Friday Summary: June 8th, 2012By Adrian Lane
For whatever reason, I picked up a copy of a magazine my wife received as part of her interior design study work. I was absent-mindedly thumbing through it, waiting for the microwave to heat my coffee, when suddenly one of the the pictures made me stop and pay attention. It was a picture of a woman in a red leather catsuit, posed seductively by a stove. WTF? What is this ad trying to tell me? I must really not be part of their target market – but who is their target market? And another picture, this time a woman on top of a Mercedes, wearing a showgirl costume with lots of makeup. And then a woman with several ‘handymen’ fixing stuff around the house. And so on. Now, I bought a fancy Miele dishwasher, but I didn’t notice my wife responding with a racy outfit. In fact I’m pretty sure “sexy” and “kitchen appliance” are at opposite ends of her universe. I dug a bit deeper, and saw that the articles were on with topics such as: how to keep your junk drawer organized, and the best way to store linen napkins and flatware. I dove into the pile of magazines: Architectural Digest. Cote Sud. English Country Living. They are filled with the same type of content, regardless of country. All I could think was, “Who are they selling this stuff to, exactly?”
So I asked my wife. She answered, “It’s all fantasy. They selling women a fantasy about a lifestyle or a way of living they don’t currently have. In some cases it’s what they aspire to, in other cases it’s like a virtual dollhouse. And if people feel they need to go there, they ought to buy a doll house first – have you seen the prices on that stuff?” I looked a little taken aback, so my wife added “Your magazines are the same, that stereo porn you read. It’s all a fantasy.” I say “Nuh-uh. That’s all … wait a minute.” Was she right?
I leafed through a couple copies of Stereophile and TAS. Yeah, there are some similarities, posing products in the home. And what the hell is that woman doing on the sofa next to those speakers? I look at some of the home theater trade rags, and now I think she’s got me. Oh, man, I feel silly. Looking for an exception to the rule she’s just thrown down, I think “Ah-ha!” – that can’t be true for business and technology! I go to the land where old technology magazines go to die: the guest bathroom. There must be some old copies of CIO or NetworkWorld, or some such nonsense from way back in 2008 to counter her argument. “My kingdom for a copy of Red Herring!”, and then I found several old magazines. Surely IT can’t be selling fantasy!?!
But holy crap, there it was: Cartoons of Microsoft users brandishing swords and holding shields, teaming up to slay mythical IT problems as if they were in some Tolkienesque adventure. The ads show paperless offices, consumer personalization, private clouds, and great ideas that spawn success. User-friendly. Cost-effective. Interactive. Proactive! And then it happened: an ad spoke to me. A Citrix advertisement with a giant hand crushing servers. I must admit I have had that fantasy several times! When pulling an all-nighter in an over-chilled data center because some effing patch wouldn’t apply properly, I would have loved nothing better than to throw that machine out the third-floor data center window.
So it was true – it’s all fantasy, and vendors are selling a dream. Even in technology and security, where I thought we were more grounded. With the slow death of print media, websites are not quite as in-your-face about it, but it’s still there. Granted, my experiences never included happy twenty-something models with trendy clothes, all smiling at each other like they just got laid. It was old T-shirts, yesterday’s unshaven faces, and lots of empty diet Pepsi cans in a sea of fast food wrappers. IT technology articles are just as driven by fantasy indulgence as English Country Living, and compared to real everyday lives they are just as absurd.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s 15 Ways to Get More From Log Files, at Dark Reading.
- Mike quoted on the “Renaissance Information Security Professional”.
Favorite Securosis Posts
- Adrian Lane: Understanding Data Encryption Systems. This is a very simple way to visualize encryption & key management deployments.
Other Securosis Posts
- Incite 6/6/2012: Universally Awesome.
- Understanding and Selecting Data Masking: Technical Architecture.
- Friday Summary: June 1, 2012.
Favorite Outside Posts
- Adrian: Jamming Tripoli: Inside Moammar Gadhafi’s Secret Surveillance Network. Long but very interesting article about Internet surveillance. And the sales pitch for surveillance products to the Libyan Government cracked me up – something about “the constant struggle against criminals and terrorism”. Our own Chris Pepper pointed out that it all “sounded unpleasantly familiar.” Ask yourself again why privacy protections are not built into every email tool? Because they would make it very difficult to collect intelligence and monitor rivals – in every country, not just Libya.
- Rich Mogull: Rob Graham’s Confirmed: LinkedIn 6mil password dump is real. Solid analysis.
Project Quant Posts
- Malware Analysis Quant: Index of Posts.
- Malware Analysis Quant: Metrics – Monitor for Reinfection.
- Malware Analysis Quant: Metrics – Remediate.
- Malware Analysis Quant: Metrics – Find Infected Devices.
- Malware Analysis Quant: Metrics – Define Rules and Search Queries.
- Malware Analysis Quant: Metrics – The Malware Profile.
Research Reports and Presentations
- Report: Understanding and Selecting a Database Security Platform.
- Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform.
- Watching the Watchers: Guarding the Keys to the Kingdom.
- Network-Based Malware Detection: Filling the Gaps of AV.
- Tokenization Guidance Analysis: Jan 2012.
- Applied Network Security Analysis: Moving from Data to Information.
- Tokenization Guidance.
Top News and Posts
- Crypto breakthrough shows Flame was designed by world-class scientists.
- Hiding Android Malware.
- MD5 password scrambler ‘no longer safe’.
- IE 10’s ‘Do-Not-Track’ Default Dies Quick Death.
- ‘Flame’ Malware Prompts Microsoft Patch via Krebs.
- CloudFlare’s Post Mortem. Not several updates.
- LinkedIn Passwords Leaked In Apparent Breach. Unsalted. Go ahead and change your password now.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Mike Logan, in response to Understanding and Selecting Data Masking: Series Introduction.
First I agree with your first point that the masking tools have grown up. Scripts were fine to do 1, 2 or 3 databases but when you need to do 100’s you need a method to the madness.
While it is true that masking tools have come a long way with the recent customer interest in data masking not all tools were created to do the same thing. Some were designed from the ground up to mask data others were originally designed to do something different ( archiving, subsetting, ETL ) and then added masking functionality on later. This is not necessarily good or bad but it does influence how the tool works and the skillset needed to use it.
I agree that masking is a more elegant solution if you are trying to reduce risk by limiting exposure of your sensitive data. Other technologies work as well but you need to make sure you understand what situations they address. Offshore developers are not going to get to far using encrypted data, while it should not impact a DBA’s work.