Friday Summary: February 1, 2013
Plan. Build. Run.
It’s a pretty straightforward process. One of those things that is so simple we rarely need to even call it out. We tend to structure our research this way, even if we use different terms that are more consistent with the context at hand.
This morning my wife gave me one of those looks as I got all excited and mentioned our build phase was nearly over. You see, for the past four-plus years our lives have been in big-time family build mode. We knew we wanted kids, we planned a bit, and then started building the family.
What I didn’t realize was the sort of stasis that you get into when you cram build mode into a short timeframe (three kids in under five years for us). Nothing is ever stable when you bring children into the picture, but life sort of goes on hold when you are having kids, in a weird way that’s different from adjusting to the various changes as they grow up.
For example, our garage is chock full of strollers, baby clothes, and other accouterments. We can’t even throw away any toys because the next baby will need all the same stuff. Sophie the Giraffe ain’t cheap for a hunk of rubber, and it isn’t even worth pulling it out of rotation with our kids so close. I just know one day I will pull around the block and see a Hoarders film crew in front of my house.
Cars? Carseats? Daycare costs? Vacation plans? Even framing family photos is all messed up when you know the next little bugger is on the way.
I knew life would be more difficult with children, but I didn’t anticipate the time dilation as you put your life on hold for the build years. And let’s be perfectly clear – it is a hell of a lot easier on me than my wife. I’m not the one who has to plan my wardrobe nine months in advance.
As the rest of the Securosis team, and many of you, head out to RSA, I will be back here in Phoenix working on our Build-to-Run transition. Well, more like witnessing – it’s not like I’m doing any of the real work. The Mogull family will be in full production mode, and we can start slowly cleaning out the dev archives.
Er… maybe I’m working too much.
Anyway, I’m as excited to know that we have three happy and healthy kids, and no more, as I am to meet the new one for the first time (really, they aren’t very exciting for the first six or so months anyway). We can start moving forward and enjoy the few short years we will have them around to wreck our sleep, break our sh**, and otherwise teach us levels of emotional pain we can’t possibly imagine.
But damn, they’re cute. And while I miss the freedom of the pre-kid versions of our lives, this is exactly where I want to be at this point in my life. Without question or hesitation.
Really, they’re very cute.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Big Data Tweet-jam roundup.
- Adrian quoted on Big Data.
- Rich quoted in the Economist on Android security.
- Rich reviews his favorite fitness gadget for TechHive.
Favorite Securosis Posts
- Adrian Lane: No Limits – New York Times Hacked by China.
- Mike Rothman: Universal Plug and Play Vulnerable to Remote Code Injection. One of the things Adrian didn’t get in this post is that Rapid7’s tool requires Java. FAIL.
- David Mortman: IAM for cloud use cases.
- Rich: It it was easy, everyone would be doing it…
Other Securosis Posts
- Remember, every jailbreak is a security exploit
- Incite 1/30/2013: Email autoFAIL
- The Internet is for Pr0n
- Gartner on Software Defined Security
- The Graduate: 2013 Style
- Threatpost on Active Defense
- The Inside Story of SQL Slammer
- Java Moving from Ridiculous to Surreal
- Marketers take the path of least resistance
- Mobile Commerce Numbers Don’t Lie
- In through the Barracuda Back Door
Favorite Outside Posts
- Adrian Lane: Symantec Gets A Black Eye In Chinese Hack Of The New York Times. Low effectiveness, but who will remove it?
- Mike Rothman: Check Point, Juniper, Stonesoft shine in low-end network firewall test. I like the work NSS does to put these products through their paces. It can’t really reflect real world circumstances, but their tests are as close as we are going to get.
- Rich: Decoding SDN by Juniper. SDN is hitting, and it’s time to get up to speed on the fundamentals. David Mortman: Trust will make or break cloud ID management services.
- Rich (#2): Jeff Carr asks great questions on the NYT article.
Top News and Posts
- Twitter flaw allowed third party apps to access direct messages
- Google Tells Cops to Get Warrants for User E-Mail, Cloud Data
- Backdoors Found in Barracuda Networks Gear
- Speedtest.net serving malvertiseing.
- How Yahoo allowed hackers to hijack my neighbor’s e-mail account.
- Wikr updates iOS app. I like Wikr, but don’t have enough people to use it with.
Blog Comment of the Week
This week’s best comment goes to David, in response to Threatpost on Active Defense.
Rich, I am promoting using the term “Active Response Continuum” instead of “active defense” for the reason you cite, which is the term is too vague to be meaningful in discussion. The Active Response Continuum includes everything you list above, using two ranges (one capacity to respond, the other aggressiveness of actions). For more on this concept, see David Dittrich and Kenneth E. Himma. Active Response to Computer Intrusions. Chapter 182 in Vol. III, Handbook of Information Security, 2005. http://papers.ssrn.com/sol3/papers.cfm? abstract_id=790585 and my Honeynet Project blog post responding to someone promoting “active defense” http://www.honeynet.org/node/1004