Friday Summary: November 29, 2012
When I visit the homes of friends who are Formula One fans on race day, I am amazed. At how fanatical they are – worse than NFL and college football fans. They have the TV on for pre-race action hours before it starts. And this year’s finale was at least in a friendly time zone – otherwise they would have been up all night. But what really amazes me is not the dedication – it’s how they watch.
Big screen TV is on, but the sound is turned off. The audio portion comes from a live feed from some other service, through their stereo – complete with subwoofer – to make sure they hear their favorite commentator. Laptop is on lap, browsers fired up so they can look up stats, peruse multiple team and fan sites, check weather conditions, and just heckle friends over IM. An iPad sits next to them with TweetDeck up, watching their friends tweet. If a yellow flag pops up, they are instantly on the cell phone talking to someone about what happened. They are literally surrounded by multiple media platforms, each one assigned the task it is best suited for.
But their interest in tech goes beyond that. Ask them stats about F1 engine development programs, ‘tyre’ development, or how individual drivers do on certain tracks, and they pour data forth like they get paid to tell you everything they know. They can tell you about the in-car telemetry systems that constantly send tire pressure, gear box temp, G-force analysis, and 100 other data feeds. Ask them a question and you get both a factual list of events and a personal analysis of what these people are doing wrong. It’s a layman’s perspective but they are on top of every nuance.
God forbid should they have to work over the weekend and only have access to a Slingbox and headphones. That’s just freakin’ torture. Those fantasy baseball people look like ignorant sissies next to F1 fans. They may not have Sabermetrics but they watch car telemetry like they’re in the Matrix. Perhaps it’s because in the US we don’t have many opportunities to attend F1 events that the ultimate experience is at home, but the degree to which fans have leveraged technology to maximize the experience is pretty cool to watch – or rather to watch them watch the race.
So when I get a call from one of these friends asking, “How do I secure my computer?”, or something like “Which Antivirus product should I use” or “Does Life Lock help keep me secure?” I am shocked. They immerse themselves in all sorts of tech and apps and hardware, but have no clue to the simplest security settings or approaches. So I’m sitting here typing up a “personal home computer security 101” email.
And congratulations to Sebastian Vettel for winning his third world championship – that puts him in very select company.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich and Martin on Network Security Podcast #297.
- Adrian’s Big Data Paper … synthesized.
- David Mortman is presenting at Sec-Zone next week.
- Adrian’s Dark Reading post: Database Threats and Countermeasures.
- Mike’s Dark Reading post: A Backhanded Thanks.
Favorite Securosis Posts
- Mike Rothman: Building an Early Warning System: External Threat Feeds. You can’t do it all yourself. So you need to rely on others for threat intelligence in some way, shape, or form.
- Adrian Lane: Incite 11/28/2012: Meet the Masters. I’m starting to think Mike was just being nice when he said he loved my collection of Heineken beer posters.
Other Securosis Posts
- New Paper: Implementing and Managing Patch and Configuration Management.
- Enterprise Key Managers: Technical Features, Part 2.
- Enterprise Key Manager Features: Deployment and Client Access Options.
- Building an Early Warning System: External Threat Feeds.
- Friday Summary: November 16, 2012.
Favorite Outside Posts
- Dave Lewis: Log All The Things.
- Mike Rothman: China’s cyber hackers drive US software-maker to brink. Disturbing story about how a well funded attack can almost bring down a small tech business. That said, if this guy’s pretty good business was at risk, why didn’t he bring in experts earlier and move his systems elsewhere to keep business moving forward? Sounds a bit like Captain Ahab. But it does have a sort of happy ending (h/t @taosecurity).
- Adrian Lane: Expanding the Cloud – Announcing Amazon Redshift, a Petabyte-scale Data Warehouse Service. I’ll write about this in the near future, but the dirt cheap accessibility of massive resources makes many analysis projects feasible, even for small firms.
Project Quant Posts
- Malware Analysis Quant: Index of Posts.
- Malware Analysis Quant: Metrics – Monitor for Reinfection.
- Malware Analysis Quant: Metrics – Remediate.
- Malware Analysis Quant: Metrics – Find Infected Devices.
- Malware Analysis Quant: Metrics – Define Rules and Search Queries.
- Malware Analysis Quant: Metrics – The Malware Profile.
- Malware Analysis Quant: Metrics – Dynamic Analysis.
Research Reports and Presentations
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
- Understanding and Selecting Data Masking Solutions.
Top News and Posts
- Banking Trojan tries to hide from security researchers.
- Microsoft is toast, here’s why.
- Student Suspended for Refusing to Wear a School-Issued RFID Tracker. No truth to the rumor that they later stapled the RFID tag to his forehead.
- All Banks Should Display A Warning Like This.
- Rackspace: Why Does Every Visitor To My Cloud Sites Website Have The Same IP Address?
- HP says its products sold unknowingly to Syria by partner.
- EU plans to implement mandatory cyber incident reporting.
- Chevron was a victim of Stuxnet.
- RSA Releases Advanced Threat Summit Findings (PDF)
Blog Comment of the Week
Is there really a need to move Key Management to a public cloud (of course with encryption etc like that of por ticor s)? they claim scalability would be one issue as the data grows the keys grow too , so better move KM too to cloud , is this valid ?