Apr 04 2009
Another week gone by in a flash. It doesn’t help that I work from home and spent most of my days working in the same office I use for playing and podcasting as well. The family was going to go camping tonight, until we remembered commitments like Cub Scouts and an Easter Egg hunt. Maybe I’ll just grab the small telescope and binoculars and head out of town for an hour or two once the sun goes down tonight. Not that any of this directly relates to security, but it’s my blog and I can ramble if I want to.
Planning for RSA has gone into full swing. I’m speaking on a panel, Avoiding Security Groundhog Day, for the second year in a row with Rich and a few of my other friends, which will be a lot of fun. I’ll also be helping out at the Trustwave booth from time to time, so if you’re at RSA watch my Twitter stream (@mckeay) to see when I’ll be around. Stop by and say hello if you get a chance. Then there’s going to be the Security Bloggers Meetup and the Social Security Awards Wednesday night which is going to be an adventure all on its own. And finally there’s all the face to face meetings, interviews and parties to schedule. My calendar is already filling up, despite all my efforts to keep it to a minimum. The positive part is that I’ll hopefully run off every bit of alcohol and appitizer calories I take in each night I’m there.
Saturday morning reading:
- Lynis audit tool – I’ve been wanting to try this for a little while. I’m tempted to set up a linux VM on one of my systems just to play with this and see if it’s as good as I’ve heard.
- Thoughts and notes from the PCI DSS hearing in the US House of Representatives – This was fun to watch in a very geeky way. It didn’t look like it’d be fun to be Bob Russo from the PCI Council however. I’m keeping my own coverage of this event to a minimum so as not to have any conflicts of interest with my 9-5 job.
- Review of PCI Congressional Hearing – Branden probably has one of the best writeups of the event, plus some of the clearest analysis.
- Ori Eisen on credit card fraud and the need for a new Internet – I haven’t listened to this one yet, but anyone who’s calling for a new Internet promises to be interesting if not exactly realistic.
- Middleware security holes you need to know about: They increase risk of breaches and will make you non-compliant with PCI – Given by a friend of our podcast, T.Rob Wyatt of IBM. I’ve run into a few clients who don’t really think about what’s happening to their data at the middleware layer until they talk to the assessors.
- Register.com suffers further DOS attack – Ouch.
- Safend responds to discussion on DLP – Encryption of data at rest is an important part of securing your data, but I’m not sure if it’s something I’d directly link to Data Loss/Leak Prevention. I really do view DLP as more of a content filtering and discovery technology than anything else, but I could be wrong. I am a strong proponent of encyrpting anything and everything that might be of value to your enterprise however; there’s little or no reason not to in this day and age. Maybe Rich and I will take this up in a future podcast. Here’s where to find the original discussion.