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.