It is absolutely amazing how quickly time can rush past during the most momentous moments of your life. It was over three weeks ago that my daughter was born, and I’m still trying to figure out what the f&*% just happened. A lot of people made it sound like my life would suddenly crash to a halt as I vaulted into some other dimension of existence, but the changes, while massive, are also far more subtle and confusing. Needless to say, I blame the reduced sleep (which still isn’t as bad as it was in paramedic school).
While my personal life is changing, so is the world that is Securosis. You may have noticed my nearly complete lack of blogging the past couple of weeks. While I’d like to blame The Nugget, our changes on the corporate side are just as big. We’re close (oh so very close) to unveiling our new website, a major new public project, and a big influx of content. We’re so close that this blog is officially in maintenance mode as we get the last of the old content transferred to the new site, our templates cleaned up, and new content filled in. And the refresh is just the start; as we get the new site stable we are going to keep adding features and content, the vast majority of which will be, as always, free.
On a related note, we’re also working on our RSA schedules, and when the new site launches we will officially announce the Securosis Recovery Breakfast. I’d like to say we’re giving back to the community, but the truth is we’ll need the hangover relief just as badly as any of you.
And now for the week in review… at least what little of it I managed to notice:
Webcasts, Podcasts, Outside Writing, and Conferences:
- Rich presented “Building a Web Application Security Program” at the Phoenix SANS training. We’ll get it posted once we transfer over to the new site.
- Rich and Martin hosted another episode of The Network Security Podcast this week, covering some of the CanSecWest news and other happenings.
Favorite Securosis Posts:
- Rich: Adrian’s CanSecWest Highlights. I really need to go next year.
- Adrian: My post on Security Speedbumps.
Favorite Outside Posts:
- Adrian: Gunnar Peterson on security people in software development.
- Rich: John Gruber, at Daring Fireball, on Obsession Times Voice. This is pretty much the most important thing John has written about in a long time. Flat out- if you blog and are obsessed with numbers, you won’t achieve your goals. I barely check our stats, maybe once every other month, and once missed the fact that we had no stats for 3 or 4 months. It’s your passion for writing that brings in readers, not pandering for page views.
Top News and Posts:
- Botnet targets modems and routers. Yowza.
- Symantec drops call center after (manual) security breach. Good move on their part, as a security company they can’t screw around with situations like this.
- Bad hacker stole $10M from banks. Using SQL injection. In 2008. Pardon my language, but how fucking stupid do you need to be to allow SQL injection at a financial institution in 2008?!?! Jesus people, I realize security is hard but we don’t have to give them our fracking wallets on a silver platter. With a mint.
- It’s Cisco IOS Patch day.
Blog Comment of the Week:
Dre on Security Speedbumps:
No No No No No. Layers and defense-in-depth do not work unless you know YOUR OWN risks and point-solution defenses match the risks. “Layering for layering’s sake” does get adversaries poking right through billions of expensive layers. Don’t tempt me to argue against every point in this rant — you just set yourself up for massive failure.