Incite 11/3/2010: 10 Years Gone
A decade seems like a lifetime. And in the case of XX1 it is. You see I’m a little nostalgic this week because on Monday XX1 turned 10. I guess I could confuse her and say “XX1 turns X,” mixing metaphors and throwing some pre-algebraic confusion in for good measure – but that wouldn’t be any fun. For her – it would be plenty fun for me. 10 years. Wow. You see, I don’t notice my age. I passed 40 a few years back and noticed that my liver’s ability to deal with massive amounts of drink and my hair color seemed to be the only outward signs of aging. But to have a 10 year old kid? I guess I’m not a spring chicken anymore. But it’s all good. I can remember like it was yesterday watching the 2000 election returns (remember that Bush/Gore thing?), with XX1 in a little briefcase under the lights to deal with jaundice. But it wasn’t yesterday. Now I have a wonderful little woman to chat with, teach, learn from, and watch grow into a fantastic person. She’s grown significantly over the past year and I expect the changes will be coming fast and furious from here on. Of course, I can’t talk about how wonderful my oldest daughter is without mentioning the true architect of her success, and that’s the Boss. She’s got the rudder on most days and is navigating the bumpy seas of helping our kids grow up masterfully. Yet I’m also cognizant that you can’t outrun your genetics – you need to learn about them and compensate. Over the weekend, one of XX1’s closest friends mentioned how cool it was that she was turning 10, and how exciting it must be. XX1 shrugged that off and started focusing on the fact that in another 10 years, she’ll be 20. Hmmm. Not enjoying today’s accomplishment, and instantly focusing on the next milestone. Wonder where she gets that from? Thankfully her friend is more in tune with being in the moment, and chastised her instantly. I think the response was, “Why are you worrying about that? Just enjoy being 10.” Smart girl, that friend. But it’s an important nuance. It’s taken me many years to become aware of my own idiosyncrasies, how they impact my worldview, and how to compensate. We have the opportunity to teach XX1 (XX2 and the Boy as well) about why they think in certain ways and how that will impact their capabilities. Obviously all of the kids are different, but each shows aspects of each of us. By working closely with them, helping them become aware of their own thought processes, and figuring out together how to maximize their strengths, hopefully they’ll avoid a lot of the inner turmoil that marked my first four decades. But then again, we are the parents, and we all know how much weight we holds in the mind of a pre-teen. If they are anything like us, they’ll have to learn it for themselves. But at some point, all we can hope is that when they encounter a challenge, something in the back of their minds will trigger, and they’ll remember that their wing-nut parents told them about it when they were little. – Mike Photo credits: “Happy 10th Birthday” originally uploaded by mmatins Incite 4 U Yes, we are changing things up (again). We know the last few months have been very content heavy on the blog, and we want to lighten it up a bit. So we are going to do more quick, snarky, and (hopefully) useful blog posts that we call drive-bys. We’ll also shorten up the Incite and focus on some vendor announcements and other quick topics of interest. Each of us will do two Incites a week and two drive-bys, with the goal of balancing things out a bit. Don’t be bashful – let us know what you think. Just tell me if I’m safe – For those of you who don’t want to know the gory details of SSL, cookies, and side-jacking attacks, but just what sites you can safely browse from Starbucks, check out George Ou’s Online services security report card. Last week, after the release of Firesheep, George Ou warned Forced SSL was broken on many social networking sites. Basically most cookies are still in clear text, so despite the use of SSL to pass credentials, the cookie can still be used to impersonate a user. In his follow-up this week, George produced a handy chart to show a side-by-side comparison of popular web sites and how they handle these basic security issues. And the conclusion? Not good… – AL One guess what flavor it is – What do you think you get when a SaaS provider builds a Web Application Firewall? According to this post by Ivan Ristic I suspect we’re all going to find out. Ivan let the cat out of the bag on his blog that he’s building a “next-generation web application firewall”. And he’s at Qualys, so I’m pretty sure it will be cloud-based. WAF is actually ripe for a cloud offering. I know one company in semi-stealth mode working on one, Art of Defense has an early offering, Akamai supports some ModSecurity filtering on their edge servers, and someone recently pointed me at CloudFlare. Heck, I’ve thought about getting one for Securosis. But I shudder at cleaning the puke out of the toilet when I get the first “PCI Compliant WAF SaaS” press release. – RM Next generation firewalls are officially a bandwagon… – In our Understanding and Selecting an Enterprise Firewall report, we intentionally avoided the term “next generation firewall”. We focused on the functionality, which has everything to do with application awareness, positive security models, and pseudo-IPS capabilities. Most vendors have announced something that hits those key capabilities, but they’re also talking at least a bit about how they are going to do it technically. The WTF announcement last week was from Sourcefire, who basically announced they are going to play in the next generation firewall market (whatever that really is), but then talked about an