I managed to take a couple days off last week, and got out of town. I went camping with a group of friends, all from very different backgrounds, with totally unrelated day jobs – but we all love camping in the desert. Whenever we’re BSing by the camp fire, they ask me about current events in security. There’s almost always a current data breach, ‘Anonymous’ attack, or whatever. This group is decidedly non-technical and does not closely follow the events I do. This trip the question on their minds was “What ‘s the big deal with SOPA?” Staying away from the hyperbole and accusations on both sides, I explained that the bill would have given content creators the ability to shut down web sites without due process if they suspected they hosted or distributed pirated content. I went into some of the background around issues of content piracy; sharing of intellectual property; and how digital media, rights management, and parody make the entire discussion even more cloudy.
I was surprised that this group – on average a decade older than myself – reacted more negatively to SOPA than I did. One of them had heard about the campaign contributions and was pissed. “Politicians on the take, acting on behalf of greedy corporations!” was the general sentiment. “My sons share music with me all the time – and I am always both happy and surprised when they take an interest in my music, and buy songs from iTunes after hearing it at my place.” And, “Who the hell pirates movies when you can stream them from Netflix for a couple bucks a month?”
I love getting non-security people’s reactions to security events. It was a very striking reaction from a group I would not have expected to get all that riled up about it. The response to SOPA has been interesting because it crosses political and generational lines. And I find it incredibly ironic that the first thing both sides state is that they are against piracy – but they cannot agree what constitutes piracy vs. fair use. One of my favorite slogans from the whole SOPA debate was It’s No Longer OK To Not Know How The Internet Works, accusing the backers of the legislation of being completely ignorant of a pervasive technology that has already changed the lives of most people. And even people who I do not consider technically sophisticated seem to “get it”, and we saw wit the ground-swell of support. I am willing to bet that continuing advances in technology will make it harder and harder for organizations like the RIAA to harass their customers. Maybe invest some of that money in a new business model? I know, that’s crazy talk!
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s OWASP presentation is live.
- Adrian’s Dark Reading post on The Financial Industry’s Effect On Database Security.
- Rich’s TidBITS posts: Mac OS X 10.8 Mountain Lion Stalks iOS & Gatekeeper Slams the Door on Mac Malware Epidemics.
Favorite Securosis Posts
- Mike Rothman: RSAG 2012: Application Security. Love Adrian’s summary of what you’ll see at the RSA Conference around AppSec. Especially since we get to see SECaaS in print.
- Adrian Lane: OS X 10.8 Gatekeeper in Depth. Real. Practical. Security.
Other Securosis Posts
- RSA Conference 2012 Guide: Key Themes.
- RSA Conference 2012 Guide: Network Security.
- Incite 2/15/2012: Brushfire.
- Friday Summary: February 10, 2012.
- [New White Paper] Network-Based Malware Detection: Filling the Gaps of AV.
- Implementing and Managing a Data Loss Prevention (DLP) Solution: Index of Posts.
- Implementing DLP: Starting Your Integration.
- Implementing DLP: Deploying Network DLP.
- Implementing DLP: Deploying Storage and Endpoint.
Favorite Outside Posts
- Mike Rothman: The Sad and Ironic Competition Within the Draft “Expert” Community. Whether you are a football fan or not, read this post and tell me there aren’t similarities in every industry. There are experts, and more who think they are experts, and then lots of other jackasses who think breaking folks down is the best way to make themselves look good. They are wrong…
- Adrian Lane: Printing Drones. I can think of several good uses – and a couple dozen evil ones – for something like this. Control and power will be a bit tricky, but the potential for amusement is staggering!
Project Quant Posts
- Malware Analysis Quant: Metrics – Build Testbed.
- Malware Analysis Quant: Metrics – Confirm Infection.
- Malware Analysis Quant: Monitoring for Reinfection.
- Malware Analysis Quant: Remediate.
- Malware Analysis Quant: Find Infected Devices.
- Malware Analysis Quant: Defining Rules.
- Malware Analysis Quant: The Malware Profile.
Research Reports and Presentations
- Network-Based Malware Detection: Filling the Gaps of AV.
- Tokenization Guidance Analysis: Jan 2012.
- Applied Network Security Analysis: Moving from Data to Information.
- Tokenization Guidance.
- Security Management 2.0: Time to Replace Your SIEM?
- Fact-Based Network Security: Metrics and the Pursuit of Prioritization.
- Tokenization vs. Encryption: Options for Compliance.
Top News and Posts
- Flash Player Security Update via Krebs, and a Java Security Update.
- Gatekeeper for Mountain Lion.
- Vote for Web Hacking Top Ten.
- No so random numbers lead to bad keys? Who Knew?
- Paget Demo’s Wireless Credit Card Theft.
- Carrier IQ Concerns.
Blog Comment of the Week
No comments this week. Starting to think our comments feature is broken. Oh, wait, it is!
Comments