Friday Summary: April 9, 2010By Rich
So I’m turning 39 in a couple of weeks. Not that 39 is one of those milestone birthdays, but it leaves me with only 365 days until I can not only no longer trust myself (as happened when I turned 30), but I supposedly can’t even trust my bladder anymore.
I’m not really into birthdays with ‘0’ at the end having some great significance, but I do think they can be a good excuse to reflect on where you are in life. Personally I have an insanely good life – I run my own company, have a great family, enjoy my (very flexible) job, and have gotten to do some pretty cool things over the years. Things like “fly a jet,” “drive over 100 MPH with lights and sirens on,” “visit 6 of 7 continents,” “compete in a national martial arts tournament” (and lose to a 16 year old who hadn’t discovered beer yet), “rescue people from mountains,” “get choppered into a disaster,” “ski patrol at a major resort,” “meet Jimmy Buffett,” and even “write a screenplay” (not a good screenplay, but still).
But there are a few things I haven’t finished yet, and that last year before 40 seems like a good chance to knock one or two off. Here are my current top 5, and I’m hoping to finish at least one:
- Get my pilot’s license.
- Visit Antarctica (the only continent I haven’t been on).
- Sail the Caribbean Captain Ron style.
- Run a marathon.
- Finish an Olympic-distance triathlon (I’ve done sprint distance already).
I’m open to suggestions, and while the marathon/triathlon are the cheapest, I’d kind of like to get that pilot’s license.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Living with Windows: security. Rich wrote this up for Macworld.
- Effort Will Measure Costs Of Monitoring, Managing Network Security: Open-source Network Security Operations Quant goes live.
Favorite Securosis Posts
- Rich: Anti-Malware Effectiveness: The Truth Is out There. Lies, damn lies, and testing.
- Adrian Lane: Database Virtualization and Abstraction.
- Mike Rothman: FireStarter: Nasty or Not, Jericho is Irrelevant. I know this is from last week, but the comments on the post this week were pretty intense (and good).
- David Mortman: Who to Recruit for Security, How to Get Started, and Career Tracks.
Other Securosis Posts
- Database Security Fundamentals: Auditing Transactions.
- ESF: Controls: Secure Configurations.
- Incite 4/7/2010: Everybody Loves the Underdog.
- ESF: Controls: Update and Patch.
- ESF: Triage: Fixing the Leaky Buckets.
- ESF: Prioritize: Finding the Leaky Buckets.
Favorite Outside Posts
- Rich: The Spider That Ate My Site Okay, I hate to admit this but I did something similar to our back end management interface. When admin buttons like “delete” are merely links, a simple spider can cause some serious damage.
- Adrian Lane: How did Wikileaks decrypt the video? Robert Graham’s for, indirectly, calling BS on this.
- David Mortman: Bring your Cloud to Work in Iraq.
- Mike Rothman: Preview or vaporware? Announcements of technology that doesn’t exist annoy the crap out of me. These are the PR guidelines for how to do it (and not annoy guys like me) from Schwartz.
- Chris Pepper: Researchers Trace Data Theft to Intruders in China.
Project Quant Posts
Top News and Posts
- Anton: CISecurity Metrics Move Ahead.
- Are PDF’s Worm-able?
- IWM and Shadow Server Project Report: Shadows in the Clouds.
- Researcher Releases ‘Qubes’ Hardened OS.
- Researcher Details New Class Of Cross-Site Scripting Attack.
- Meta-Information Cross Site Scripting. Still looks like persistent XSS to me, but still an interesting variant.
- Removing the RSA Security 1024 V3 Root An orphaned root certificate. Now I don’t feel so bad about forgetting to renew domain registration.
- Patch Tuesday Info.
- Customers Sue Countrywide Financial Over Theft And Sale Of Personal Data: Class-action suit seeks $20 million as well as answers about company’s involvement. Very interesting, as it appears the claimants believe the data theft was organized and possibly condoned.
- Stolen IDs used to file fake tax returns.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Paul Simmonds, in response to FireStarter: Nasty or Not, Jericho is Irrelevant.
Having just read the RFI response from a major software vendor, who’s marketing BS manages to side-step all the questions designed to get to the bottom of “is this secure”, then the answer is YES, we do need the nasty questions. More importantly they may be obvious but we as purchasers are not asking them, and the vendors are not volunteering the information (mainly because what they supply is inherently insecure). And then we wonder why we are in the state we are in??