How many of you had the experience as a child of wandering around your grandparents’ house, opening a cupboard or closet, and discovering really old stuff? Cans with yellowed paper or some contraption where you had no idea of its purpose? I had that same experience today, only I was in public. I visited the store that time forgot. My wife needed some printer paper, and since we were in front of an Office Max, we stopped in. All I could say was “Wow – it’s a museum!”
Walking into an Office Max looked like someone locked the door on a computer store a decade ago and just re-opened it. It’s everything I wanted for my home office ten years ago. CD and DVD backup media, right next to “jewel cases” and CD-ROM shelving units! Day planners. Thumb tacks. S-Video cables. “Upgrade your Windows XP” guide. And video games from I don’t know when, packaged in bundles of three – just what grandma thinks what the grandkids want. It’s hard to pass up Deal or No Deal, Rob Schneider’s A Fork in the Tale, and Alvin and the Chipmunks games on sale!
I don’t know about most of you, but I threw away my last answering machine 9 years ago. I have not had a land line for four years, and when I cancelled it I threw out a half-dozen phones and fax machines. When I stumbled across thermal fax paper today, I realized that if I were given a choice between a buggy whip and the fax film … I would take the buggy whip. The whip has other uses – fax paper not so much.
It’s amazing because I don’t ever think I have seen new merchandise look so old. I never thought about the impact of Moore’s law on the back end of the supply chain, but this was a stark visual example. It was like going to my relatives’ house, where they still cling to their Pentium-based computer because it “runs like a champ!” They even occasionally ask me whether it is worth upgrading the memory!?! But clearly that’s who Office Max is selling to. I think what I experienced was the opposite of future shock. I found it unfathomable that places like this could stay in business, or that anyone would actually want something they sold. But there it is, open daily, for anyone who needs it.
Maybe I am the one out of touch with reality – I mean how feasible is it financially for people to keep pace with technology. Maybe I have unrealistic expectations. I know I still have that uneasy feeling when throwing out a perfectly good fill in the blank, but most of the stuff we buy has less useful lifespan than a can of peaches. So either I turn the guest room into a museum to obsolete office electronics, or I ship it off to Goodwill, where someone else’s relatives will find happiness when they buy my perfectly good CRT for a buck.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Favorite Securosis Posts
- Rich: The Age of Security Specialization is Near! “Even doctors have to specialize. The scope of the profession is too big to think you can be good at everything.”
- Adrian Lane: The Age of Security Specialization is Near!
- Mike Rothman: Friday Summary (OS/2 Edition). Yes, Rich really admitted that he paid money for OS/2. Like, money he could have used to buy beer.
- David Mortman: Incomplete Thought: HoneyClouds and the Confusion Control.
Other Securosis Posts
- Incite 6/28/2011: A Tough Nit-uation.
- When Closed Is Good.
- File Activity Monitoring Webinar This Wednesday.
- How to Encrypt IaaS Volumes.
Favorite Outside Posts
- David Mortman: Intercloud: Are You Moving Applications or Architectures?
- Rich: The Cure for Many Web Application Security Ills. This is high level, but Kevin Beaver makes clear were you should focus to fix your systemic app sec problems.
- Adrian Lane: JSON Hijacking. Going uber-tech this week with my favs – and BNULL’s Quick and dirty pcap slicing with tshark and friends.
- Mike Rothman: Know Your Rights (EFF). Even if you don’t hang w/ Lulz, the Feds may come a-knocking. You should know what you must do and what you don’t have to. EFF does a great job summarizing this.
- Gunnar: Security Breaches Create Opportunity. The Fool’s assessment of Blue Coat (and other security companies)
Project Quant Posts
- DB Quant: Index.
- NSO Quant: Index of Posts.
- NSO Quant: Health Metrics–Device Health.
- NSO Quant: Manage Metrics–Monitor Issues/Tune IDS/IPS.
- NSO Quant: Manage Metrics–Deploy and Audit/Validate.
Research Reports and Presentations
- Security Benchmarking: Going Beyond Metrics.
- Understanding and Selecting a File Activity Monitoring Solution.
- Database Activity Monitoring: Software vs. Appliance.
- React Faster and Better: New Approaches for Advanced Incident Response.
Top News and Posts
- Rootkit Bypasses Windows Code Signing Protection
- Take a bow everybody, the security industry really failed this time. Surprised nobody picked this as a weekly favorite, but it’s too good not to list.
- eBanking Security updated via Brian Krebs. What will be very interesting to see is how firms comply with the open-ended requirements.
- Defending Against Autorun Attacks. In case you missed this tidbit.
- Robert Morris, RIP.
- Jeremiah knows your name, where you work, and where you live (Safari v4 & v5).
- Google Chrome Patches.
- Branden Williams asks if anyone wants stricter PCI requirements. Well, do you?
- LulzSec Sails Off. Apparently like Star Trek, only they completed their mission in 50 days. Or something like that…
- MasterCard downed by ISP. No, that’s not a new hacking group, just their Internet Service Provider.
- Google Liable for WiFi scanning.
- U.S. Navy Buys Fake Chips.
- iPhone Passcode Analysis.
- Groupon leaks entire Indian user database.
Blog Comment of the Week
The Security generalist is going the Way of the IT generalist. they are just less and less relevant. What fascinates me is the specialties that are being merged into other specialties. Firewall and IPS are converging. Vul management and GRC. Which of the security specialties will survive the game of musical chairs?
Also as part of the equation is the degree of emotional investment some IT SEC generalist have in obsolete methods and technologies. You can never (IMO)outsource security completely. But Security operations?
The article raises lots of good questions