Wednesday, April 30, 2008

L0pht panel

I somehow stumbled on a mention that SOURCE 2008 had a 'reunion' of several l0pht folks for a panel discussion. I always had fun reading their shenanigans back in the day and it was fun to watch.

I recommend listening to the Gorillaz while watching it. Here's the actual link if you want a slightly larger version.

Tuesday, April 22, 2008

Email as a platform

"When you have a hammer, everything looks like a nail." A corollary to this is:

When you have a budget, everything looks like a turnkey solution.

Unfortunately most technology solutions out there tend to be a wysiwyg. More precisely, there is no growth, no meaningful way to use the data other than what is offered out of the box. In essence, it is not a platform that will allow for future growth or changes. Indeed, a turnkey relies on the process to be created around the solution as opposed to the other way around.
This irritates me to no end; I don't want consoles or exported data- i simply want to get things done. I like to think I'm fairly clever at providing this flexibility for my personal needs. Lately I've been creating some internal processes to meet some company demands. turnkey solution? Sharepoint? custom code?
Nay say I; whichever solution should not get in the way of the business process. I've been experimenting with using email as the formal distribution method of process data and relying on excel for tracking. The goal of the process should be well understood by all; this sets the groundwork. No more than 5-6 generic flow rules else it's too confusing.
Email isn't all encompassing; but it is an interesting platform when viewed as such. In a lot of instances email processes actually can meet the lowest common denominator. Which, I submit, the LCD should always be the target when defining new processes. This will allow for a healthy maturation of the process. Too often we try to skip ahead.

Monday, April 14, 2008

Thought Experiment: Years 2013 - 2018

What will a typical company look like in the years through 2013 and 2018? Technology will have a large impact, and how that technology works will dictate a lot of security concerns to that company. While it may be completely pointless to predict anything past six months out; we need to at least have some sort of moving target. Keeping our heads in the weeds will keep us as reactive as we always are.

Some rough guesses off the top of my head:
  • The network perimeter will be non-existent (or ineffective); virtualization and commodization will create a SaaS-like corporate environment available anywhere/anytime from any device. Eventually a de-facto identification method will exist across the internet which will give rise to this platform abstraction.
  • Fast-paced and openness of information will be the norm; and is considered a critical competitive edge. Restricting this flow of data will not be tolerated.
  • Black markets and espionage will be common place on the Internet; a global group continual effort to minimize their affects will emerge.
Obvious Influencers: Brave New War, The World is Flat, Rainbows End(fiction)

See you in 5 years to see where we are.

Monday, April 7, 2008

RSA conference

So the RSA conference is this week.

2007's conference had over 17,000 attendees. Good time for attackers to attack.