I had a really great Friday Summary planned. I was going to go all in-depth and metaphysical on something really important, with a full-on “and knowing is half the battle” conclusion at the end, tying it back to security and making you reevaluate your life.
That was before my 6-month-old decided to go to bed after 11pm, then wake up at 3am, and not go back to sleep until 5:15am. Followed by my 4.5-year-old waking me up at 6am because, although she knew it was too early, I forgot to put the iPad that she is allowed to watch until it’s time to wake us up in her room. Then there was the cat. That f***ing cat.
(It was my turn to take the baby… he had already wrecked my wife the nights before).
So someone is reevaluating their life, but it isn’t you.
Instead, I’m going to emulate Adrian: here is my stream of consciousness…
- Residential alarm companies don’t really like hackers/tinkerers. I have some extensive home automation and I want to pull alerts out of my alarm panel (without enabling control) to trigger certain things and use the sensors. The phone calls tend not to go well. They all have home automation packages they will gladly sell me, and usually after the third time I tell them I have thousands of dollars and tons of custom programming of my own system they finally get it. None of them want to let you access the panel you pay for because they are legitimately worried about false alarms. Can’t really blame them – I wouldn’t trust me either.
- I finally added some security cameras, mostly to watch the kids outside in the play pool when I have to run inside for my morning… constitutional. I’d like to put some in the play areas but I don’t like how intrusive they look. Need to figure that out.
- There is a bobcat in our neighborhood. It’s living in the yard of a house that has been effectively abandoned for 3 years because no one seems to know who actually owns or is responsible for it. The bank would sure like the cash, but doesn’t want to deal with maintenance. I smell one of those improperly handled mortgage paperwork situations. The bobcat has cubs and seems quite content to bounce around our backyards. Many neighbors are scared of it, despite, you know, scientific evidence. I mentioned on our community forum that their kids should be safe unless they leash the babies to a stake out in a backyard – that may not work out well.
- A bunch of neighbors would also like to gate our community due to a mild uptick in break-ins (the other reason for the alarm and camera updates). That would involve about 50 unmanned gates for 900 homes and 6,752 landscapers with keys, judging from the 24/7 blower noises around here. Seriously, we would have to give gate codes to easily over 10K people over the course of the first year. Then there is the maintenance, and if you gate a community you need to take over street maintenance. And there is no evidence that unmanned gates reduce crime. I live with a lot of very scared upper-middle-class people.
- Other people want to slather cameras all over our community. They don’t understand that no one watches them. Someone thought we would have a control center like a casino or something with security calling in drone strikes for suspicious vehicles. (I consider them a mild deterrent at best, and mostly useful for me to keep an eye on the kids when I need to take my morning constitutional). I mean cameras are mild deterrents – a few drone strikes would probably be pretty effective. Me? I think for a fraction of the long-term cost of either option we could hire additional security and off-duty police patrols. Incident response and active defense, baby!
- My 4.5-year-old and her best friend have decided which boys they are going to marry. In related news, I will be shopping for a gun safe this weekend.
- The new Lego Mindstorms EV3 is amazing. I’m a long-time fan of Lego robots, and this one is far more accessible to my young kids due to the ball shooter and iPhone/iPad control. I still need to do all the building and programming, but I’m working on getting them to tell me what they want it to do and break that down into discrete steps. They want me to build an “evil robot” so they can put on their super hero clothes and battle it. The 4.5-year-old has a nice Captain America shield (she was pissed the first time she threw it, because it didn’t come back), and the 3-year-old has a cool Fisher Price Spider-Man web shooter thing. Both girls, both started on super hero kicks without my influence, and both are totally awesome.
That’s all I got. Go buy Legos, watch out for bobcats, and don’t get involved in your community security program unless you want to realize how nice our infosec world is in comparison. Seriously.
One last note – good luck to everyone in Boulder. It’s very hard to watch the floods from the outside, but still a hell of a lot easier than what you all are going through. Stay safe!
On to the Summary. To be honest, due to the lack of sleep and my family walking in the door, it’s be a bit light this week…
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich presenting on cloud encryption next week.
- Rich wrote two articles on Apple’s Touch ID fingerprint sensor. You can read them at Macworld and TidBITS. They were both referenced by a ton of sites.
- Rich also quoted on Touch ID at the Wall Street Journal.
- Cloud IAM webcast next week: Check it out!
- Adrian’s DR post on PII and Entitlement Management.
- Another DR piece from Mike on “Talking Threats with Senior Management”.
- Mike’s latest DR column on the million bot network.
- Mike quoted in Dark Reading on Cisco/Sourcefire.
- Mike’s column in Dark Reading on M&A Success.
Favorite Securosis Posts
- Adrian Lane: Unprecedented and Shortsighted. The depth and breadth of the response to NSA spying caught me by surprise. Spying did not surprise me – sudden outrage did. But I think Rich has this right: mission creep.
- Mike Rothman: Rich’s Q&A on Fingerprint Scanning. It’s not really a Securosis post because it appears on TidBITS, but Rich’s Q&A is great. This technology will be big, and will bring 2FA to the masses. It’s about time.
- Rich: I think I was the only one who blogged, so meh.
Other Securosis Posts
- Oracle Quietly Adds (Possibly Major) Java Security Update.
- Incite 9/11/2013: Brave New World.
- What to do when your Twitter account is hacked.
Favorite Outside Posts
- Adrian Lane: Cloud SSO vs. Cloud IDM – There’s a Glitch in the Matrix. Good lessons through awesome retrospective from Ranjeet.
- Mike Rothman: Network Zen: All Feet Are Different. I really like Greg Ferro’s Network Zen series. As an old networking guy, it’s fun to apply these riddles of sorts to security practice. You see what I did there?
- David Mortman: Talented Team.
- Dave Lewis: CSEC Handed Over Control Of Encryption Standards To NSA: Report.
Research Reports and Presentations
- Identity and Access Management for Cloud Services.
- Dealing with Database Denial of Service.
- The 2014 Endpoint Security Buyer’s Guide.
- The CISO’s Guide to Advanced Attackers.
- Defending Cloud Data with Infrastructure Encryption.
- Network-based Malware Detection 2.0: Assessing Scale, Accuracy and Deployment.
- Quick Wins with Website Protection Services.
- Email-based Threat Intelligence: To Catch a Phish.
- Network-based Threat Intelligence: Searching for the Smoking Gun.
- Understanding and Selecting a Key Management Solution.
Top News and Posts
There are a few NSA-related items. We haven’t commented much on this since – before now it wasn’t directly related to information security. These articles indicate that we, as security professionals, now need to pay attention and evaluate what holes government programs introduced into our defenses. We are patriotic types (even the Canadians) and are looking at this issue with heavy hearts.
- The Road Warrior’s Lament: In Search Of The Perfect Carry-On.
- Security of Java takes a dangerous turn for the worse, experts say
- Zuckerberg: US government ‘blew it’ on NSA surveillance.
- Yahoo CEO Marissa Mayer on NSA data requests: ‘You don’t comply, it’s treason’.
- New York Times provides new details about NSA backdoor in crypto spec.