Hi folks, Dave Lewis here, and it is my turn to pull the summary together this week. I’m glad for the opportunity. So, a random thought: I have made a lot of mistakes in my career and will more than likely make many more. I frequently refer to this as my well-honed ability to fall on spears.
The point? Simple.
This is a learning opportunity that people seldom appreciate. Much like toddlers, we learn to walk by mastering the fine art of the faceplant. We learn in rather short order that we really don’t care for the experience of falling on our faces, and soon that behavior is corrected (for most, at least). So why, pray tell, do we continue to suffer massive data breaches? Not a week goes by without some major corporation or government body announcing that they have lost a USB drive or had a laptop stolen. Have we not learned yet that “face + floor = pain” is not an equation worthy of an infinite loop?
Just my musing for this week.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich quoted by The Macalope.
- Adrian’s DR paper: Security Implications Of Big Data.
- Rich quoted on Watering Hole Attacks.
- Adrian’s DR post: Database Security Operations.
- Mike’s DR post: You’re A Piece Of Conference Meat. snort
Favorite Securosis Posts
- Rich: 1 in 6 Amazon Web Services users can’t read. This seriously tweaked me. And don’t give me guff for picking my own post – no one else posted this week. You’d think with 3 full timers and 6 contributors, someone else…
- Adrian Lane: Proposed California Data Law Will Affect Security… but it will take quite a while before companies take it seriously.
- David Mortman: Flash! And it’s gone…
- Dave Lewis: Defending Cloud Data: How IaaS Storage Works.
Other Securosis Posts
- Cybersh** just got real.
- Proposed California Data Law Will Affect Security.
- Brian Krebs outs possible Flashback malware author.
- Appetite for Destruction.
- Get Ready for Phone Security and Regulations.
- IaaS Encryption: Understanding Encryption Systems.
- An article so bad, I have to trash it.
Favorite Outside Posts
- Rich: Activists on Front Lines Bringing Computer Security to Oppressed People. Lives really are at stake for these people. Mike Mimoso is doing a great job with this coverage.
- Adrian Lane: IT for Oppression. And I just thought this was IT culture.
- Dave Lewis: Googlers exultant over launch of Blink browser engine. Google rolls their own browser engine. This should be interesting.
- Dave Mortman: Building Technical Literacy in Business Teams.
- James Arlen: Delivering message w/ impact && Announing our ‘Reverse Job Fair’. This should be a brilliant workshop.
Top News and Posts
- New PoS malware. That’s “point of sale”, not the other thing. Sometimes.
- How to Dress Like a Cyber Warrior OR Looking Like a Tier-Zero Hero. This amused me far more than it should have.
- Bill would allow bosses to seek Facebook passwords.
- …and then Amendment aimed at workers’ passwords pulled.
- Apple’s iMessage encryption trips up feds’ surveillance. Because encrytion is haaaard. (h/t James Arlen).
- Aaron Swartz’s Prosecutors Were Threatened and Hacked, DOJ Says. I’ll just bite my tongue
- Honeypot Stings Attackers With Counterattacks.
- Top 10 Web Hacks 2012.
- FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
- Attempted child abduction thwarted when girl asks stranger for code word. This article caught my eye for the brilliant simplicity for keeping your kids safe.
Blog Comment of the Week
This week’s best comment goes to Nate, in response to 1 in 6 Amazon Web Services Users Can’t Read.
I’d go out on a limb and wager a good portion of those open buckets were setup by non-IT groups who used Amazon as an end around governance and process. I’d also wager a fair number just used one of the available tools to manage their S3 because they don’t really understand the technology and that tool set the bucket to public unbeknownst to them. That means even if they received and read the email above, they probably didn’t understand it. Is that Amazon’s fault? Absolutely not. It does highlight the issue of kicking governance down the road to IT rather than dealing with it at a business level so it can be easily avoided, or focusing governance only on dollars so small opex spends fly under the radar. Unless business leaders start caring about governance and process a whole awful lot, nothing is going to get better, it’s not. Sorry, the kids have been watching the Lorax movie non stop lately.