What would you do if you could go back to school? Seriously. If you could turn back the clock and go back to grade school or even high school? No real responsibility. No one depending on you for food and/or shelter. Gosh, I’d do so many things differently. I’d buy a few shares of Microsoft when they went public (and I’d also send a note to my 1999 self to sell it). Ah, the magic of hindsight. What I wouldn’t do is bitch about it. It’s funny that my kids were actually excited to go back to school. We figured they’d be bitching a lot more, especially given how much fun they have over the summer. Thankfully, they aren’t at the stage where they dread the end of summer vacation and the return to the structure and routine of the school year. The Boss is clearly doing something right because the girls jumped right in. The Boy not so much. Not because he doesn’t like school, but more because time he’s working is time he’s not outside playing ball with his buddies. The biggest thing we try to get across every year is the importance of a strong work ethic. Unless there is an activity right after school, the kids grab a snack and jump right into their homework, which must be done, to The Boss’s satisfaction, before they can do anything else. We’re constantly harping on the fact that hard work can overcome a lot of mistakes and issues. Also that it’s okay to get something wrong and to make mistakes. But it’s not okay not to give it proper effort. The most gratifying thing about it all? Seeing one of the kids “get it.” Last year XX1 spent countless hours preparing for a big test, and she aced it. She saw the direct correlation between hard work and positive results. Rich and I were joking the other day that we both did the bare minimum as long as we could throughout public school. We got by on our charming personalities. Okay, maybe not… All the same, if we applied our current work ethic to our school endeavors? Who knows what we’d accomplish. But we would also miss out on a number of great parties and save some liver damage. Okay, a lot of liver damage. Oh yeah, the balance discussion. That’s one secret we won’t share until the kids graduate from college. So don’t ruin it for us, okay? -Mike Note: Yes, I’m kidding. All work and no play is not the way to go through childhood. Photo credits: “Back to School Bong Sale” originally uploaded by designwallah Incite 4 U Fixing is the hard part: I’m kind of surprised at the tepid response to Microsoft’s $250k prize for advancement of exploit mitigation. Imagine that, folks get paid a bit for finding a bug and being able to exploit it, but now can get paid a lot for actually fixing the issue. I think this is great and we should all applaud Microsoft. First for finally understanding that for the price of one engineer (fully loaded), they could put in place a meaningful economic incentive for a researcher. But also to start driving toward a culture of fixing things instead of just breaking them. Stormy did a great job of making that case as well. – MR And you thought your network was tough…: We often call the DefCon network “The World’s Most Hostile Network” since you can assume at least a few hundred – possibly thousands – of hackers are on it eating their latest software toys. What not everyone knows is that there are actually multiple networks at DefCon, some of which are probably reasonably secure, but that isn’t what I’m going to talk about today. Ryan Barnett over at Tactical Web Application Security wrote a great post on what web apps can learn from casino surveillance. I’m a huge fan of monitoring at all levels, and when it comes to web apps we definitely aren’t doing enough (in most cases). Ryan’s post does a good job of keying in on the main difference between apps and networks (spoiler – is has to do with who is allowed in). As a side note, back in Gartner days Ray Wagner (still there) and myself were proponents of using slot machine security standards for voting machines. But it seems the price of democracy doesn’t won’t cover the same security used for nickel slots. Then again the payout of the voting machines usually isn’t 97% either. – RM DAM market maturing: The Database Activity Monitoring market continues to see activity, with GreenSQL receiving another $2.2 million in venture funding from Atlantic Capital partners. Like children, most startups are not very interesting until they are a couple years old. Companies need to mature both product functionality and vision. GreenSQL is reaching that point: their first product was an open source reverse proxy for SQL statements. Now they offer core SQL statement blocking function like other DAM vendors, but they also offer a performance boost through a database caching service as well. Like the rest of the DAM players, they are morphing into something else – with the addition of masking, usage profiles, and application specific rule sets. Integrating a number of previously separate functions into a more integrated offering. Yet another sign of an increasingly mature market. DAM(n) funny how that happens. With Imperva slated for IPO and lots of interest in the basic monitoring capabilities, expect continued M&A activity. I expect we’ll need to change the way we think about DAM into a larger database security context by this time next year. – AL A different kind of hacking: Most of us were taught that two wrongs don’t make a right. The consistent attacks on law enforcement do nothing but endanger folks who make significant sacrifices. Our own Adrian provided some context about the situation in Arizona for this story about the continued posting of personal information about law
