It’s unbelievable how different growing up today is. When I was in elementary school in the late 70s, Pong was state of the art and a handheld Coleco football game would keep a little kid occupied for hours. When they came up with the Head to Head innovation, two kids would be occupied for hours. That was definitely a different type of Occupy movement. We also didn’t have 300 channels on the boob tube. We had 5 channels, and the highlight of the year was Monster Week. At least for me.

Most days I jumped on my bike to go play with my friends. Sometimes we played football. Okay – a lot of days we’d play football. It was easy – you didn’t need much equipment or a special field or anything. Just an even number of kids. I’m not sure what little girls did back in the day, since it was just me and my younger brother, but I’m sure it was similarly unsophisticated. We just played.

Why am I getting nostalgic? Basically because I’m frustrated. Today kids don’t play. They need to be entertained. The thing that makes me cringe most is when one of my kids tells me they are bored. Bored? This usually happens after I tell them 5 hours on the iPod touch is enough over the weekend. Or that the 3 hours they watched crappy TV in the morning is more than enough. I tell them to get a book and read. I tell them to play a game. Maybe use some of the thousands of dollars of toys in the basement. Perhaps even build something with Lincoln Logs. Or break out one of the 25 different Lego contraptions we have. Mostly I tell them to get out of my hair, since I’m doing important stuff. Like reading about the Super Bowl on my iPad. But I digress.

What ever happened to the 5 Best Toys of All Time? I’d add a football to that list and be good. That was my childhood in a nutshell. No more. Our kids’ minds are numbed with constant stimulation, which isn’t surprising considering that many of us are similarly numb, and it’s not helping us find happiness. Rich sent around this article over the weekend, and it’s right. We seem to have forgotten what it’s like to interact with folks, unless it’s via Words with Friends. Sometimes you need to slow down to speed up in the long run.

I know you can’t stop ‘progress’. But you don’t need to just accept it either. After XX1 realized I wasn’t going to cave and let her play on the computer, she spent a few hours writing letters to her camp friends. She painstakingly colored the envelopes, and I think she even wrote English. But what she wrote isn’t the point. It’s that there was no battery, power cord, or other electronics involved. No ads were flying at her head either. Amazingly enough, she overcame her boredom and was even a little disappointed when everyone had to get ready for bed.

It was a small victory, but I’ll take it. They don’t come along too often, since my kids are always right. Just ask them.

-Mike

Photo credits: “Mattel & Coleco H2H classics” originally uploaded by Vic DeLeon

Heavy Research

After a bit of a blogging hiatus we are back at it. The Heavy Research feed is hopping, so here are a couple links to our latest stuff. Please check them out and (as always) let us know what you think via comments.

• Implementing and Managing a Data Loss (DLP) Solution: Index of Posts: Rich will be updating this post with the latest in his ongoing series on DLP.
• Understanding and Selection Database Security Platforms: Rich and Adrian are updating their landmark DAM research from a few years ago. As with many things, what used to a single-purpose capability (DAM) is now a database security platform. Follow along as they explore exactly what that means.
• Bridging the Mobile Security Gap: The Need for Context: Got rid of those smartphones yet? No? Then you should be checking out this series on how to provision layered controls to maintain order, in light of the onslaught of all sorts of new devices.
• Malware Analysis Quant: Phase 1 – The Process: We have finished up Phase 1 of Malware Analysis Quant, and packaged up the process map and descriptions into a paper. Check it out, but please understand the process will continue to evolve as we keep digging into the research. We will launch the survey this week, so keep an eye out.

You can get our Heavy Feed via RSS, where you can access all our content in its unabridged glory.

Incite 4 U

1. Privacy and Google: Google’s new privacy policy has been making waves the last few days. For me it’s not so much about the policy – I’m nonplussed about that. Sure, I don’t like the Google’s non-anonymity posture. On the other hand it’s much easier to understand Google’s consolidated policy on privacy and the intentions behind it – for that they should be commended. Essentially it comes down to “use our stuff and we’ll use your data”, which is clear enough and completely unsurprising in light of their business model. Understand that an encrypted search provides an illusion of privacy, meaning nobody on the network you traverse should be able to see the query, but it does not mean your activity is not logged and indexed by Google (or your other search provider). Good or bad – you be the judge. The real question is what are you going to do about it? For me this is an important “rubber meets the road” milestone. And that’s too bad because I like using Google’s search engine – it is clearly the the best. Gmail is free and it works – but I don’t have an easy way to encrypt email running through my Gmail account so Google can’t read it. Which means I have to get off my lazy butt and stop using these tools, or accept that Google owns an online identity associated with me, and get used to it. That’s a non-starter for me so it’s time to stop using Google. – AL
2. What is a firewall anyway: Evidently ICSA Labs is the arbiter of what is a firewall and what isn’t. They, in their infinite wisdom, think F5’s Big-IP is a network firewall because it passed their test. I’m being a little facetious here, but we do see a general collapse of the different perimeter security devices to a common platform. Obviously we can’t call it UTM – that’s a bad word. But we see firewall vendors rolling out IPS capabilities and IPS vendors doing firewall stuff, and application controllers/load balancers being positioned as network security devices. So it’s time to be very clear, again. The perimeter is consolidating and these new perimeter security gateways will provide application-aware visibility and control, along with network-based malware detection. Call them what you will – I’ll let the Big G figure out the category name. But suffice it to say the land grab for perimeter real estate has already begun. – MR
3. Attacking the protectors: Last week we all focused on how Symantec’s AV code from 2006 had been compromised. It seems that wasn’t the only thing the attackers got, leaving pcAnywhere a flaming carcass by the side of the road. Symantec even went to so far as to tell users not to use it. Awesome. Now evidently pcAnywhere’s fixed, but this underscores a much bigger trend. Attackers are now going after the security technology used to protect stuff. It’s a logical next step in the arms race, but it appears many security companies are unprepared for their new role as obvious and high-value targets. Which means the RSA Conference may not be a vendor humpa-humpa, er, “business development”, show, forever. Most marketers bitch about not enough customers showing up at RSA, but now it seems prospects are all around them. Basically in every booth on the show floor. I also expect a run on high-end CISOs by bigger security companies. They will face crises of confidence unless they can take clear and decisive action to stop the bleeding. – MR
4. Who are you paying? StorefrontBacktalk has been steadily covering trends in point-of-sale payment options. They point out the issues around the new payment offerings from PayPal, which are worrisome. These systems definitely will process payments. But everything else is up for debate. So we need to ask some key questions. Like: are a phone number and PIN really adequate security? Especially given that hackers have harvested this data in the past from thousands of other firms, and can likely use it with credit cards now? How about chip and no PIN? Some merchants use branded mobile devices with a ‘Square’ attachment – does that fall under PCI, and if so how? Is it really the merchant’s device? How do you know? What about the liability of the consumer in the PayPal model if their credentials are hacked? If payment is ultimately fulfilled via credit card and not the bank account tied to the PayPal account, is the consumer liable for fraudulent charges? Overall we are losing ground on security with this payment land grab, and the winners will worry about effects on consumers only after their bonus checks have cleared. Here’s our standard word of caution: Before you start using any of these new services, understand the end-user agreement, your financial liability, and what information a merchant may reasonably ask you for. – AL
5. A new twist on trust but verify: Given that many security folks need to be conspiracy theorists and figure out how you can get killed, many of us have to compromise relative to employees. If you work in a hi-tech company, the developers tend to have access to the keys to the kingdom. Can you be really sure they don’t have malicious intent? Apple takes that trust but verify concept to a new level by having new employees work on fake products. It must be nice to be so flush cash you can afford hobble your development team by working on nothing. But it also shows how seriously Apple takes secrecy, which is pretty impressive. – MR
6. The end of malware-laden Twitter links? Sometimes you see deals announced and the motives aren’t initially obvious. You see Twitter first buy Moxie’s company and now take Dasient out and scratch your head a bit. Until you realize that we click a lot of links posted by folks we follow on Twitter. As much as I hate link shorteners, if it comes from someone I trust I usually click. Thankfully I haven’t regretted that yet, and perhaps Twitter can check links in real time with Dasient’s technology, so maybe they can stop folks from clicking the wrong links. Can they make money on this? Probably not, but given how much they’d lose if the Twitterverse were overrun with malware-laden links, this is probably money well spent. – MR