Friday Summary - October 16, 2009
All last week I was out of the office on vacation down in Puerto Vallarta. It was a trip my wife and I won in a raffle at the Phoenix Zoo, which was pretty darn cool.
I managed to unplug far more than I can usually get away with these days. I had to bring the laptop due to an ongoing client project, but nothing hit and I never had to open it up. I did keep up with email, and that’s where things got interesting.
Before heading down I added the international plan to my iPhone, for about $7, which would bring my per-minute costs in Mexico down from $1 per minute to around $.69 a minute. Since we talked less than 21 minutes total on the phone down there, we lose.
For data, I signed up for the 20 MB plan at a wonderfully fair $25. You don’t want to know what a 50 MB plan costs. Since I’ve done these sorts of things before (like the Moscow trip where I could never bring myself to look at the bill), I made sure I reset my usage on the iPhone so I could carefully track how much I used.
The numbers were pretty interesting – checking my email ranged from about 500K to 1MB per check. I have a bunch of email accounts, and might have cut that down if I disabled all but my primary accounts. I tried to check email only about 2-3 times a day, only responding to the critical messages (1-4 a day). That ate through the bandwidth so quickly I couldn’t even conceive of checking the news, using Maps, or nearly any other online action. In 4 days I ran through about 14 MB, giving me a bit more space on the last day to occupy myself at the airport.
To put things in perspective, a satellite phone (which you can rent for trips – you don’t have to buy) is only $1 per minute, although the data is severely restricted (on Iridium, unless you go for a pricey BGAN). Since I was paying $3/minute on my Russia trip, next time I go out there I’ll be renting the sat phone.
So for those of you who travel internationally and want to stay in touch… good luck.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s Dark Reading post on Getting Around Vertical Database Security.
Favorite Securosis Posts
- Rich, Mort, and Adrian: Which Bits Are the Right Bits. We all independently picked this one, which either means it’s really good, or everything else we did this week sucked.
- Meier: It Isn’t Risk Management If You Can’t Lose.
Other Securosis Posts
- Where Art Thou, Security Logging?
- IDM: Reality Sets In
- Barracuda Networks Acquires Purewire
- Microsoft Security Updates for October 2009
- Personal Information Dump
Favorite Outside Posts
- Rich: Michael Howard’s post on the SMBv2 bug and the Microsoft SDL. This kind of analysis is invaluable.
- Adrian: Well, the entire Protect the Data series really.
- Mortman: Think, over at the New School blog.
- Meier: Security Intelligence: Attacking the Kill Chain. (Part three of a series on security principles in network defense.)
Top News and Posts
- Mozilla Launches Plugin Checker. This is great, but needs to be automatic for Flash/QuickTime.
- Air New Zealand describes reason for outage. Not directly security, but a good lesson anyway. I’ve lost content in the past due to these kinds of assumptions.
- Google to send information about hacked Web sites to owners.
- Details of Wal-Mart’s major security breach.
- Greg Young on enterprise UTM and Unicorns.
- Microsoft fixes Windows 7 (and other) bugs.
- Delta being sued over email hack.
- 29 Bugs fixed by Adobe.
- California County hoarding data.
- Mozilla Plugin Check.
- Paychoice Data Breach.
Blog Comment of the Week
This week’s best comment comes from Rob in response to Which Bits are the Right Bits:
Perhaps it is not well understood that audit logs are generally not immutable. There may also be low awareness of the value of immutable logs: 1) to protect against anti-forensics tools; 2) in proving compliance due diligence, and; 3) in providing a deterrent against insider threats.