Friday Summary, February 20, 2009
< div class=”wiki_entry”> Last Friday Adrian sent me an IM that he was just about finished with the Friday summary. The conversation went sort of like this: Me: I thought it was my turn? Adrian: It is. I just have a lot to say. It’s hard to argue with logic like that. This is a very strange week here at Securosis Central. My wife was due to deliver our first kid a few days ago, and we feel like we’re now living (and especially sleeping) on borrowed time. It’s funny how procreation is the most fundamental act of any biological creature, yet when it happens to you it’s, like, the biggest thing ever! Sure, our parents, most of our siblings, and a good chunk of our friends have already been through this particular rite of passage, but I think it’s one of those things you can never understand until you go through it, no matter how much crappy advice other people give you or books you read. Just like pretty much everything else in life. I suppose I could use this as a metaphor to the first time you suffer a security breach or something, but it’s Friday and I’ll spare you my over-pontification. Besides, there’s all sorts of juicy stuff going on out there in the security world, and far be it from me to waste you time with random drivel when I already do that the other 6 days of the week. Especially since you need to go disable Javascript in Adobe Acrobat. Onto the week in review: Webcasts, Podcasts, Outside Writing, and Conferences: Brian Krebs joined us on the Network Security Podcast. Favorite Securosis Posts: Rich: I love posts that stir debate, and A Small, Necessary Change for National Cybersecurity sure did the job. Adrian: Database Configuration Assessment Options. Favorite Outside Posts: Adrian: Rothman nails it this week with I’m a HIPAA, Hear Me Roar. Rich: Amrit on How Cloud, Virtualization, and Mobile Computing Impact Endpoint Management in the Enterprise. I almost think he might be being a little conservative on his time estimates. Top News and Posts: Kaminsky supports DNSSEC. His full slides are here. No, he’s not happy about it. Is there a major breach hiding out there? There is a major Adobe Acrobat exploit. Disable Javascript now. Verizon is implementing spam blocking. Nice, since they are one of the worst offenders and all. Sendio (email security) lands $3M. Glad we didn’t call that market dead. Microsoft sued over XP downgrade costs. Next, they’ll be sued for using the color blue in their logo. (Note to self- call lawyer). Much goodness at Black Hat DC. Too much to cover with individual links. Metasploit turns attack back on attackers. Stupid n00bs. Blog Comment of the Week: Sharon on New Database Configuration Assessment Options IMO mValent should be compared with CMDB solutions. They created a compliance story which in those days (PCI) resonates well. You probably know this as well as I (now I”m just giving myself some credit ) but database vulnerability assessment should go beyond the task of reporting configuration options and which patches are applied. While those tasks are very important I do see the benefits of looking for actual vulnerabilities. I do not see how Oracle will be able to develop (or buy), sell and support a product that can identify security vulnerabilities in its own products. Having said that, I am sure that many additional customers would look and evaluate mValent. The CMDB giants (HP, IBM and CA) should expect more competitive pressure. Share: