Friday Summary: January 18, 2013By Rich
I will not write about Manti Te’o.
I will not write about Manti Te’o.
I will not write about Manti… ah hell, who am I kidding.
Wednesday afternoon I was about to head out to meet a buddy for happy hour when he texted that he would be late because of getting caught up in the story (which had just broken). That was cool – I was in the middle of the same article. (If you don’t know what I’m talking about, this should get you up to speed.
I admit I’m not the biggest pro sports guy in the world. I enjoy sports, especially football, and played in high school, but years of living in Colorado and spending my winter weekends hunting for fresh powder broke the habit. Living in Phoenix now, I have tried to get back into it, but even if I can snag a TV from my young kids to watch a game, the odds are very high that they will hunt me down to play with them. Seriously, I can’t even take a morning constitutional in peace anymore.
Back to Te’o.
It is barely conceivable to me that he wasn’t somehow in on it. If this was a catfish, it is one of the best in history (and Te’o should be sent back to community college for remedial reality training). Plus, his family also had to be in on it for their statements to make sense. And let’s not forget the lazy reporters who clearly made s–t up.
No, Occam’s Razor likely applies, and Te’o had better sprint to Oprah’s couch before it cools down from Lance.
That’s right, it’s liar’s week in the sports world. The buddy I met for happy hour works part time as a sportswriter, and our conversation naturally shifted from Te’o to Lance because I’m big into cycling.
As the Lance saga continues I can’t but help be perplexed at the quintuple standard applied to different sports. A lot of people like to call cycling the dirtiest sport out there, but these days it has the strictest performance enhancing drug controls of any professional sport.
Not that there still isn’t cheating – it is rampant. When I was out for the Tour last summer the rumor was that the only teams racing solidly clean were Garmin-Sharp-Barracuda (my hosts) and Sky. There were a lot of other clean riders, but more as individuals rather than being on a clean team that managed their own testing to keep things that way. And guess what? A rider from a clean team won the Tour despite battling the dopers.
This was possible because the program limits the degree to which people can cheat. Unlike back in Lance’s day, the bio-passport system basically puts a hard limit on how much a rider can enhance without triggering alarm bells.
Now go watch some football this weekend. If you think a 300+ pound lineman can legitimately runs a sub-5.0 40, I have a really cute girl on Facebook you should meet.
Cycling gets a lot of guff because the riders get caught more, and for some reason people want clean riders. Maybe because, unlike football, a weekend cyclist can directly compare their stats to a pro. Talking with my sportswriter friend, he mentioned they have published articles on potential PEDs in football and no one cares. This despite the fact the increased player size and speed directly correlate to worse injuries and the current problems with traumatic brain injuries.
We want our gladiators and we want them big. Sports is entertainment and Sports Center is no different than People Magazine in the end. We want our scandals, heroes, and blood sacrifices, no matter the costs.
Just like our… —–, but I won’t go there.
Crud. I meant this intro to end with humor.
A linebacker, a cyclist, and Oprah walk into a bar…
… never mind.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Mike quoted by Reuters on Cisco’s network security competitiveness.
- Mike quoted in the Merc about Cisco’s network security (missed) opportunity.
- Adrian’s Dark Reading Post on DB Threats and Countermeasures.
- Rich’s excellent TidBITS post on Apple’s Security Efforts in 2012.
- Adrian’s Dark Reading post on Big Data Security Recommendations.
Favorite Securosis Posts
- Adrian Lane: Emotional Whiplash. Mike nailed it. And I only saw the first and fourth quarters!
- Mike Rothman: Does Big Data Advance Security Analytics? Adrian wins buzzword bingo this week. But the post is important because both Big Data and Security Analytics will be front and center in a lot of security marketing this year.
- David Mortman: Don’t be a douche… So much for family friendly, eh, Mike?
- Rich: A different kind of APT. Mike totally stole this one from me.
Other Securosis Posts
- The Fifth Annual Securosis Disaster Recovery Breakfast.
- My DHS Beats Your FDA.
- Understanding IAM for Cloud Services: Integration.
- Time to Play Nice with SCADA Kids.
- Beware of Self-Proclaimed Experts.
- Mobile Identity–WTF?
- Help Me Pick My Next Paper Topic.
- Bolting on Security – at Scale.
- Let’s Get Physical – Road Rules Edition.
- Happy Out of Cycle IE Patch Monday.
- You Can’t Handle the Truth.
Favorite Outside Posts
- Adrian Lane: Five Mitzvahs of Cloud Computing. Leverage what you’ve got, point 4, is dead-on!
- Mike Rothman: Steak Drop. Physics FTW. If you ever asked yourself “From what height would you need to drop a steak for it to be cooked when it hit the ground?,” then you need to read this xkcd What-if? post. I wonder if the answer changes if you use a veggie burger?
- James Arlen: Great stuff in here: NERC CIP V5 is Coming. Places emphasis on the automation of data collection to enable compliant operations. More automation is useful – but much like with banking, you need to be able to do it by hand before you get infatuated with a system.
- David Mortman: Notes on distributed systems for young bloods.
- Rich: The Verge on Vegas casinos battling cheating. I’m fascinated by casino security.
Research Reports and Presentations
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
- Understanding and Selecting Data Masking Solutions.
Top News and Posts
- MasterCard Releases Mobile POS Best Practices.
- Community Analysis – OpenStack vs OpenNebula vs Eucalyptus vs CloudStack. Nothing to do with security, but this is an interesting look at the popularity of various IaaS development communities as a proxy for health and market share.
- It’s all about cheeseburger risk.
- US power plant hit by USB malware. Just like Stuxnet… but here.
- Oracle only fixed one of two Java bugs.
Blog Comment of the Week
This week’s best comment goes to Chort, in response to Beware of Self-Proclaimed Experts.
I’ve seen a lot of people saying it’s impossible to get rid of IE and Java in an enterprise, but we’re actually on a path to do it (company size ~500 employees). We have one department that needs IE, and one application used company-wide that uses a Java browser plug-in.
We’re in the process of migrating off the application that requires Java browser plug-in, then we’ll shut it off enterprise-wide and require exceptions for the inevitable handful of people who “need” it for some niche process. Similarly, we’re deploying system management software that will allow us to restrict software by department, so only the departments who can’t migrate off flagrantly unsafe software will be able to use it.
Giving impossible advice is problematic, but I’m reminded of the thought “The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” If no one actually tries to do any of these unreasonable things, nothing substantial will change.
Remember, everyone thought Apple was insane to ban Flash, but the result was Adobe working much, much harder to make Flash safer and industry-wide migration away from it as a platform. Arguably user experience is much better today since developers can no longer take the lazy route of assuming every device will have Flash support.
TL;DR Practical is good, but great gains are rarely made by being pragmatic.