For the next 5 days my wife and I are heading to Sonoma to celebrate our anniversary. I am, to say the least, one lucky #&^(*&^#* to have her.

’nuff said.

Just a quick update to say all is well, if a bit painful.

On Monday I had shoulder surgery to repair a moderate tear to my cartilage in the shoulder (the superior labrum, to be specific). Turns out the tear was a series of tears and I also managed to injure my rotator cuff. The 20 minute procedure took about an hour (still minor in the scheme of things) and my recovery will take a little longer than expected. The worst part is this week as I get past the initial pain, after that everything should be on track.

I want to thank Chris Pepper (who starts a new job in a couple of days) and Dave Mortman for keeping an eye on the blog and contributing new content. Hopefully I’ll be able to convince Dave to keep contributing after I’m back full time. Dave is one of those rare individuals who can combine the practical and the theoretical in security, and has held the management positions to actually execute his theories.

I’ll be taking it easy for another couple of days, but I’m past the hump and have a full schedule next week. Thanks for all the support, and we’ll be back to encryption, DAM, and all your favorite acronyms before you can say “Vicodin”.

This is very amusing. Everything you need to know about negotiating with Microsoft for $44B.

I’m off for the weekend and in surgery on Monday (a minor shoulder thing). I have some guests on the site next week and some other surprises to keep the content running. Have a great weekend…

I have a moderately complex network at home, with multiple WiFi base stations (running at 5 GHz and 2.4 GHz), a hacked WRT54G gateway router for firewall/VPN, and a couple of AirPort Express units for music streaming.

Starting a couple of weeks ago I started having all sorts of erratic behavior with the AirPorts, which was extremely annoying since I was trying to evaluate Airfoil, an audio streaming application, for TidBITS. Lost connections, disappearing access points, and other nonsense. It hit the point yesterday afternoon where I reconfigured my entire network, yanked out the VPN, and, in the process, killed everything.

Waking up with a little 4 am insomnia I tries a quick fix I’d forgotten about- changing WiFi channels. A couple of years ago I had similar problems and after doing a site survey with Kismet I realized my access point was on the same channel as a neighbor. This time I skipped Kismet and just swapped channels on my 2.4 GHz (802.11g) access point.

All is good. I’m going to bed now. One of our new neighbors must have been on channel 8, and everything is happily connected on channel 7 now. If you find yourself dropping connections or having other weirdness, just go into your access point configuration panel and hard code different channels until things start working better.

Technorati Tags: WiFi

Email me.

I’m pretty angry right now.

I just went to vote in the primary. In hand was my driver’s license and voter ID card. Because the addresses didn’t match, I wasn’t allowed to vote until I showed another form of ID with matching addresses. I, of course, didn’t have one. None of the materials mailed to us or displayed in our polling place mention this requirement.

The thing about AZ is that our licenses don’t expire for a really long time, and as long as you register your new address with the state they don’t re-issue your license. Thus, the odds are very high you’ll have an ID with a different address than where you live.

Digging through the car we found the sample ballots mailed to us. It turns out *anything* with your name and address on it, including utility bills, is considered a valid ID. They let us skip the line and vote.

From a security perspective this does nothing to reduce voter fraud. Most of the illegals in the area who are willing to risk registering and trying to vote can easily produce a utility bill, and that combined with the voter ID card mailed to them will work just fine. Pretending to be someone else? I suppose you could pull that off, but you’d know the ID requirement and their name going in and could easily fake it.

I won’t go all civil-liberties on you and talk about how these ID requirements are generally class warfare.

We did get to vote, but perhaps any of you legal types out there will have fun with this hidden requirement, never mentioned in any materials mailed or posted.

The poll workers were very frustrated with the requirement. They informed us most people had an updated vehicle registration of insurance card they could scrounge up, and nearly everyone was allowed to vote. Needless to say, we’ll be filing a complaint.

Securosis is in possession of damning documentation that proves, without a doubt, that John Moltz of Crazy Apple Rumors has taken control of all Macs through his ingenious use of the, “woe is me, I lost my funding, come to my site and cry your goodbyes” scam.

We also possess genealogical evidence, provided by the Mormon church, proving that Motz is the bastard artificial child of John Gruber and Dave Maynor.

During the infamous Black Hat Mac hacking incident, Maynor and Gruber were simultaneously drugged by Steve Ballmer and their genetic material was sampled. Ballmer then broke into a lab used by the Gates Foundation for malaria research and combined the genes to produce the ultimate Mac security threat. A snippet of a secret email sent by Ballmer reveals his evil plot:

By combining the most hated OS X security researcher with the most beloved Mac enthusiast into a mindless creature under my control I will infiltrate the Apple community and use that trust to install a devastating trojan on all Macs, everywhere. We will final[sic][hic] wipe out Apple and control the hearts and minds of the world. BWAHAHAHAHAHAHA!

Moltz, obeying the commands of his master in Redmond, used jokes blatantly stolen from Fake Steve Jobs (also a Ballmer creation) to draw humor-starved Mac enthusiasts to CARS. He then installed exploit code on CARS for an 0day Safari vulnerability and announced his so-called “break” to draw sufficient traffic to pass the critical threshold for his malicious software to achieve self-propagation.

The code has since become self aware, joining with the Storm Worm and Facebook. It is expected to cross over into the mosquito population within weeks, overtaking bird flu as the greatest threat to humanity.

Moltz is also responsible for global warming, and a kitten dies every time he laughs.

…

(For those who don’t know, CARS is going on hiatus and is a great loss to the tech community. It only linked to Securosis once, but that still drives more traffic than anything I write on enterprise security. We’ll miss ya John. Please start drinking heavily again so we get our daily laugh.)

Okay, it was only a half-marathon, but considering I hurt my knee and wasn’t able to train for a month I feel pretty darn good about finishing. In my head that is; legs aren’t quite as pleased.

I’m heading off to Macworld Expo tomorrow and will be in San Francisco all week. I’m helping cover the event for TidBITS. While most of my non-security writing will be over there, since TidBITS is an edited publication I’ll probably be pushing out some random Apple posts over here.

I’m hoping for two announcements this week, although honestly don’t expect them. First is for the 3G iPhone, preferably with GPS and a functioning 2-way calendar/to-do list. I’ve been disappointed in my Blackberry Pearl for two reasons- the craptastic browser, and since I don’t have an Exchange server I don’t get truly real-time email. (Yes, I can do hosted Exchange, but that doesn’t make sense for me).

Second, I’m hoping for a refresh on the MacBook Pros with SSD drives and LED screens for better battery life. The rumors seem to trend more towards a compact MBP or tablet which would be okay if the specs are high enough.

Either way, I’m looking forward to the first non-security, non-Gartner conference I’ve been to in years.

I was debating about writing anything personal about 2008, but after reading Mike’s Security Incite today I figure a little personalization on the site won’t hurt. If you’re not interested in what I’m up to professionally and personally, this is a good post to skip.

2007 was a very intense year. I built a new house, moved, quit my job, traveled all over the freaking place, and tried my best to cling to a personal life. At times I was elated, completely burned out, inspired, bored, physically fit, and old fat and lazy. It was a heck of a year, and all in all I enjoyed it thoroughly.

I’m not one for resolutions, but I’m really looking forward to 2008 and have some specific goals.

Business-wise, Securosis is going better than I ever expected. I wasn’t one of those analysts that believed my own hype and assumed the world was just begging for my attention. Leaving a good job with a steady paycheck for nebulous reasons is always a little daunting, but after 4 full months on my own things are cruising along and at times I can barely keep up. I need to thank all of you for the support- from readers and commenters to paying customers. I’m well diversified in my client base (vendors, end users, and investment types), and the kinds of projects I’m engaged in.

And I’m having a blast.

There’s a lot on tap for 2008. I’ll be pumping out more free whitepapers through SANS- mostly focused on data and application security, with a few I hope to co-author on other topics. I have a bunch of speaking engagements lined up, and will promote those more heavily as they get closer (including RSA). If all goes well, I might even be able to self publish a book on data security before the end of the year. I’ll also continue to write over at Dark Reading, TidBITS, and other publications as opportunities come up.

I’m already ecstatic about the consulting projects that are coming up- it’s been a long time since I did project-based work and I really enjoy digging in deeper on things (everything from product assessments to data security strategies).

My main goal is to accomplish all of this while maintaining a good work/life balance. I’ve let that slip in the past, especially when I was an analyst. As far as I know we only have one shot on this planet and I don’t intend to spend it stressed out and working all the time. And, to be honest, the quality of work suffers if you aren’t happy.

Personally the year is going to start a little rough- I have to get shoulder surgery to repair a SLAP tear. I’m a very physically active guy and it’s been torture to restrict my activities since I hurt it at the end out August. I even quit my martial arts training- can’t throw a punch. I’ll be on restricted duty for 3-6 months, and probably won’t be 100% for a year.

On the upside, it gives me an excuse to return to base training, rebuild from the past years of abuse on airplanes, and enjoy some of my other hobbies. I have some woodworking projects in mind, want to finish wiring the house, and finally finish unpacking from the move.

Maybe it’s selfish, but in 2008 I plan on having fun, helping others, making a living, and enjoying life. When you get down to it, what else is there?

Oh no he didn’t!

http://rationalsecurity.typepad.com/blog/2007/12/breaking-news-s.html

I should be crossing the border back to the US in about 12 hours.