It was a bit of a shock to us over two years ago, when we learned the Boy has a lazy eye. We found out when he got evaluated prior to entering kindergarten, and they said he needed to get his eyes examined. The Boss and I have very good vision, especially when we were growing up, so it was unexpected. Ultimately it’s not a big deal. He needs to wear glasses and we have to patch his good eye for a few hours every day to force his weaker eye to get stronger.

We got him some pretty snazzy looking glasses. Oval in shape, you know, right out of the metrosexual handbook. Thankfully when you are 8, it’s cute. A couple years later, the glasses are part of him. He kind of looks strange when he doesn’t have them on. He is a boy, so he’s pretty hard on the glasses, with them always getting bent or otherwise screwed up. And when they don’t fit well, he tends to look over them. It’s not a conscious decision – he just lets them slide down his nose and goes about his business because his strong eye compensates. Or he doesn’t turn his head up when he’s looking up. Either way, he’s not getting the benefit of the glasses and it’s not helping to strengthen his weaker eye.

During his quarterly check-up, the ophthalmologist suggested a new pair with bigger lenses that he wouldn’t be able to look over. We’re fine with that, but the Boy is a bit change averse. His first thought was that he didn’t want Waldo glasses. Those big frame models that make him look like the character from “Where’s Waldo?” We set the expectation that he’ll get the best glasses to address the issue, even if they are Waldo glasses. The Boss and I had a sneaking suspicion it wouldn’t end well, but we had to deal.

I took him to the eyeglass shop and he started trying out frames. We found a pair that seemed good, which had rounder lenses. Not Harry Potter round, but rounder than his current model. I asked what he thought, and his response: “Horrible, Dad.” But both the optometrist and I told him they were cool, even if he didn’t believe us. Then I spied a pair of the dreaded Waldo glasses. “Boy, try these on!” After a little resistance, he put on the Waldo glasses (which were actually a pair of very expensive Calvin Klein models). I actually thought they looked good, but he was locked into the No Waldo position. He was clearly getting upset at the idea of having to get the Waldo model.

Then I took the first pair with the rounded lenses and had him try those on again. Evidently it wasn’t the optometrist’s first rodeo either – he played up the cool frames and told him all the chicks would dig them. The Boy had no idea what he was talking about, but I was entertained. I had him put the Waldo glasses back on (just for good measure) and then try the rounded ones again. Then I went for the close. “So what do you think, dude?” He said, “I like them, Dad. They are cool!” Just like it was his idea. Win!

Maybe at some point he’ll realize the conspiracy. Maybe not. Either way, it’ll be a lot harder for him to look over his glasses, which ultimately is all that matters. Even if it took a little manipulation to get him there.

–Mike

Photo credits: “Where’s Waldo” originally uploaded by Carolyn Coles

Incite 4 U

1. AV dying? Just like spam was going to be gone by 2004: Now that Microsoft has unveiled Windows 8 (talk about pre-announcing) with enhanced security features, the security industry is bracing for yet another assault on the cash cow of all cash cows: anti-virus. Evidently Win8 will have enhanced ASLR and heap stack protection, which is good news because <sarcasm>the attackers continue to stand still.</sarcasm> But it seems Windows Defender will be able to handle AV signatures now. First, AV signatures aren’t the answer. Second, inertia is substantial in both the consumer and business markets. If Microsoft said they were bundling white listing in, or some other mitigation that actually made a difference, I would be interested. But they didn’t so I’m not. But I do like the new Metro(sexual) interface. Not enough to actually use Windows, like ever, but it is pretty. – MR
2. Needle in a crapstack: Most of the surveys we see in the security industry are pretty bad. They are driven by vendors looking for FUD to sell products. And hey, it’s our own fault because none of us wants to pay for the good stuff. (Our stuff excepted, of course 😉 ). But we can often find interesting nuggets anyway. These two surveys came courtesy of Martin McKeay, as prep material for this week’s podcast. The first, from Trustwave and Cybersource, tells us that 70% of businesses care more about their brands than PCI fines. Well, I sure as hell hope so – otherwise their priorities would be seriously out of whack. Then, courtesy of PWC, we find that only 13% of companies surveyed have a security strategy, reviewed the effectiveness of said strategy, and knew the types of breaches they suffered in the past 12 months. Heck, I’d say 13% sounds good – maybe even a little high. A lot of the rest of these two surveys is too tuned for my tastes, but I’m happy any time I can get a nugget or two. – RM
3. Right tool for the job: If you are reliant upon email security to address HIPAA, you’ve already lost. But eWeek is positioning DLP Lite in email security tools as front-line defense for HIPAA. It’s a little like closing the window and leaving the front door wide open. Content screening of email is a last line of defense – one you hope you don’t need. Instead you should be looking at encryption, masking, and possibly select uses of tokenization, stitched together with federated identity and key management services. If you are going to use DLP Lite for content scanning, then you had better have an equally compelling story for chat, VPN, removable media, file shares, and every avenue data travels in and out of the company. DLP packages for HIPAA are a combination of endpoint, file, and discovery – in addition to screening all outbound traffic. You don’t have budget for every possible security tool, so match up the security product with the compliance and security problems you need to address. Their guidance seems irresponsible to me. – AL
4. The bots are coming! The bots are coming! CommTouch has some interesting analysis of a wave of new malware-laden attachments without a clear purpose. Evidently the bad guys are building up a new bot army to do something, and it’s unlikely to be good. Should this change any of your tactics? Nope, beside perhaps doing more extensive egress monitoring/filtering to figure out if any of your dumb users have opened the wrong attachments. It’s not clear if this is the first wave of SkyNet (which become self-aware on April 21), or something else (like the RBN honchos needing new cars), but all the same – it’s not like the problem of email attacks was about to go away, or like users will ever stop clicking stuff they shouldn’t. So keep calm and carry on – what other choice do you have? – MR
5. IDFC: My computer is protected with IDFC or “I Don’t Freakin’ Care” security. And it works because scams lure the unsuspecting with social topics I genuinely don’t freakin’ care about! Stupid email links from family? With IDFC – no click, no threat. Funny animal pics or joke of the day? IDFC. Fake AV, stolen babies, White House Christmas cards, dead celebs, 419 scams, pr0n, weight loss, and anything Facebook: IDFC. OK maybe not the pr0n, but I digress. Whatever the scam of the day, it doesn’t matter. And don’t forget the special Lady Gaga feature, which gives you IDFC^2! As a curmudgeon you get IDFC as part of the base system for free, fully configured – runs on all platforms and works better with age. Since half my computer problems are user error, I might as well take credit for what works – like totally ignoring social engineering attacks. Now, if I could just resist those People of Walmart emails I’d be totally safe! – AL
6. DARPA drool: I love DARPA (the Defense Department’s Advanced Research Projects Agency). These are the folks who get to fund and pursue all sorts of wildly advanced technology and science projects. While they are mainly for military goals, the rest of us get their leftovers (like the Internet). It’s like a bunch of Disney Imagineers with tanks and jets! In a move of brilliance, they hired Mudge (old school hacker), and I think we see his influence in this event designed to pull together a diverse group of cybersecurity experts to think out of the box. Innovation FTW, and while I highly suspect I’m not the sort to get an invitation, I’m sure as heck submitting my resume anyway. – RM
7. Wait! Those policies actually work? Listen, I still hate surveys, though within some context (and confirming my already substantial biases) they can serve a purpose. When I saw these survey results from Webroot claiming Only a quarter of employees bypass security policies, I figured someone had hit the crack pipe a bit too hard. But alas, it seems the folks they talked to seemed to get it. It’s those meddling kids who skirt the rules (they needed to be beaten more as children), but almost everyone thinks security policies help protect things. They are wrong, but at least we can thank the mass media scare tactics for something. Yet not is all rosy. It seems only 26% were aware of someone receiving a warning, which means it’s time for some more public executions. Maybe it’s time for a gallows-building party this weekend – I’ll bring the beer. – MR