Friday Summary: August 24, 2012.By Adrian Lane
This will probably sound weird, but for the first time in many years I am bummed that summer is ending. This is odd because I’m not really into vacations. I have only taken a real vacation – which I define as my wife and myself leaving the house together for more than 24 hours – twice in the last twelve years. And one of those vacations was a disaster I would not care to relive – drunken friends and crashing houseboats onto rocks is something I can do without. Anyway, vacations are just not something we really do. And when you have as many critters as we do – each needing regular attention – going anywhere gets a bit difficult. I travel a lot as part of this job, so I have no need to “get away” for its own sake. I’m happy to putter around the house, and I have made my home a great place to take time off.
This year a close friend and I ventured up to south Lake Tahoe and visited Echo Lake. It’s a place my friend has been going with his parents since he was born, but both his parents have now passed, so we decided to keep the tradition alive. We planned a couple days hanging out and not catching fish. The trip started with a few bad omens: both on the way there and back, we got stuck in several traffic jams – including a high speed chase/rollover accident that stranded us for a few hours in the hot Oakland sun. But that did not matter. Sitting in traffic and sitting in the boat, I had a freaking great time! In fact I really did not want to come back. There was hiking I wanted to do but we ran out of time. And kayaking - no time. And swimming. And they had a Sailfish one-design regatta – I wanted in on that! Drinking Scotch with total strangers and just watching the sun set. And more fishing. I wanted to see if I could get my mountain bike back into the wilderness trails. I wanted a summer vacation, the three month kind I have not had since early high school. I started to fantasize about a tiny cabin on the water to help make all this happen. I could have stayed three months without a second thought. Honestly, I was like a little kid on the last week of summer. I really did not want to come back.
I know about all the studies that say you need time off work to be mentally healthy and invigorate yourself. I see a blog post every year on the need for time off and the importance of vacations. And I have seen the benefits of employees regularly taking time off. Whatever. That’s for other people. Not me. Or it was. Now I want a real vacation. It was damn fun, and even if it doesn’t help me beat burnout or reinvigorate me mentally – although this trip did – I just want to go do that again. It was odd feeling that urge to get away for the first time in a very long time. And here I find myself looking at listings for vacation properties – weird.
I included a boatload of news this week, so check it out.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich participated in Protecting Your Digital Life at TidBITS..
- Adrian joined Rich and Martin on The Network Security Podcast, episode 285.
- Adrian won the Nimby Award for Best Identity Forecast Blog.
Favorite Securosis Posts
- Adrian Lane: Endpoint Security Management Buyer’s Guide. I’m betting this is the most practical and helpful part for end users.
- Mike Rothman: Endpoint Security Management Buyer’s Guide – 10 Questions. Okay, it’s my post, so I’m a homer. But I love distilling down a bunch of content into only 10 questions. Makes you focus on what’s important.
- Rich: Force Attacker Perfection. This is an older post of mine, but I think it is becoming increasingly relevant now that we are seeing more interest in active countermeasures, which can really enhance the concept.
Other Securosis Posts
- Incite 8/22/2012: Cassette Legends.
- [New White Paper] Understanding and Selecting Data Masking Solutions.
- Friday Summary: August 17, 2012.
Favorite Outside Posts
- Dave Lewis: Identity is Center Stage in Mobile Security Venn.
- Mike Rothman: VOTE FOR DAVE!!!! Hey CISSPs! Our very own Dave Lewis is running for the ISC2 board, so if you have that (worthless) piece of paper, then get off your hind section and sign Dave’s petition. Significant and much-needed change is coming to the ISC2. And they don’t know what they are in for. It will start with the Brick of Enlightenment.
- Adrian Lane: Hacker Camp Recount. Very cool!
- Rich: Bill Brenner slams vendors for their useless briefings. I hope all marketing people read this. But keep in mind that the needs of a journalist are different than those of an analyst, which are different than those of a prospect in a sales situation. Tune the deck for the audience.
Project Quant Posts
- Malware Analysis Quant: Index of Posts.
- Malware Analysis Quant: Metrics – Monitor for Reinfection.
- Malware Analysis Quant: Metrics – Remediate.
- Malware Analysis Quant: Metrics – Find Infected Devices.
- Malware Analysis Quant: Metrics – Define Rules and Search Queries.
Research Reports and Presentations
- Understanding and Selecting Data Masking Solutions.
- Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks.
- Implementing and Managing a Data Loss Prevention Solution.
- Defending Data on iOS.
- Malware Analysis Quant Report.
- Report: Understanding and Selecting a Database Security Platform.
- Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform.
Top News and Posts
- Hoff on SDN. It’s possible Rich and Hoff will team up again for RSA, and perhaps they will cover this material and combine it with Rich’s data and app-level automation research. Maybe.
- Amazon Glacier. $.01 per GB. Holy. Crap.
- McAfee update breaks computers.
- FBI surveillance backdoor might be open to hackers.
- New agnostic malware aimed for Macs, now virtual machines.
- TSA Researches Avatars For Airport Security Checkpoints. No chance this could go wrong. I want to be first to predict that one of these will be abducted and show up at DefCon. Most likely with unusual appendages attached.
- Shamoon, Saudi Aramco, And Targeted Destruction.
- Aramco Threatened With New Attack.
- Top 5 Deadliest Mobile Malware Threats Of 2012.
- U.S. Customs Tracks Millions Of License Plates And Has Shared Data With Insurance Firms.
- iPhone targeted Malvertising.
- AMD and Philips hacked by r00tbeer.
- DOJ National Security Division Pursuing Cyber Espionage. This should be interesting, as it’s a domestic and international problem. I’m betting the attorneys will go after domestic cases first to hone their technique.
- Common misconceptions of password cracking. Good post by Robert Graham. After speaking with some people at Black Hat, it seems that a cluster of GPUs can brute force their way through billions of password guesses per second. With a dictionary of common passwords this is fast and effective.
- Dude, you’re getting a SIG! $320 TV, or $2,200 rifle? I’m jealous.
- AT&T: Holding FaceTime Hostage Is No Net-Neutrality Breach.
Blog Comment of the Week
You reminded me of a story on BBC where they got a 13 year old to trade his ipod for a walkman for a week. Interesting to read his reactions to the tech – but made me feel old :-): Giving up my iPod for a Walkman.