Friday Summary – May 8, 2009
A lot of security related news this week in the mainstream press. What with Nuclear Secrets being a fringe benefit to eBay shopping. Other big names like McAfee exposing users to a CSRF and MI-6’s operations nixed on a missing memory stick. With security this bad, who needs Chinese hackers? What gets me is the simple stuff that gets missed. Unencrypted hard drives and memory sticks. WTF? Fighter jet plans and power grid control systems on networks, directly or indirectly attached to the Internet? Whoever thought that was a good idea needs to be discovered and fired. Anyway, enough negativity, and you don’t need to read my rants when there are this many good articles to read this week. The funniest thing I saw all week was from last night: Rich and I were having dinner, waiting for the 10:00 PM premiere of the new Star Trek movie, when Rich decided he was going to have some fun and do some ‘live #startrek’ tweets. Not real, but live. Rich was on a roll as we started to joke about plot lines and just making up character twists and throwing BS on Twitter. I must say, he has Trekkie cred, because he knows a heck of a lot more than I do about the entire genre. We were having a great time just making $%(# up. After dinner we went to the theater and got dead center seats! We were not 5 minutes into the movie when one of Rich’s tweets came alarmingly close to the real thing. Another 5 minutes, and Rich nailed another plot line. I am not going to say which ones, you will just have to go see the movie. Oh, and we both really liked it! A must-see for Star Trek fans. But for a little amusement, before you go to the movie, check Rich’s tweets. I know Rich said it last week, but I wanted to mention it again – if you’d like to get our content via email instead of RSS, please head over and sign up for the Daily Digest, which goes out every night. And now for the week in review: Webcasts, Podcasts, Outside Writing, and Conferences Martin and Rich on the weekly Network Security Podcast. I did a series of three videos and an executive overview on DLP for Websense. It was kind of cool to go to a regular studio and have it professionally edited. The videos (each about 2 minutes long) and Executive Guide are designed to introduce technical or non-technical executives to DLP. It’s all objective stuff, and cut-down versions of our more extensive materials. Favorite Securosis Posts Rich: Adrian’s post on Oracle’s acquisition of Sun. I haven’t seen anyone else take this perspective! Adrian: Rich’s post on There are no Trusted Sites; the Security Edition. Poignant as always. Favorite Outside Posts Adrian: With all that free time on his hands, Chris has been turning out some good stuff. His post on Cloud Security Will NOT Supplant Patching is dead on the mark. Rich: Rsnake’s Silver Bullet Metric post. Top News and Posts Big news this week was the Torpig Hijack. The paper is long but filled with interesting details. Interesting developments between AdBlock creator Wladimir Palant and NoScript creator Giorgio Maone. Yeah, but so what? We know it is possible, and we know someone will be motivated by fame or fortune and do it again. The problem is someone will eventually do it well. Ryan Naraine’s coverage of the Google Chrome Security Flaws . Ron Gula of Tenable on understanding Vulnerability Assessment Results . I don’t know what the availability of this device is, but MiFi looks pretty cool!. Handy tip on disk wiping . The Marriage of Figaro, oddly sans frogs. New NERC standards. Naraine and Dancho on PowerPoint ZeroDay. Blog Comment of the Week This week’s best comment was from Nick in response to Spam Levels and Anti-Spam: Since the McColo shutdown we have seen a gradual rise in spam only returning to pre-McColo levels about a month ago. We are a small fish and only deal with about 20,000 emails per day including spam. But I have not been able to recognize the “return to normal” that everyone was talking about several months ago. I would actually estimate that after the shutdown, we have been sitting about 20% lower than usual, until this past month. Not including the first period of time after McColo. Share: