No news is just plain good: Friday Summary, April 18, 2013By Rich
I know the exact moment I stopped watching local news.
It was somewhere around 10-15 years ago. A toddler had died after being left locked in a car on a hot day. I wasn’t actually watching the news, but one of the screamers for the upcoming broadcast came on during a commercial break for whatever I was watching. A serious looking female reporter, in news voice, mentioned the death and how hot cars could get in the Colorado sun. Then she threw a big outdoor thermometer in a car, slammed the door, and reminded me to watch the news at 10 to see the results.
I threw up a little bit, I think.
I don’t remember the exact moment I gave up on cable news, but it was sometime within the past year or two. I have a TV in my office I use for background noise; one of those little things you do when you have been working at home for a decade or so. I used to keep it on MSNBC but the bias finally went too over the top for me. Fox is out of the question, and I was trying out CNN. That lasted for less than an hour before I realized that Fox is for the right, MSNBC for the left, and CNN for the stupid. It was nothing other than sensational exploitative drivel.
As an emergency responder I know what we see at night rarely correlates to actual events. I have been on everything from national incidents to smaller events that still attracted the local press. Even responders and commanders don’t always have the full picture – never mind a reporter hovering at the fringe.
Once I was on the body recovery of a 14-year-old who died after falling off a cliff while taking a picture. I showed up on the third day of the search, right around when one of our senior members finally located him due to the green gloss of a disposable camera. He used a secondary radio channel to report his location and finding because we know the press scans all the emergency frequencies. I was quietly sent up and we didn’t stop the rest of the search, to provide a little decorum.
Around the time the very small group of us arrived at the scene, the press finally figured it out. The next thing I knew there was a helicopter headed our way to get video. Of a dead kid. Who had been in the Colorado sun, outdoors, for 3 days. I used my metallic emergency blanket to cover him him and protect his family.
Years later I was on another call to recover the body of a suicide in one of the most popular mountain parks in Boulder. Gunshot to the head. When we got to the scene one of the police investigators mentioned we that needed to watch what we said because the local station had a new boom mike designed to pick up our conversations at a distance. I never saw it, so maybe it wasn’t true.
I don’t watch local news. I don’t watch cable news. Even this week I avoid it. They both survive only on exploitation and emotional manipulation. I do occasionally watch the old-school national news shows, where they still behave like journalists. I read. A lot. Sources with as little bias as I can find.
According to the Guardian, research shows the news is bad for you. Right now I find it hard to disagree.
On to the Summary:
Favorite Securosis Posts
- Adrian Lane: Run faster or you’ll catch privacy. Managing privacy in large firms is its own private hell. Hello, EU privacy laws!
- Mike Rothman: Sorry for Security Rocking. LMFAO applied to security FTW. And evidently I slighted our contributor Gal, who believes he’s up to provide the definitive Security LMFAO version. Name that tune, brother!
- Rich: The CISO’s Guide to Advanced Attacks. I am jealous I’m not writing this one.
- David Mortman: Run faster or you’ll catch privacy
Other Securosis Posts
- Intel Buys Mashery, or Why You Need to Pay Attention to API Security.
- On password hashing and how to reply to security flaws.
- Safari enables per-site Java blocking.
- Incite 4/17/2013: Tipping the balance between good and evil.
- Why you still need security groups with host firewalls.
- Is it murder if the victim is already dead?.
- Unused security intelligence is, well… dumb.
Favorite Outside Posts
- Adrian Lane: Agilebits 1Password support and Design Flaw?. Good discussion of the flaw and a good response from AgileBits. Now… patch, please!
- Mike Rothman: Patton Oswalt on the Boston Marathon Attack. I linked to this in the Incite but it’s worth mentioning again. Great context about taking a long-term view, even when the wounds are fresh.
- David Mortman: NIST: It’s Time To Abandon Control Frameworks As We Know Them.
- Rich: EmergentChaos on the 1Password design flaw issue. Don’t just read the post – read the first comment. The guys at AgileBits show yet again why I trust them.
- Email-based Threat Intelligence: To Catch a Phish.
- Network-based Threat Intelligence: Searching for the Smoking Gun.
- Understanding and Selecting a Key Management Solution.
- Building an Early Warning System.
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
Top News and Posts
- ColdFusion hack used to steal hosting provider’s customer data. Wait, people still use Cold Fusion? (Rich – I used to totally rock CF, back in the day!)
- Oracle Patches 42 Java Flaws.
- House approves cybersecurity overhaul in bipartisan vote.
- Cloudscaling licenses Juniper virty networking for new OpenStack distro.
- Microsoft deploys 2-factor to all services.
- Obama threatens to veto CISPA. Get your popcorn.
- Update: DARPA Cyber Chief Peiter “Mudge” Zatko Heads To Google. Google does so many great security things, but their views on privacy kill their usefulness to me.
Blog Comment of the Week
This week’s best comment goes to fatbloke, in response to Sorry for Security Rocking. And we fixed it – thanks fatbloke!
“So rejoice security professionals, you may not keep a business card for long, but you should have to spend much time in the unemployment line”
Think you mean “shouldn’t”?
This might be the case in the US but it is utter sh*te employment wise for security professionals in the UK at the moment.
Despite the constant claim by those in the know that there are dozens of ‘cybersecurity’ roles to fill (snigger!), these roles never seem to be advertised anywhere or materialise. Where are they all?!