Login  |  Register  |  Contact

Dos

Friday, October 03, 2008

Friday Summary

By Adrian Lane

The Securosis team is attempting to regroup and prepare for a busy Q4. It took three full days, but I am fully migrated into the Mac Universe and engaged in a couple of research projects. Now productive, I can finally start work on a couple research projects. Rich has left HQ in search of coffee, quiet and a security muse while he catches up on writing projects and white papers. But even though we have a short term ban on travel and conferences, there is a lot to talk about. Here is our summary of this weeks blogs, news and events.

Webcasts, Podcasts, and Conferences:

Favorite Securosis Posts:

  • Rich: Impact of the Economic Crisis on Security. It doesn’t matter if you are a vendor or practitioner, we’ll feel the effects of this crisis, but in a predictable way.
  • Adrian: Email Security. It’s getting cheaper, faster and easier to implement, but with some potential privacy issues depending on how you go about it.

Favorite Outside Posts:

  • Adrian: Brian Krebs post on lawsuits against ‘Scareware Purveyors’. Finally. Infecting someone’s machine with spyware and using it as a marketing and sales conduit is akin to stealing in my book. Now if they would only go after the purveyors of this scare tactic.
  • Rich: Fyodor explains (probably) the looming TCP attack. Fyodor, creator of NMAP, does an excellent job of explaining how the big TCP DoS attack likely works.

Top News:

  • The recovery bill. Law makers look panicked, and the market goes down every time they get close to a ‘solution’.
  • The TCP Denial of Service attack. Nothing to panic about, and we’ll write more on it, but very interesting.

Blog Comment of the Week:

Chris Pepper’s comment on Rich’s “Statistical Distractions” post:

[snip]... I refuse to use unencrypted email, but that”s to the SMTP/IMAP/POP/webmail server. But for email we have to keep in mind that the second hop – to the destination SMTP server – is almost always plaintext (unencrypted SMTP). So it’s more about protecting the account credentials than about protecting the email itself, but someone gaining full access to my whole multi-gigabyte mail store would really really suck. …[/snip]

Now, I am off to The Office for the Securosis weekly staff meeting. We hope you all have a great weekend.

–Adrian Lane