Securosis Blog

It’s easy to believe the hype. You know, that NGFW (Next Generation Firewall) devices will take over the perimeter tomorrow. Get on the bandwagon now before it’s too late. And the anecdotal evidence leads in this direction as well. You see lines around the corners at trade shows to glimpse an NGFW Godbox, and local seminars are standing room only to hear all about application-aware policies which can help you control those pesky users who want to Facebook all day in the office.

Amen to our buddy Paul Proctor, who starts a post, Why I hate the term GRC, with “GRC is the most worthless term in the vendor lexicon.” I couldn’t agree more. 10 years later I still don’t know what it means. Besides everything, as Paul explains:

We are in the school year endgame right now. The kids will be done for the year in 10 days, and then summer officially begins. It is a frantic time in our house – the kids head off for camp in mid-June and we take family vacations before then. There is a lot of stuff to buy, a lot of packing to do, and a lot of quality time to squeeze in before The Boss and I become empty nesters for 7 weeks. One of those tasks is haircuts. It turns out the Boy has my hair. And that means he needs to get it…

OK, not really. But as Rich pointed out in last week’s Incite (Truth is stranger than satire), The Onion getting hacked, and then the hackers posting stuff that seemed very Onion -like, was one step short of crossing the streams.

Big news, big money – hackers stole $45M in a flash attack. They hacked into the bank system, focused on debit and pre-paid cards that lack the usual credit card anti-fraud detection, then made massive rapid withdrawals using mules scattered around the world.

From the New York Post, of all places:

Goldman later learned that Bloomberg staffers could determine not only which of its employees had logged into Bloomberg’s proprietary terminals but how many times they had used particular functions, insiders said.

I have never been a fan of large gatherings of people. You would never find me at a giant convention center listening to some evangelist, motivational speaker, politician, or business ‘guru’ tell me how to improve my life. I don’t stalk celebrities; participate in “million man marches”, tea party gatherings, promise-keepers, or any something-a-palooza to support a cause. I don’t have a cult-like appreciation of ‘successful’ people. It has nothing to do with a political or religious bent and I…

Today’s big news is the hack against banking systems to pre-authenticate thousands of ATM and pre-paid debit cards. The attackers essentially modified debit card databases in several Middle Eastern banks, then leveraged their virtual cards into cash. From AP Newswire:

There is no single right way to pick the best encryption option. Which is ‘best’ depends on a ton of factors including the specifics of the cloud deployment, what you already have for key management or encryption, the nature of the data, and so on. That said, here are some guidelines that should work in most cases.

Most folks think you need to be a day trading financial junkie to have any interest in quarterly earnings releases and/or conference call transcripts. But you can learn a lot from following the results of your strategic security vendors and companies you don’t do business with, but who would like to do business with you. You can glean stuff about overall market health, significant problem spaces, technology innovation, and business execution.