2 of the ships responsible for damaging the undersea cables in the Middle East last February were caught with their proverbial pants down on satellite photos. One was Iraqi, and the other was “Korean”. Wait a second.  Aren't there 2 Koreas?  One that is relatively peaceful and the other that wants to blow our brains out with a nuke at their earliest possible convenience?  I think it's relevant to distinguish between the two, don't you? Story here: http://www.nationalterroralert.com/updates/2008/04/12/remember-the-undersea-cables-that-were-being-cut/

I have never actually used a modern Mac.  My exposure to them is limited to the IIe-era, and I understand they've come a long way since then, What I don't understand is why the majority of Mac laptop users I've observed have used the platform merely for running Windows XP in Parallel. Case in point:  Returning from RSA, I was sitting behind a Mac user that was using her vaunted MacBook Air to type a simple Word doc.  In Windows XP. Seriously?  Folks, there is even a Mac version of Word.  Does XP really present such a compellingly superior user experience that you cannot...

I've never told this story, not even to my family. 9/11 is why I'm in the security business.  Corny as it sounds, when 9/11 happened, I decided that the way I could contribute to making the world a better place was to apply my IT knowledge to securing the world's Windows networks.  I had flown out of Logan airport in Boston the day prior to the attacks.  I was galvanized.  I quit my job, put myself through a number of SANS courses, and focused my 15+ year old IT career towards security. I even traded my BMW in for a Jeep, in a semi-rediculous...

RSA is 50% learning and 50% networking.  At roughly 17,000 attendees, it is far and away the largest gathering of information security practitioners and vendors.  You make professional connections here that you cannot otherwise make. The Peer-to-Peer sessions are networking gold.  You have 20 people all struggling with some particular aspect of the business, and you generally leave with the personal contact information from at least half of them.  The world's information gets more secure as a result of these short sessions, and the relationships we build after the event is over.  Unfortunately, due to the small number of people permitted into them,...

Here are some interesting links that I noted during RSA.  These are mostly for my own benefit, but I won't tell anyone if you click on them.  I'm not the boss of you. Symantec Threat Report - 2nd Half of 2007: Executive Summary, Full Report US Government's Trusted Internet Connection Initiative Oracle's call for better secure coding education at the university level Federal Desktop Core Configuration, which is the secure configuration that the goverment uses by default, and has recently mandated that any off-the-shelf software product must operate properly with before being considered for purchase.  Site includes MS Virtual Server images of the FDCC configuration...

Going through my notes from the week, and just wanted to throw out some interesting things I learned during the course of the week, in addition to the items in my previous posts: It is currently estimated that 40% of computers attached to the Internet are members of one or more botnets The US government recently reduced its time-to-patch from 57 days to 72 hours, and is striving for 24 hours Oracle is asking US universities to mandate secure coding courses in the curriculum of computer science majors Despite some of the high visibility projects at the federal level, information security spending is at an...

Show's over.  Algore just left the stage after preaching to the crowd about global warming, and how “you IT people” can use his Intarwebs to help the fight.  He was heckled a number of times during the course of his speech, but security people pounced on the hecklers fairly quickly and hustled them out of the forum.  I don't remember Colin Powell getting heckled last year, but I might be repressing it. The irony of Algore coming to a security conference and spreading his apocalyptic FUD was not lost on many of us.  Hey, spreading fear uncertainty and doubt is our...

I'm at RSA all week, and I figured I best blog about it, seeing as how I maneuvered my way into the Security Blogger Meetup tomorrow night based on the premise that I do, at least occasionally, blog about information security issues. I'm taking a break from the morning keynotes, choosing to observe the Microsoft keynote from afar, via closed circuit TV, while I get some thoughts down on virtual paper. The first 2 talks were by EMC (parent company of RSA), and then Symantec. The show opened with the obligatory cheesy dance number, which this year was a bastardized version of the...