This week’s intro has nothing to do with security – just a warning in case that matters to you.
I’m betting most people spent their spare time this week watching the World Cup. Or perhaps “sick time”, given the apparent national epidemic that suddenly cleared up by Friday. I am not really a ‘football’ fan, but there were some amazing matches and I remain baffled at how a player thought he could get away with biting another player during a match. And then flop and cry that he hurt his mouth! Speechless!
But being perverse, I spend most of my spare time this week following a couple court cases. Yes, legal battles. I’m weird that way.
The most interesting was O’Bannon v. NCAA up in Oakland California. I am following it because this case has strong potential to completely change college athletics. If you haven’t been paying attention, the essence is that players cannot make money from marketing own their images, but colleges can. For example, a player might be ‘virtualized’ in an EA video game, and the college paid $10M, but the player cannot receive any financial compensation.
The NCAA has drawn a line in the sand, and stated that players must receive less than the actual, federal rate for the cost of college attendance. But what gets me is that the NCAA president believes that if a player is in a photo with a product, and receives money from the company, then s/he is being exploited. If s/he is in the same photo, and does not receive money, then s/he is not being exploited. Their uniforms can have corporate logos, and that company can pay the coach to make players advertise their products. The players can be forced to appear in front of banners with corporate logos, and even be forced to drink water from bottles with their corporate logos, but none of that would be exploitation! Not on the NCAA’s watch. Thank goodness the president of the NCAA is there to protect students for these corporate pirates! Here’s a $1.6 million salary for your virtuous hard work, Mark!
I joked with a friend recently that I honestly don’t know how we played college football in the 50s, 60s, and 70s without the millions and millions of dollars now being funneled into these programs. How could we have possibly played the game without all this money? I had not seen a game in years, and attended a local college game last fall; I was horrified that one team’s logo and image were completely subsumed by the local corporate sponsors – notably a local Indian casino. Appalled. The casino’s logo was displayed after each touchdown. The audience just clapped as the sponsoring casino paid for fireworks, and who doesn’t love fireworks?
As a previous president stated about the NCAA, ‘amateurism’ plays to the participants, not the enterprise. At Texas the football program pays for the entire athletic department, including $5.3M for the head football coach, and still hands back $9M a year to the school. I’m told the University of Alabama grossed well over $100M in one year from its football program’s various revenue sources. Serious. Freaking. Money.
From the various reports I am reading, it does not look good for the NCAA. I am not a betting man, but if pushed I would wager on the plaintiff’s side. And at some time in the future, after the appeals, suddenly the students who support this multi-billion dollar industry will get a big piece of the pie.
I was rooting for Aereo. Really rooting for Aereo, but they lost their case against the broadcasters. Shot down by the Supreme Court verdict earlier this week. And honestly it’s hard to fault the verdict – give it a read. This is a huge win for broadcasters and cable carriers, and a serious loss for viewers. When it comes down to it Aereo is re-broadcasting others’ content and making a profit off it. We are not keen at Securosis when content aggregation sites routinely bundle our posts and sell advertising around it either. Still, why the hell can’t the broadcasters make this work and provide the content in a way users want? The broadcasting rules and contracts really need to change to allow some innovation, or viewers will ultimately go somewhere else to get what they want. As a consumer I am miffed that something provided over the air, for free, can’t be sent to me if I want to watch it (if you have ever lived just out of sight of a broadcast tower where so you got crappy reception, you know exactly what I am talking about). Or put it on your DVR. Or whatever private use you want to make of it – the customers you broadcast it to might actually want to watch the content at some convenient place and time.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Favorite Securosis Posts
- Adrian Lane: Open Source Development Analysis: Development Trends.
- Mike Rothman: Knucklehead-Employee.com. Yeah, it’s mine. But it’s still too damn funny. And I got to bust out the memegenerator. So it’s a win all around.
Other Securosis Posts
- Incite 6/25/2014: June Daze.
- Trends in Data Centric Security [New Series].
- Open Source Development Analysis: Application Security.
- Firestarter: Apple and Privacy.
Favorite Outside Posts
- Adrian Lane: BoringSSL. This is not the introduction of BoringSSL, but the authors no BS got tired of waiting for politics to get this crap fixed approach without calling out OpenSSL. Bravo.
- Dave Lewis: The Akamai State of the Internet Report.
- James Arlen: Deloitte’s Global Defense Outlook 2014.
- Mike Rothman: Asymmetry of People’s Time in Security Incidents. Lenny Z does a good job of explaining why poor incident handling/management can make it much more expensive to clean up an attack than it is for the attacker. Be prepared, and change the economics. Unfortunately automated attacks now offer so much leverage that you probably cannot achieve parity. But don’t exacerbate the situation.
Research Reports and Presentations
- Defending Against Network-based Distributed Denial of Service Attacks.
- Reducing Attack Surface with Application Control.
- Leveraging Threat Intelligence in Security Monitoring.
- The Future of Security: The Trends and Technologies Transforming Security.
- Security Analytics with Big Data.
- Security Management 2.5: Replacing Your SIEM Yet?
- Defending Data on iOS 7.
- Eliminate Surprises with Security Assurance and Testing.
- What CISOs Need to Know about Cloud Computing.
- Defending Against Application Denial of Service Attacks.
Top News and Posts
- Interesting list of Sysadmin Thingers.
- SCOTUS’s new Rummaging Doctrine.
- Emails Show Feds Asking Florida Cops to Deceive Judges.
- Security firm discusses cyber attack on large hedge fund. The firm name will leak eventually.
- House votes to block funding for NSA snooping.
- Driving a Collectively Stronger Security Community with Microsoft Interflow.
- Ex-NSA Chief Pitches Banks Costly Advice on Cyber-Attacks. Say it in your best Dr. Evil voice: ONE MILLION DOLLARS!
- Google Tightens Security with BoringSSL.
- Does de-identification work or not?
- We Were Lucky to Get Hacked.
- Banking fraud campaign steals 500k euros in a week
- HackPorts – Mac OS X Penetration Testing Framework and Tools
- Code Spaces forced to close its doors after security incident
- Hackers Hold 650k Dominos Customer Records for Ransom. Hopefully they have since asked themselves why they were storing PII.
Blog Comment of the Week
This week’s best comment goes to Marco Tietz, in response to Trends in Data Centric Security.
Agreed. Questions around data seem to be the most difficult to answer in today’s corporations. ‘How does the stored data tie to an offering? Who is the owner of the data? Who decides who can access it? How long do we keep it?’ More often than not you hear “Don’t know, but it’s not me”. Once you start moving data around for valid business reasons (analytics, benchmarking, …), these answers get even more vague, if even possible.
Comments