Something didn’t add up. We got a call from the girl’s camp literally 3 days after they got there saying XX2 needed more stationery. We hoped this meant she was a prolific writer, and we’d be getting a couple updates a week. Almost 3 weeks later, we got 1 postcard. That’s it. A few of her friends got letters, but not nearly enough to have depleted her stash of letters/postcards. And the longer we went without a letter, the more ornery The Boss got.

It's not there, where is that mail gremlin?...Mostly because she spent a bunch of time buying, stamping, addressing, and return labeling the additional letters. So to not get any mail was really adding insult to injury. Luckily we were going to see the girls on Visiting Day, so we’d get to the bottom of the situation. Maybe there were mail gremlins in the Post Office, getting their kicks by reading (almost) 8 year old chicken scratch. Maybe the small-town post office was just overwhelmed. Or maybe XX2 had screwed up a bunch of letters and just thrown them out, as opposed to trying to fix them. It could be anything, and we were determined to get to the bottom of it.

When we got to the camp, we spent a few minutes with XX1, including meeting her counselors and seeing her bunk. It’s far from roughing it, but they still get a somewhat rustic experience. Then we made our way over the XX2’s bunk to do a similar assessment. With me as the bull in a china shop, I (of course) just blurted out what I know The Boss was thinking. “I’m so happy you are having a great time at camp, but what the hell? Who did you write to with all your stationary? It certainly wasn’t us!”

XX2 looked very confused. She reiterated that she did write letters, and she wrote 3-4 to us. It looked like it might be a job for the late Columbo, who could solve this posthumously. Then we asked the key question: “When did you mail the letters?” She again looked at us quizzically. That’s when all the pieces fit together. “I need to mail one letter every three days to get into dinner. So I give them one letter.”

Looks like we found the smoking gun. I then asked XX2 to show us her stationary box, and sure enough there were 6 letters and 3 postcards ready to go. I forget she is not even 8 years old yet. She took the instructions literally. She needed one letter to fulfill the requirement, and didn’t realize she could mail more than one letter at a time, or even on an off day.

We got the characteristic, “oh well” shrug from her and then we all just busted out laughing. To be clear, I’m not sure we’d do anything different next time. I refuse to be one of those crazy, guilt-slinging parents who browbeat their kids about writing. If they aren’t writing, odds are they are having fun. And we may even save a few bucks in postage. That’s a win-win in my book.


Photo credits: “Nobody Loves Me” originally uploaded by Robert Hruzek

Incite 4 U

  1. The next wave of consumer security: Following (and participating in) the SIEM space, one of the biggest jokes was fraud detection. You know, you’d set your SIEM to look at transaction records and it would find fraud. It’s just data, right? Fraud is just another pattern, right? Not so much, but it’s still a magic chart requirement to have a solution in this space, even though the financial folks use purpose-built offerings to do it for real. But that doesn’t mean that reputation and pattern matching for fraud detection has no place in security. Actually, it does, and with a tip of the hat to Fred Wilson, I can point you to a new service called BillGuard that monitors your credit card transaction streams and can alert you to things that might be funky. Remember, consumers don’t care about security for its own sake. But they care about losing money to fraud and other nuisances, and this kind of offering should just kill it. Disclaimer: I haven’t used BillGuard, nor have I checked out their security. But the idea is right on the (proverbial) money. – MR
  2. Agile is the word: Uh-oh. The US Government is taking cyber-security lessons from businesses. Are things that bad? Actually, while the title of this post filled me with visions of Sony and other enterprises, the actual document is worth review. The government is effectively advocating an Agile process – its basic tenets read more like secure code development ideals than as network deployment. Most security experts urge building security into the products we deploy rather than bolting it on afterwards. And this encourages working with smaller (read: more innovative) security technology providers. Their guidance is a good fit with our own enterprise guidance. – AL
  3. A sign of the times: About a hundred years ago, I co-founded a company focused on driving broader adoption of PKI. We focused on application integration to add capabilities such as encryption and digital signatures. But it never took off, mostly because no one was willing to trade inconvenience for security. By the way, not much has changed. If security works, it’s behind the scenes, embedded within the user experience so users don’t need to know about it. Adobe is clearly going taking another run at digital signatures with their EchoSign buy. I’m not sure the outcome will be different this time around. EchoSign got some lift because it wasn’t about technology – it was about a seamless business process to eliminate paper from contract signing. We’ll see if Adobe learns from that, or just tries to add another option to the product – you know how the latter scenario ends. – MR
  4. Skype pwnage: It will likely be patched by the time you read this, but there is a cross site scripting vulnerability with Skype. In essence an attacker need only insert malicious JavaScript into their phone number field and when a ‘friend’ comes on line, they pick up the malicious code automatically. The proof of concept changed the user’ss Skype password, but theoretically it could inject other code onto your machine without any user intervention or knowledge. Yet another example of why every input value requires validation! The fix will be easy to implement – verify that the field is actually a number and not a script – but no word yet on availability. I am getting conflicting information about which versions are susceptible, but look for a patch in the coming weeks and upgrade ASAP. – AL
  5. Filtering vapor: Evidently Cisco is trying to cut its way back to innovation, and history says that movie rarely ends well. It looks like they are also trying to dust off the greatest hits marketing of some of their acquired companies, and slap a fresh coat of paint on, well you know… Having survived the wrong side of IronPort’s rise to email security dominance, I had to laugh a bit when they just released the IronPort Outbreak Filters offering, which is supposedly looking for targeted attacks. Using new technologies, like content analysis and reputation. Oh yeah, Cisco has basically repackaged what they’ve been doing for years. Low volume, spear phishing attacks are very hard to detect – outbreak filters or not. But you have to hand it to Cisco – they aren’t proud. At least they are copying from themselves. – MR