Hi! If you haven’t noticed I have not blogged for over a week.  That is a long time for me to go without a word on here.  My dropping out involved more than blogging. I dropped out of most everything except being a daddy and husband.  It had been way too long since I actually unplugged and just spent time with my family.  My friend Brad Feld writes a lot about work-life balance.  I was badly in need of some balance. Unlike most people I actually love what I do.  But when it becomes work and I don’t like doing it, something is wrong and my work suffers.  Shortly after my work suffers, my family suffers because I become some sort of proto Mike Rothman-like grump.  That does not make for a happy home either.  So I unplugged for the week. Went fishing with my sons, played baseball, sailed a Hobie Cat, spent quality time with my wife and generally just unplugged.  The picture to the left is a bonito I caught.

Anyway I am back now, recharged and ready to rock n’ roll. I am excited to get on the road and start talking to people again. Black Hat will be here in a few weeks and I am looking forward to it! The Security Bloggers Network continues to grow and we have some announcements coming out around that as well.  Also, I am going to be doing a new series of podcasts on some great new topics that I am very excited about.  I have enlisted the StillSecure marketing team to help me promote them.  You will be hearing more about them soon! Generally I am ready to dive back into the security fray. It seems like the challenges are greater then ever and we have lots to do to keep up.  Looking forward to it!

  I have been so busy running around and trying to spend more time with the family that I have been negligent in talking about some of the things I have been doing.  A perfect example was last week.  Among other appearances, I was a featured speaker at the annual South Florida ISSA conference.  I have had the pleasure of appearing and attending many different ISSA chapter conferences, but I can say that my home chapter in South Florida, hands down puts on the best conference I have seen, year in and year out.  This years show was no different. From the opening CSI video spoof, to Stephen Northcut’s keynote, down to the last good bye, Jeff Dell, Tim Krabec and Pete Nicoletti, along with the rest of the team out did themselves!

The guys down here know me pretty well and read my blog I suppose. At the end of the day to thank me for speaking they presented me with a few bottles of wine with the labels as shown here.  They obviously had read my article about cloud aficionados. Anyway, if you get a chance, try to make next years show as I am sure the guys will outdo themselves yet again!

Authors update: It really was a day the music died. Shortly after posting this article word came that Michael Jackson was rushed to the hospital in LA.  Some time after that there are numerous reports and it it appears confirmed that he did in fact die today as well.  While his adult life was bizarre to say the least, you can't help feeling that his life over the last decade or more was tortured.  But whatever you want to say about the man, you cannot deny his musical talent. What a shame!

I was really saddened to read about Farrah Fawcett passing away today. Though we all new it was coming, the reality of it made me think back to my teen age years.  My family had finished our basement and my brother Kevn and I moved down there. We each had our own room. I was about 15 or so and thought it was so cool. I promptly set up a stereo, a huge record (yes vinyl ones) collection, a fish tank and these three posters:

They defined beautiful women for me.  In fact in many ways they still do. A little part of the teen ager still in me died with Farrah Fawcett today. My sympathies to her family and loved ones.  I guess now she truly is an angel.

I was very saddened to receive the following email this morning:

 

Clear to Cease Operations

 

 

Dear Alan Shimel,

At 11:00 p.m. PST today, Clear will cease operations. Clear's parent company, Verified Identity Pass, Inc. has been unable to negotiate an agreement with its senior creditor to continue operations.

After today, Clear lanes will be unavailable.

Sincerely,
Clear Customer Support

While I thought Clear was going to make security quicker because of the background checks and identification information, it didn’t. In fact you still went through the same security process, so why bother with all of that information. I was nevertheless pretty grateful when I skipped long lines (especially at Denver) at airports. It really was sort of a “super-first class, premium passengers line”. Hey I admit it, I liked it. 

I guess at the end of the day either they just couldn’t get enough people to join and bring on new airports quick enough.  That doesn’t mean that there is not a market for this kind of service. I think Clear just had a very expensive business model.  Someone will figure out how to do this cheaper and better and they will be successful at it. 

In the meantime I am pissed about two things:

1. I just renewed my yearly membership last month for $194.00!

2. I am flying out of Dulles this afternoon and was counting on using the Clear lane to not have to wait on the usual long afternoon lines at Dulles. Now I have to leave earlier for the airport!

Its no secret the Florida Marlins baseball team has one of the worst attendance records in major league baseball.  There are a lot of reasons for this, among them:

1. They have one of the lowest payrolls in baseball, but are among the most profitable.  They don’t take in a lot of money, but spend even less of it.

2. They play in Dolphin (now LandShark) Stadium and don’t share in any of the revenue so can’t spend any more money.

3. South Florida with all of its lifestyle recreation options is a tough place to sell baseball tickets, especially to a stadium designed for football where with a little BBQ sauce you can roast in the sun pretty good.

4. The stadium is too far away from the Miami based Hispanic community who would be the core of support for the Marlins.

All of these may be valid to some degree or another, but even if most of these were fixed the Marlins would still suffer. The problem is the organization (not the players) is a bush league operation. A perfect example is last night.  The Yankees are in town and the Marlins rather than the usual 2500 or 3500 fans they usually draw had a crowd of over 46,000 people! Yes most of them were Yankee fans, but what a great opportunity to turn the local kids on to the Marlins. They had a special promo for fans entering the game (besides the jacked up ticket prices), they were giving out orange cow bells to ring.  But you could not have any Yankee or other team clothing on. If you did, you did not get a cow bell. Great way to convert fans guys!

Maybe the intent was to “teach the kids a lesson” to support the Marlins. Instead though my kids took it as “look how mean and cheap the Marlins are, they wouldn’t even give us a cow bell”. Instead of using the Yankee series to make more game attending fans, they turned people off. It is that kind of attitude that will forever doom the Marlins to a bush league status no matter how good the players are on the field.

The answer is because like the proverbial bear - they can.  The same answer applies to Bill Brenner’s question over at CSO online regarding the “aggravating” and “over-saturated” security market.  The reason there are so many security companies is because there can be.  Don’t get me wrong. Not all of these companies will have a happy ending.  Some will shutter down for good, others will be sold at less then hoped for “fire sale” prices - washing their investors in red ink, still others will earn respectable returns by being acquired by a larger fish and finally some will make it to the promised land of IPO (or in the present environment, profitable sustainable powers in the security market – Fortinet comes to mind).

Rather then engage in reading entrails or star charting about which companies would make good matches for other companies to acquire though, lets look at the real reasons why there are so many security companies:

1. There is a wide range of security technologies filling a wide range of needs – There are so many aspects to security and the task is so difficult that is increasingly impossible for any one company to have the breath and depth to do them all well (McAfee is a perfect example). This jack of all trades, master of none security reality guarantees that there are constantly going to be “specialists” who do a particular aspect of security and do it well.  Better in fact then any of the jack of all trades would ever be able to.  As long as people will pay for a best-of-breed solution for any given niche in security, there will be security companies lined up looking to fill that niche.

2. We have a built in minor league or development league model in security to foster innovation – The fact is that most of the larger security companies do a lousy job at innovation. In fact so lousy that they have almost totally abandoned it. Instead they concentrate on building a pipe to customers.  Once they have that big pipe into a customer base they snap up promising innovative products from smaller companies to pump into those pipes. Some of those companies are small start ups, some are medium sized companies that either have grown organically or have themselves snapped up smaller fish.  Regardless, as long as the bigger companies rely on buying smaller companies for innovation, you will see smaller companies proliferating. In the end the consumer of these products and services are the winners. The more companies trying to ways to solve problems, the more choice and competition is placed in the market which lets the best rise to the top.

3. There is no perfect way to solve the issues – Some of the challenges we face in the security market are so complex that there does not exist a clear, dominant way of solving them. Instead we see endless variation and experimentation in trying to get to the best of way of solving a given issue.  Without clear cut ways of solving the problem, the experiments and competing methods of attacking the issue lend themselves to a wide range companies coming to market with their own takes on solving the problem.

So while it may be fun to speculate on who would match up well with whom, it would not solve the “problem” that Bill sees. As soon as some of these companies would merge, their would be two, three or more to take their place. It is evolution at work.

Image via CrunchBase

I don’t know what is with me. I must be either a  closet masochist, a glutton for punishment or just plain stupid (or maybe all of the above).  For whatever reason I felt it necessary to try and upgrade to the latest version of iPhone software today when prompted.  Every fiber of my being was screaming no don’t do it. But I did anyway.  For those not familiar, every since I got my iPhone about a year ago, everytime Apple has put out an upgrade to the OS, my phone has bricked.  So why should this time be any different?  Did I really think Apple would give a crap about their AT&T customer base and actually fix whatever bug consistently causes this problem?  Of course not! 

Same old, same old. I upgraded, the phone bricked, iTunes froze, locked up the computer. Had to reboot, same thing happened. When on to another computer did a clean install. Wiped out everything on my phone, came back to my old computer did a sync and now I am spending the rest of the night re-customizing and trying to find what I have lost. 

When am I going to learn.  Apple you suck!

From the classic movie Casablanca:

Rick: How can you close me up? On what grounds?
Captain Renault: I'm shocked, shocked to find that gambling is going on in here!
[a croupier hands Renault a pile of money]
Croupier: Your winnings, sir.
Captain Renault: [sotto voce] Oh, thank you very much.
[aloud]
Captain Renault: Everybody out at once!

This week’s winner of the Captain Renault is none other then the folks over at Forrest-er Gump Research. Kelly Jackson Higgins has a report up on her Dark Reading column about the latest report from the Forrester guys.  Can you really charge someone to tell them that? I am in the wrong business.

When are people going to learn there are no magic bullets, magic wands, security Santa Claus or Easter Bunny for that matter.  Nothing takes the place of best practices, layered security defenses. It doesn’t matter if you are virtualized, cloud-ized, local, remote, wired or wireless, there are no short cuts.

Louie, this could be the start of a great friendship!

If you have any doubt that the gold rush is on for the millions, if not billions the US Government is going to spend on cybersecurity check out this commercial from Lockheed Martin I saw on CNN today:

Let the race begin!

Sometimes I just can’t help myself. No matter what I do, I get myself in trouble. For the most part I have stayed out of the whole cloud thing. I have watched on the sidelines as Hoff, Amrit and countless others have pontificated ad nausem about cloud this, virtual that, a new paradigm here, a revolution in the making there.  I stayed away from the hype.  To me I had been there and done that and have a bunch of worthless stock certificates to prove it. Back when StillSecure CEO Rajat Bhargava and I were getting Interliant going we were one of the early entrants in the ASP market (the cloud providers of our day).  We were hosting and managing all kinds of applications, web sites and other infrastructure, including dare I say it, managed security. I have also been through my share of market hype (NAC anyone?) too and recognize much of the cloud buzz for what it is.

Today I tried to write a small commentary on what was truly a tragedy on multiple levels. One of the least levels of tragedy was what can happen when we trust our providers to store our (take your pick) – applications, data, IP, stuff – on line in a shared or virtual environment.  This is why security of our cloud environments is so important. Without that security in place which allows the user to trust in the provider, the cloud will never ascend.  The real tragedy of this story is that not only did 10’s of thousands of people lose their websites and data probably for good, but a young man who developed the software that was hacked felt so guilty that he apparently took his life by hanging himself. Can you imagine! When many software vendors today won’t even acknowledge some vulnerabilities this poor soul took his life.  I guess its lucky Bill Gates never felt that personally responsible for any Microsoft vulnerabilities.  It is not a joking matter though. Many thousands of people effected. A web hosting business in shambles and a young life snuffed out.  Securing the cloud is rather minor on this scale.

But my friend Hoff (now of Cisco. Should be interesting to see what effect this may have on the blog) and Kirsh from someplace called CloudAve.com, took me to task.  Evidently this was just a shared environment and to “fear monger” about the cloud being insecure was totally out of line. Chris fails to see how a “PHP script vulnerability in a virtualization management program” equates to a cloud problem.  Geez I don’t know. Like I wrote in my reply, perhaps I don’t have the sophisticated palate that these gentlemen have to recognize a fine cloud when I see one. I felt like I was out on a Saturday night with some of my Boca friends when they debate the merits of this bottle of wine or that one. Hey aren’t they all just a bunch of grapes. Or better yet discussing maduro wrappers versus lighter tobacco wrappers, Dominican versus Cuban. Come on now. I had a flashback to Jim Ignatowski on the show Taxi smelling cocoa leaves to see where they were grown and when.

Maybe I will never be on the cover of Cloud Aficionado magazine, but I think most people have the same view I do. When I am talking about my stuff being kept up and off of my premises, it is up in the cloud. It doesn’t have to be fancy or sophisticated. You don’t need fancy diagrams or long winded treatises with story book names. it is really quite simple. When my stuff is up there I am getting it in the cloud. A PHP vulnerability on a shared server is not very different than a vulnerability in salesforce.com, if it means someone can gain access to salesforce and wipe out my data. 

To satisfy my own curiosity I went to Wikipedia and looked up Cloud Computing. Oh now that cleared it up - NOT. There is grid computing, utility computing, SaaS, PaaS, IaaS, yada, yada, yada. I don’t know about you all, but I would bet the common man would still have a tough time distinguishing today’s cloud versus the service bureaus and time sharing on the main frames from back when I was a kid and I went to work with my Mom (yeah I am that old). I am tired of hearing about paradigm shifts (the dot com bubble, the housing bubble, now the cloud bubble).  But lets leave the cloud snobishness out of it. Don’t forget that though some may sit around letting the wine breathe, enjoying a fine smoke discussing the more subtle points of a good cloud architecture, the rest of the world has to live,work and deal with this stuff everyday.

I have heard many people who say that this whole cloud security thing is much ado about nothing. Besides getting Hoff’s blood pressure going, most people just shrug.  Yesterday’s article in the Register detailing the erasure of perhaps 100,000 web sites from a UK based web host is a poster child of the stakes in play with cloud security.

The web host evidently used virtualization software from a  company based in Banglore called LxLabs. Today comes word that the CEO of the company was found dead by hanging in an apparent suicide (what is it with people hanging themselves lately, will we hear rumors of sexual asphyxiation next?) Anyway, the software in question had either a zero day vulnerability or one that was a few weeks or months old (It all depends on who you believe on that one). In any event, the vulnerability gave the intruders root access to the machines in question.  The kind folks who perpetrated this crime then proceeded to wipe out the files of all of these web sites.  Perhaps half of these sites did not pay for any back up service, so their data and files may in fact be lost for good. That is just crazy!

So here are the stakes for the cloud. If something goes wrong and there is an incident, that incident can effect 10s or 100s of thousands of people and organizations.  With that much @stake (no pun intended), we cannot afford to be very serious about securing our cloud based environments!

Today StillSecure announced something that I have wanted for a long time.  Our Safe Access NAC product can now use WSUS to remediate non-compliant endpoints. Prior to this it was possible to use WSUS but it was much more of a custom job. We have had integration with MS SMS for a long time and from time to time have worked with many of the patch mangers out there. But WSUS is the most widely used of any patch solution out there. It should make life much easier for users whose devices are not compliant.

For too long people have emphasized NAC’s ability to quarantine and remove non-compliant devices from the network. But that in my mind is a red herring.  Unless it is a rogue user or something like that, keeping them off the network is not productive to anyone.  NAC should be about making sure they are compliant. If they are not, make them compliant and get them on their way. Don’t throw them off the network, that doesn’t do anyone any good.

There have been various ways of doing this with NAC. Some solutions have sort to have their own file push capability built in. The problem is that being a NAC solution is hard enough. So is being a patch manager.  Being both is a recipe for disaster. You wind up doing neither well. You can work with patch managers, but which ones? With SMS and now WSUS we are guaranteed to work with the widest number of devices out there.

The Register is reporting that McAfee had another serious mishap recently.  It seems the security company that wants to be everything to everyone in security put out a service pack to their flagship corporate AV product, VSE 8.7. This was a mandatory service pack.  Well it seems that at least in some instances it rendered machines unbootable!  It seems important Windows system files were tagged as malware and in some cases removed.  Obviously some folks got quite upset by this and left some choice words on the McAfee support forums.

Of course this comes on the heels of last months Oops where several McAfee web sites were vulnerable to XSS attacks (this from the company that sells a scanning service for such attacks).  I don’t know about you but it seems to me that there may be a little QA issue over at little Red.  Maybe instead of trying to be everything to everyone in security, they should try doing what they do well.

Just wanted to give a quick shout out to Joe Webster, a security bloggers network member and until recently a great resource at StillSecure.  Joe just left StillSecure to pursue a tremendous career opportunity that he could not pass up. He wrote about why he left and his time and impressions of StillSecure here on his blog.

During his time here at StillSecure, Joe has been a great resource and team member in making Safe Access a best-in-class NAC product. He has also become part of the family partaking in and leading many social activities.  We are all saddened to see Joe leave the fold, but wish him the very best in his new gig.

Saw this story today about Citrix leading a $10 million dollar round of investment in Vyatta.  This is on top of the $18m they had raised previously.  While I think an open source router that runs on x86 platform and can be virtualized and run along side security apps is a great idea (Can you say Cobia?), I am not sure what would drive Citrix to this.  Are they so incensed about the Cisco/VMware relationship that they think that Vyatta is actually an option? Why not go strike a deal with Juniper and save the money?  Maybe because Xen has its roots in open source, so Vyatta is a nice compliment?

On the other hand, getting a company to make a strategic investment in this climate is not an easy thing, so good for Vyatta. Could this be the opening move in Citrix buying Vyatta and building in routing to the Xen virtual environment and some of their Netscaler stuff?  Time will tell.

Like I have done for other conferences, the marketing team at StillSecure has given me 3 full briefing passes to Black Hat in Las Vegas to give away here on the blog.  So you know the drill, leave a comment why you are a deserving recipient and you may be one of the lucky recipients of StillSecure’s largesse.

Good Luck!

Over the years on my blog I have repeatedly called out private security companies who put our puff press releases touting another record breaking quarter, but don’t actually release the actual numbers to back up those claims.  Anyone can say they had a great quarter at 140% of goal. 

Public companies on the other hand have to file extended financial information and their us usually a street estimate of what they were supposed to hit, so you can have a hit or miss.  Usually it is unfair then to compare the private company boasting with actual performance metrics of public companies.

Recently however some of the private security companies (maybe in a better market condition they would be public now) have put out some numbers to back up their claims of doing well in this market. CRN has a good article detailing  the impressive growth numbers of both Sophos and Fortinet. You can get the particulars on the CRN site, but both companies seem to be doing very well even in these tough economic times.  The growth, profitability and transparency are all impressive. Congratulations to both organizations. It certainly seems to prove the hypothesis that in good times or bad, there will be winners and losers. Good execution will always be prepared.

Bill Snyder over at InfoWorld wrote an article about the fight over open source leeches. In it he says that":

Open source is supposed to be all about community, but as commercial open source becomes the norm, fewer developers are giving back. Is that hurting open source?

The article quotes several open source advocates who variously blame technology companies who use open source as part of their products, but don’t “give back” to the community, enterprise IT shops who don’t contribute back code they developed and other developers who are not “good community” members as being leeches on the open source movement.

Snyder though also reports on some differing views. Some of these are that the whole notion of community is not all its cracked up to be.  That with the advent of commercial open source companies, the community can be co-opted for the benefit of the commercial company.

This is where I come in. I think it is terribly naive to think that commercial entities are going to be altruistic enough to do something for the good of another or even competitive commercial entity for the “good of the community”. I think it goes against human nature and the principles of capitalism.   By the way< i think this applies to individual developers. They don’t mind contributing their work, but not for the profit of a commercial entity and not their own.

If you are going to support the GPL, you have to support the good with the bad. You can’t expect people or corporations to do things against their own self-interests unless they are specifically compelled to.

So when we look at the who the leeches are in the open source world and what has spoiled the idyllic notions of Richard Stallman and the rest, perhaps commercial open source providers do a fair amount of blood sucking of their own?

Travelling to Denver today on Delta.  My flight is equipped with GOGO Internet so I am able to have full access while flying. It is really pretty cool.  The only thing is that when I signed up for it last week it was 9.95 for the duration of the trip. Today it is 12.95! Are they experimenting with pricing to see how much people are willing to pay?   Much more than this and unless I am on a 5 hour flight, it doesn’t pay.  Also with battery life being what it is, how much on line time are you actually getting.  But for now the novelty hasn’t worn off and am enjoying the freedom it gives me!

L-O-L-A, Lola, tastes just like cherry cola!  Lola by the Kinks, one of my favorite old rock songs. It wasn’t till much later that I realized what it was really about. But I couldn’t help but thinking of that line reading today’s headlines:

1. GM declares bankruptcy with the US Government to give them up to another 30 billion dollars and own 60% of the new company. Welcome to the car business President Obama. How did they go from worlds largest carmaker to bust in just a few short years? What are other countries going to think about what is in essence the nationalization of GM. How much creditability will we have when we talk about foreign governments protectionism of their car companies?

2. Citibank removed from Dow 30 to be replaced by Travelers. Wait, didn’t Citi buy Travelers? Yes they did, but it seems they choked on it and spun it off and now they will replace Citi on the Dow. Also joining the Dow is Cisco, taking GM’s spot. So finally the the big three in tech – Microsoft, Intel and Cisco are all on the Dow.

3. N Korea readying intercontinental missile, could reach US territory. How long is the world going to put up with these hoodlums? I heard an interesting fact last night that the average N Korean is now 3 to 6 inches shorter than the average S Korean due to poor nourishment.  If China doesn’t keep the dog on the leash lets just put it down.

4. Cybersecurity is now a national priority. Wasn’t it one already? Hey I am glad to see the President shine the light on cybersecurity. But before we get ourselves too wound up, shouldn’t we wait to see how this plays out. I have seen too many cybersecurity chiefs come in and be ground up by the DC machine.  I think many of us are flattered by the attention, but lets see how it translates.

5. Abortion doc shot down in church! Dr George Tiller one of the few doctors performing late term abortions was shot and killed in Church yesterday. He was performing as an usher and in front of his wife in the choir.  Whether you agree with the politics of abortion or not, who gives anyone the right to take the law in their hands like that. They call it the pro-life movement?

A shook up world indeed!

I received a few messages last night that the Security Bloggers Network and feed were down. Thanks to all of those who wrote me!  I checked with our friends at Lijit and it was just routine maintenance. The site and feed should be up this morning.  Remember you can get to the site at http://www.securitybloggersnetwork.com or http://www.securitybloggers.net. You can also subscribe to the RSS feed to get the content for the over 250 blogs in the SBN on the site.

In regards to the SBN, with RSA and Interop I have not been able to move ahead as quickly as I would like with all of the plans we have made with Lijit. However, summer is here now and it is time to get going.  First thing is a letter will be going out to all members of the SBN.  If they have not done so, we are going to require that all members register and display their SBN Lijit badge and search widget. If you have not done so, you can get the widget here: http://www.lijit.com/external/network_signup/sbn

Next up is expanding the SBN site to become more of a community portal and resource center for both security bloggers and the readers of those blogs.  We have lots of work to do on that. If you would like to be involved drop me a line or leave a comment.  We are also looking for sponsors to offset the cost Lijit incurs in hosting the site and feed.

Stay tuned over the coming weeks and months as some of these plans begin to take shape!

So despite his promises to the contrary, my bud Mike Rothman has been a blogging MIA pretty much since RSA. Hey I am sure he has a good reason, like some journey for self-awareness or something that is keeping him away.  Not even a Social Security Blogger award could get his juices flowing again.  So in Mike’s absence I am going to do another in my incite series with a bunch of short stories and even shorter commentaries.

Truth be told, I had too many things to write about today, so I blamed it on Rothman!

Have a great day.

1. InfoExpress does a press release on managed NAC – Last night I banged on InfoExpress for claiming a managed NAC service as reported by Tim Greene. It just didn’t sound like a managed service to me.  Well not sure if Tim jumped the gun or not, but today IE put out a press release on their service (though they still have nothing about it on the web site). To be fair the press release talks about more management of NAC than Tim’s article did.  But here is a bit of advice for the InfoExpress PR team: If you are going to have customer quotes in a press release, it may be worthwhile giving their name and title.  Just having quotes attributed to anonymous customers is a bit unbelievable. Something I would expect from NAC used car salesmen.

2. Mystery Virus plagues FBI and US Marshalls – It seems that a mystery computer virus (no not swine related) has hit both the non-classified FBI network and the US Marshalls network.  The FBI had to take down their network from the Internet, but it has now been reconnected. The US Marshalls service reportedly had 140 machines hit with the virus. They had to be taken down and are being disinfected as you read this.  I don’t have any more information on this, but there are rumors of a one-armed man being seen in the vicinity.  Where is Tommy Lee Jones when you need him?

3. Microsoft puts the heat on security vendors – Looks like my friend Charlotte Dunlap has herself a regular gig over at Forbes writing an infosecurity column sponsored by Juniper.  This time Charlotte writes about Microsoft rolling out a hosted email security solution as part of Stirling-Forefront. Charlotte is right on when she says that Microsoft clearly has Symantec and McAfee in their sights with Forefront.  I have written about this before as well. Go ahead and make fun all you want, Microsoft is serious about this and will keep at it till they get it right.  Of course I love the fact that they are partnering with forward looking security vendors (like StillSecure) and think there is a real opportunity to shake up the security world here.

4. How much work can you do on an iPhone?  Earlier this week I wrote about an iPhone being a Prius to Blackberry being Pinto (hey not my words, but some other author). In continuation of that story, Galen Gruman writes about using an iPhone instead of a laptop for a few weeks. I don’t know but I find it near impossible to write more than a sentence or two with my iPhone. Maybe my fingers are too fat or I just don’t have good hand to eye coordination, but I find it painful compared to my old HTC Windows Mobile phone to type longer then that.

Anyway, that is a wrap on this incite.  Good day to you Mike Rothman, no matter where you are!

Saw an interesting article in the German version of CIO today. It claims that InfoExpress is the latest NAC vendor to push a managed NAC service. It goes on to describe something that InfoExpress describes as CARE (Compliance, Authorization, and Rogue Enforcement). Just as a point of interest there is nothing on the InfoExpress web site that talks about this at all, other than a pointer to this article under news and events. Anyway, the way the article describes this “managed service”. It will have InfoExpress perform “evaluation of customer needs; developing a written proposal; certification of the hardware; defining and creating policies; configuration and periodic updates. Some customers might simply want help deploying the software but not ongoing policy updates.”

I don’t know about you, but at StillSecure we call that implementation and support. Lets not burden managed services with the same asinine definitions that so hampered NAC. This is not a managed NAC service! Helping someone set up your product is not managing it for them. It is helping them set up your product.  There is a difference. Unless you are going to monitor the network and stand ready to make changes to the network beyond the NAC product, you are not really managing the NAC solution.

The real reason behind CARE can be found later on in the article though:

The common thought behind InfoExpress's CARE service is that customers might want NAC but have trouble getting funding for a new technology because of budget restrictions. Without a hard return on investment from NAC, many CIOs and CFOs reject these projects, but perhaps will go along with it if they can get it for a relatively modest recurring cost, service providers say.

So while the customer owns the hardware, the software is sold cheaply on a subscription basis, rather than traditional licensing.  OK I can see that, but again that does not make it a managed NAC service.  It is a NAC product sold with subscription licensing.  BTW, the article says pricing is set on a case by case basis.  Again, does this sound a like fully-baked, scalable managed NAC service?  I don’t think so.  Both InfoExpress and the author of the article do us all an injustice even calling it such.

Authors Note: I just realized that this is actually a reprint of an article by Tim Greene in Network World

Image via Wikipedia

OK that is what Galen Gruman says over on InfoWorld.  I actually remember the Ford Pinto, it was a great little car until we found out that certain rear end collisions could ignite the fuel tank causing an explosion.  Since I have not heard of many Blackberries actually blowing up, I don’ think a Pinto is exactly what Gruman meant.  However, I do agree that comparing it to an iPhone for the most part is today looking at yesterday. I would probably pick a Duster or Pacer to a Prius though.

In any event I agree, while the Blackberry brought mobile email to the masses, the iPhone has brought web browsing, first rate phone and all of those apps besides email.  Blackberry has not succeeded in moving beyond email.  Now, if they could just do something about making the upgrades work better, Apple might be on to something!

Image via Wikipedia

On my laptop in addition to IE 8.0 and the latest version of Firefox, I also keep the latest version of Safari and Google Chrome.  While I don’t use the two latter browsers very much, I do occasionally log in with them and compare performance.  However since my password manager does not support those browsers and I use random passwords now, it is a pain for me to browse the sites I visit frequently and require me to log in to my account. As a result I primarily use IE or Firefox to browse (usually both are open on my desktop).

When I heard there was a new version of Chrome, of course the geek in me rushed over and downloaded it to see what was new and improved.  But like Preston Gralla says, the Chrome 2.0 upgrade can be underwhelming. The clean Spartan interface remains virtually the same, there are no new killer features. Unless of course you think speed kills.  This new version of Chrome is lightening fast! It was already my fastest loading browser before this upgrade and now it is sick fast. Yes Chrome does not have many of the bells and whistles that IE, Firefox and even Safari have.  But I really do like its clean interface and look and most important of all, I love the speed!

I just checked on my password manager (Roboform) and they will have a beta for Chrome by Q4.  Maybe then I will start using Chrome more.