Friday Summary – May 15, 2009
Securosis is a funny company. We have a very different work objectives and time requirements compared to, say, a software company. And the work we do as analysts is way different than an IT admin or security job. We don’t punch the clock, and we don’t have bosses or corporate politics to worry about. We don’t have a ‘commute’ per se, either, so all of the changes since I left my last company and joined have been for the better and do not take long to adapt to. Another oddity I recently learned was that our vacations days are allocated in a very unusual way: it turns out that our holiday calendar is completely variable. Yes, it is based upon important external events, but only of quasi-religious significance. Last week I learned that all Star Trek premier days are holidays, with a day off to ‘clear your mind’ and be ready to enjoy yourself. This week I learned we get 1/2 days off the afternoon of a Jimmy Buffet concert, and most of the day off following a Jimmy Buffet concert. You see the wisdom in this policy the morning after the show. Last night Rich, I, and his extended family went to Cricket Pavilion for Buffett’s only Phoenix show. I won’t say how many of us actually packed into that tiny motor home for the trip down in case someone from the rental company reads the blog, but let’s say that on a hot summer afternoon it was a very cozy trip. And with something like 24 beers on ice per person, we were well prepared. This was my first Buffett concert and I really enjoyed it! We ended up going in late, so we were a long way from the stage, but that did not stop anyone from having a good time. I will be marking next year’s holiday calendar when I learn his next local tour dates. As this is a Securosis holiday, today’s summary will be a short one. And now for the week in review: Webcasts, Podcasts, Outside Writing, and Conferences Martin and Rich hit a major milestone with the 150th Network Security Podcast, which also hit the 500,000 download mark! Congratulations guys! Favorite Securosis Posts Rich: Adrian’s post on Open Invitation to the University of California at Berkeley IT Dept. Adrian: Rich’s post on The Data Breach Triangle. Data security is not always about preventing the attack. Favorite Outside Posts Adrian: Even though it came out last week, I just ran across Glenn Fleishman’s post on securing home networks. Rich: The PaulDotCom post on SQL Injection with sqlmap. Top News and Posts The cost of patching. Adobe Reader JavaScript Vulnerability at CERT. DoD Official Charged With Handing Over Classified Data To China. Security updates by Apple. Nearly half of IT security budgets deemed insufficient. Only half? Really? Did you see that Obama spoke at the ASU graduation ceremony? Did you see that the opening act was Alice Cooper? Rock on! Blog Comment of the Week This week’s best comment was from Martin McKeay in response to The Data Breach Triangle: Perhaps ‘access’ would be a better term to use than ‘exploit’. A malicious outsider needs an exploit to access the data, whereas a malicious insider usually has access to the data to begin with. You need the loot, a way to get the loot and a way to escape with the loot when you’ve got it. Is there any such thing as a ‘crime triangle’? I’m going to have to give this a bit more thought; I believe you have the right idea, but I think this somehow defines the data breach elements too narrowly. I haven’t figured out exactly what leads me in that direction yet, but it will come to me. Share: