I had a long chat with Josh Corman yesterday afternoon about Rugged, especially as it applies to software development. I know this will be a continuing topic at the RSA conference, and we are both looking forward to a series of brainstorming sessions on the subject. One aspect that intrigues both of us is the overlap between Agile and Rugged as conceptual frameworks for guding developer decisions. I though this was important enough to blog up prior to the conference. The discussion went…
Twitter exploded last night with news that the self-proclaimed world’s #1 hacker’s email and Twitter accounts were compromised. Personally, the amount of time that good people spend feeding that troll annoys me. Which is why I’m not mentioning his name. Why give him any more SEO points for acting poorly? Since the beginning of time there have been charlatans, shysters, and frauds; this guy is no different. Major media outlets are too dumb and lazy to do the work required to vet their experts ,…
“Hi Mike, how are you this morning?” When I heard those words I instinctively checked over my shoulder, since no one really calls me by name in any of the coffee and bagel shops I frequent. And that is intentional. I like to be the nondescript guy who may look familiar, but you don’t know from where. I don’t do small talk, and if I’m in a very good mood, maybe you’ll get a smirk. Other than that, I’m just the guy with his head down, inhaling coffee, and banging away at his Mac.
At Cal, even though my major was software, I had to take several electronics courses. When I got to college I had programming experience, but not the first clue about electronics. Resistors, LEDs, logic gates, karnaugh maps, and EPROMs were well outside my understanding. But within the first few weeks of classes they had us building digital alarm clocks and television remote controls from scatch. The first iterations were all resistors on breadboards, then we moved to chips and EEPROMs… which…
It’s time for a good old fashion beatdown. Personally I’m working hard on not overreacting to stuff and letting most annoyances (which would normally set me off) pass on by. But sometimes, you know, a purge is required. It kind of reminds me of that great scene in 48 Hours, where Nick Nolte tells Eddie Murphy to be cool when they enter a bar to question someone. Nolte then proceeds to tear the place apart and when Murphy says “I thought you said to be cool,” the response is “That was cool.”…
For those of you who are not American Football fans, we’re in the middle of the playoffs over here. Teams work all year to get into the tournament and secure a high seeding. And of course the best laid plans sometimes end up at the wrong end of a blowout (yes, ATL Falcons, I’m talking about you). This past week’s NFC Championship provided a lot more drama than in the past, and not because it was a competitive, exciting game.
I ran across Robin Harris’s analysis of the Hyder transaction database research project, and his subsequent analysis on how Microsoft could threaten Oracle in the data center on his ZDNet blog. Mr. Harris is raising the issue of disruption in the database market, a topic I have covered in my Dark Reading posts, but he is also pointing out how he thinks this could erode Oracle’s position in the data center. I think looking at Hyder and like databases as disruptive is spot on, but I think the…
Now that we have a sense of what data to focus on at the beginning of an incident, it’s time to start digging into the response and investigations process itself and talk specifically about what they entail. In larger enterprises, organizing the response process and teams can be extremely complex, due both to the volume of incidents and the complexity of the organizational structure (politics). Some teams align with business units, others with tools, and yet others are centralized.
As we previously mentioned, we will teach the very first CSA Cloud Computing Security Knowledge (Enhanced) class the Sunday before RSA. We finally have some more details and the registration link.
Just a quick note that I’m speaking at the Macworld conference this Friday in San Francisco on iOS security.
This is one of the few times I get to talk about basics with a completely-consumer audience. Last year was my first time speaking (after attending for a few years), and you can’t spend any time there and still believe the stupid “Mac users think they are invulnerable and don’t care about security” meme.