Friday Summary: February 22, 2013—Snow editionBy Adrian Lane
I spent half an hour yesterday morning shoveling snow from the walkways around my house. Most of you reading this will think “so what”, as you see snow on an all-too-regular basis. For me, living in Phoenix, snow is something that happens once every 30 years or so. So for the first time in my life I got a snow day – and it was fun. Only 2 inches, but still, a totally alien experience here on the surface of the sun. Better still, the dogs loved it:
Speaking of snow, have you seen these fat bikes? No? Coincidentally Wired did an article this week called Pondering the Point of Snow Bikes While Riding With Wolves. Extra-wide mountain bikes with 4-5” tires, designed for a bike version of the Iditarod. These are the ATVs of bikes and they go over just about everything.
I don’t want one because it snowed here for the first time since, I dunno, disco? I want one for the desert. For one simple reason: there is a lot of sand in the desert. And sand is a lot like snow to a bike. As an example, a few weeks ago I was barreling along on my mountain bike when I dropped into a wash – a dry river for those of you who live where there is rainfall – filled with sand. I went from 15mph to 0mph in about 7’. Needless to say, I was thrown. Several expletives went flying too. Then I bounced. More expletives and a sandy rash. Mountain bikes work great on mountain trails, but they don’t do sand or snow.
But there are miles and miles of sandy washes all over the desert. They are natural roadways for all the critters in the area, and provide an easy path through some pretty rough terrain, provided you don’t sink up to your axles. But these big ugly bikes go places bikes have not gone before. And great names to boot – Surly ‘Pugsely’, riding on 5” “Big Fat Larry” tires. Hogback. TRANS-Fat. Neck-Romancer. Beargrease. I was walking by a bike shop last week and they asked if I’d like to try a Salsa Mukluk, so I said ‘Yeah!’ Offering me a bike is a bit like giving an espresso and Corvette keys to a fourteen-year-old. What did I do? Rode it straight into a ravine! The surprise was it went right through – smooth sailing. It just floated over rock and sand. I’m hooked, but that seems like a boatload of money to spend on a bicycle. Then again, since I started working from home, I only put 30 miles on my car per month but 65 a week on the bike. And the mountain bike is way more fun than driving for groceries, so game on! Whenever my wife gives my wallet back, that is.
And before I forget, and in case you missed Rich’s tweet from earlier today, Gal Shpantzer (@shpantzer) is now an official Securosis Contributing Analyst!
See you all at RSAC next week!
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s Pragmatic Database Security Presentation.
- Adrian’s DR Post: Restarting Database Security.
- Rich at Macworld on removing Java from your Mac.
- Rich talks security geopolitics with Ryan Naraine at Security Week.
- Jamie at CSO Online on China and cyberware.
Favorite Securosis Posts
- Mike Rothman: The 2013 Securosis Guide to the RSA Conference. Yup, everyone else is going to pick the House of Cards post, so I’ll show a little love to our RSA Conference Guide. But understand that RSA is only an excuse for us to document our trends and key themes for the coming year. It’s really how we see the world of security, with a bunch of vendor booth grids thrown in for convenience.
- Adrian Lane: The 2013 Securosis Guide to RSA. There are some gems in here.
- David Mortman: Twitter and OAuth Access Loophole.
- Rich: Mike was wrong – no one else picked the House of Cybercards, so I’m picking my own damn post. Take that!
Other Securosis Posts
- Everything is a feature (in time).
- Understanding Cloud IAM: Implementation Roadmap.
- Incite 2/20/2013: Tartar Wars.
- Cars, Babes, and Money: It’s RSAC Time.
- Mandiant Verifies, but Don’t Expect the Floodgates to Open.
- Network-Based Threat Intelligence: Quick Wins with NBTI.
- AV’s False Sense of Security (and a possible Mac hack?)
- Facebook Hacked with Java Flaw.
- Trust us, our CA is secure.
- RSA Conference Guide 2013: Security Management and Compliance.
- Quantify Me: Friday Summary: February 15, 2013.
Favorite Outside Posts
- Mike Rothman: What your culture really says. Thought provoking post by Shanley. I have always under-appreciated culture, but that’s probably why I don’t work very well in a corporate environment. Anyhow, you never know what a company is really like until you are there every day, but these are some good things to consider. About any company, not just those in Silicon Valley.
- Adrian Lane: Chinese military hacker unit behind US attacks – YouTube. I needed some humor this week!
- David Mortman: How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App “Allow” Interaction).
- Rich: Colorado’s new CISO is revamping their security program on a $6K budget. As a former Colorado state employee, I had to pick this one.
Project Quant Posts
- Understanding and Selecting a Key Management Solution.
- Building an Early Warning System.
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
Top News and Posts
- The Mandiant Intelligence Center Report is the biggest news in security this week. If you have not read it, stop and read it. It’s good. It’s important. And it’s also important you form your own opinions.
- Introducing AWS OpsWorks, a Powerful Application Management Solution. I think we missed this last week.
- Apple releases fixes after its computers got hacked.
- Guns, Homicides and Data. In my best Keanu Reeves voice: “Wow”.
- U.S. Ups Ante for Spying on Firms.
- NBC Website HACKED.
- Red Dawn: Unit 61398 – Now What?. Amrit blogs! Amrit blogs!
- Android Jelly Bean adds a Secure Default for Content Providers.
- HIPAA’s New Breach Rules. A distillation by our friends at The New School.
- Critical Security Updates for Adobe Reader, Java via Krebs. Those are update 2^4.016 & ∏E16 for those of you keeping score.
- RIAA Says Google’s Anti-Piracy Search Algorithm Is Bogus
- PayPal Here coming to Europe.
Blog Comment of the Week
This week’s best comment goes to Fatbloke, in response to House of Cybercards.
And where is the “cyber” domain precisely? It’s the ruddy Internet, networks etc. The same places we have been attempting to defend for years. It is NOTHING new. The “Emperor’s New Clothes” if you will. New words describing the same old problems. It is total BS.
Here’s the problem: it is getting attention and funding and focus. This is a GOOD thing because it means SECURITY is getting funded and a revived focus. So do I ‘play the game’, even though it is total BS? That’s the problem, at least for me. And as Rich points out, the purpose of his post.