Sorry, folks, I wrote the Summary yesterday and got so caught up in CU beating UNLV for our first NCAA Tournament win in 15 years that I forgot to actually post this.
Rich here. I’m going to pull a Rothman this week and go a little personal.
I have not only been a competitive athlete my entire life, but most of you have probably noticed that I have a somewhat competitive and achievement-oriented personality overall. Life may not be a video game, but I’m sure going to grab as many power ups as I can just in case.
From a certain perspective it’s selfish, because it’s all about what I can achieve, but for me it has always been more about exploring and challenging myself than beating others. I don’t mind losing as long as I played a good game. But I despise losing or doing poorly because I failed to perform.
I have tempered a bit with age, but I’m still a competitive SOB. Almost always against the unrealistic goals I set for myself.
But earlier this week that all went out the window.
My daughter turned 3 recently, which meant it was time for her to move up to the next swimming class. Phoenix is loaded with pools and open water, and childhood drownings are a big problem. We started her in swimming lessons when she was a little over a year old, and for the past 18+ months I have dutifully taken her (and later our younger daughter) to the insanely chlorinated pool where I jumped in, carried her around, and sang all the kiddie songs while she tried to drown herself when I wasn’t looking.
Until they’re 3, the parents are in the water with the kids. I really don’t want to think too much about why that pool has more chlorine in it than a chemical weapons plant.
I was a bit nervous this past week as I took her in for her first class where she wouldn’t have me in the water with her. You know how kids get attached to patterns, and this was certainly a big break. I dropped her off with the instructor and sat on the other side of the pool in the parent’s seats.
Holy crap did she kick ass.
Aside from listening better to the instructor than she ever does to me (annoying), it took all of 15 minutes for them to get her to jump in, roll over, and float on her back without help. I assumed I’d be bored out of my mind while she crawled along the edge of the pool for 30 minutes, but I sat there and couldn’t stop watching. Nearly 2 years of training (and play) came together all at once.
She probably won’t be in that class very long. And I figure by the time she’s 8 she will easily destroy my pathetic swim times.
When the kids pass major milestones they announce it to the entire school at the end of class and hand them ribbons for the achievements. Riley walked away with 3 that night. And as I tried to avoid tearing up, I realized those 3 ribbons meant more to me than nearly anything I have achieved in my own life.
For someone who is kind of an antisocial, competitive a-hole… that was entirely unexpected.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s Token Buyer’s Guide, next week.
- Rich quoted in the New York Times on protecting tax documents.
- A small quote from Rich on Anonymous hacking Panda security.
Favorite Securosis Posts
- Adrian Lane: Defending Enterprise Data on iOS: Introduction. This is starting out to be a very good series.
- Mike Rothman: Mr. Market Says Security is Winning. Love being a contrarian, and Rich goes contrary to most convention (read echo chamber) thinking in this post…
- Mike’s Watching the Watchers post. Start of a new series on Privileged User Management, which is warming up.
Other Securosis Posts
- Defending Enterprise Data on iOS: Introduction.
- Defending iOS Data: iOS Security and Data Protection.
- Data Flow on iOS.
- Incite 3/14/2012: My Kind of People.
- Mr. Market Says Security Is Winning.
Favorite Outside Posts
- Adrian Lane: Let’s look these gift horses in the mouth. The “ungrateful bastard” who wrote this and I agree on many things, this one included. But where I keep my mouth shut and simply accept what I get, Jack does the right thing and points to where we need to be.
- Mike Rothman: My Networking Beliefs. As an old networking guy, I definitely appreciate this post by Greg Ferro. Lots of truth in here.
- Rich: Mozilla knew of Pwn2Own bug before CanSecWest. This is really funny, in a terribly geeky way.
Research Reports and Presentations
- Network-Based Malware Detection: Filling the Gaps of AV.
- Tokenization Guidance Analysis: Jan 2012.
- Applied Network Security Analysis: Moving from Data to Information.
- Tokenization Guidance.
- Security Management 2.0: Time to Replace Your SIEM?
- Fact-Based Network Security: Metrics and the Pursuit of Prioritization.
- Tokenization vs. Encryption: Options for Compliance.
Top News and Posts
- Patch Windows NOW!!! Major wormable vulnerability out.
- BBC attacked by Iran?
- How MAPP may help bad guys (due to lazy vendors).
- TSA Pre-Check lets you travel like it’s the year 2000. Talk about the ultimate proof that it’s all security theater.
- Someone leaked proof of concept code for the Microsoft RDP vulnerability.
- Windows Azure Outage.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Rory and Dre (they both contributed so much), in response to Defending iOS Data: iOS Security and Data Protection .
@dre so it sounds like we’re talking about the difference between practical and theoretical here.
I’d agree that theoretically iPad2/3/iPhone 4S are vulnerable to a DFU mode exploit if one is found
but that currently there is no publicly available DFU mode exploit for iOS 5 running on an A5 based device (iPad 2/iPhone 4S) and that current publicly available jailbreaks can’t be done from a locked/powered off device.
@ Rory: Yes, but the EMF and Dkey keys are still available immediately, meaning that you can still gain instant access to the non-protected data areas and insert a backdoor there. The real issue here is partial (not full) disk encryption.
Also, there are definitely DFU mode kernel exploits for A5 processor devices up to 5.0.1, including the iPad 2 (which I own and is 5.0.1 untethered jailbroken) and iPhone 4S. You’ll also notice that these devices ARE listed by the forensics providers I’ve mentioned in the previous threads on this topic.
I realize that there are no current exploits for 5.1 or for the iPad 3. You also realize that there will be in very little time, and any funded organization could certainly stay one step ahead of the other adversaries of this platform.