[SecurityRatty] tag: dried

SDL Press Tour Announcements

Tue, 16 Sep 2008 12:04:00 +0000

Steve Lipner here.

Last week I participated in a “press tour” talking to press and analysts about the evolution of the SDL. Most of our past discussions with press and analysts have centered on folks who follow security, but this time we also spoke with publications and analysts who write for software development organizations. I was struck by the extent to which the folks who focus on development have been grappling with many of the issues about developing secure software that we’ve focused on here at Microsoft.

Security beat reporters, whom we have been working with for years, have been exposed to a regular stream of news on the latest bugs, worms and viruses, and Microsoft’s ability to react quickly to customers affected by those attacks with patches has been the industry story for many years. Last week, I had an opportunity to get out and tell the other side of the story – what we are doing proactively as a major software vendor and platform provider to help eliminate vulnerabilities during the development process. Based on feedback from reporters and analysts who know this space, our work to take Microsoft’s SDL best practices and share them externally has clearly been a need in the industry for a long time.

The specific occasion that motivated me to spend a week in conference rooms, airplanes and hotel rooms was today’s announcement of new initiatives in sharing aspects of the SDL with the development community. These initiatives don’t make secure development a “cut and dried” process, but I believe they will take things one step further toward enabling developers to build more secure software. I’d encourage you to look at our announcements. I’m really excited that we’re taking these new steps to share more of our secure development practices and tools with developers who need them.

As always, we’d welcome your feedback about these new programs and what we should do next.

I took the plunge for an iPhone 3G

Sun, 13 Jul 2008 16:56:13 +0000

When the original iPhone came out I thought it was pretty cool, but at the end of the day it did not do for me what my Windows Mobile Smartphone did. Namely gave me 3G access speed and Exchange integration. Those two things alone were enough to keep me a Windows smarthphone user.

As I wrote earlier July 4th my phone got wet in my backpack and though I have blown dried it often since than, it has just never come back. I can make a call now and than and use, but you never know when it is going to whig out and I have to reboot (actually it was like that before it got wet, but it is much worse now). So having had this phone over a year, it really was time for a new phone.

I was not totally sold on the iPhone and it was not my only choice. I wanted no part of the lines and crowds, so I waited until Saturday to go to the ATT store and see what my options were. Frankly, I didn't have many options. The upgrade for my current phone is the HTC Tilt. Nice phone and I would consider it, but not at the $450 dollars that they wanted to charge me. After that, there was the Blackjack, not interesting. A few others and than Blackberries. I need the Exchange integration. So when it came down to it, you could not beat the $199 price for the iPhone. The 2 year contract didn't scare me, as I am at ATT wireless user for about 10 years already. The only bad part is that they did not have any in stock and I had to order mine. It should come within 5 to 7 days, but all set up for me to just plug in to iTunes and away I go!

So a few more days of this water logged brick and than on to joining the "mod squad".

Dyre Portents Blog is having a Blogger Food Drive

Tue, 13 May 2008 09:24:59 +0000

The rising cost of gas has become a real burden on the working poor causing many to turn to food banks to make up the difference. The increased demand is causing food banks to go bankrupt. My local foodbank here in San Antonio has asked my workplace to do a beans only food drive in order to be able to provide as much healthy food as possible.

So it occurred to me that since dried beans are cheap, I have a blog, and bloggers love to see their Technorati ranking go up that I might be able to help out a few more families by trying to harness the power of blogtopia.

http://crapomatic.blogspot.com/2008/05/pimp-your-blog-here.html

Take a minute to Paypal her a buck or two and help those who are in need.

Let me know if you do and I’ll put you in this months drawing for a SpywareBiz mousepad!

Reindeer meat and a new industry portal

Tue, 22 Apr 2008 13:58:16 +0000

It was good to bump into many familiar faces around Infosec at Olympia today. In fact, it was a good day, period. I encountered one of the event team soon after arriving who was positively beaming about the great start this years event had gotten off to. I'm slightly biased, after all, I work for the same organisation that puts on the show, I walk past the event team in the office on a frequent basis, and I'm told they can make even the heaviest stappler aerodynamic however, in my opinion today was good day! My favorite exhibitor is the Swedish company, BehavioSec. They have a desktop product which can instantly identify unauthorised use of the computer by detecting anomalies in keyboard and mouse behavior. They were giving out free packets of dried reindeer meat on their stand - I'd rather eat the plastic wrapper that it came in however the product (the software, not the meat) is good, and it's innovative. And innovative products is something I wish more vendors would have. Another product I liked was from Pinoptic. They specialise in "Visual Probabilistic One Time Password Solutions - Authentication security using symbols, pictures and images." It's an alternative to token based two-factor authentication and provides an API for bespoke development (e.g. for website access). Whether either of the above two products can be put to good practical use at a good price is something to find out. If you've got any experience of them then why not share it on the new Infosec website: http://www.infosecurityadvisor.com/. This is an excellent new industry portal providing product reviews, blogs, expert advice, career guidance, and an online job board. There are too few good online vendor neutral information security resources; this one promises to be a winner and I've got no qualms about encouraging your support.

The Moo Security through Sacredness

Wed, 29 Aug 2007 00:30:13 +0000

I am currently in India, attending my dad's health concern. I stay awake at wee hours, still recovering from the jetlag. Cow is considered a sacred animal in India for multitude of reasons:

1. Cow gives milk which is a main source of protien in many parts of India.

2. Diluted cow's milk is given to newly born baby in cases where mom is not lactating hence elevating the status of a cow to that of a mom.

3. Cow's dung can be used as manure and also dried dung cake is used as fuel.

4. Cow's urine is used as a cleansing agent and also for other medicinal purpose.

Cow is considered sacred because of its utility value to common people. Cow roams around in the streets of my hometown freely and they are unharmed because they are sacred. By being sacred, cow is the most secure animal over here.

Security function is considered as an extension of IT, it is an overhead of an overhead - it is not sacred. Security function usually is the foremost to feel the pinch due to IT budget cut. A good way to make security function "secure" is to make it sacred. There are standards like ISO27001, COBIT which are well respected and considered sacred in the security domain. By conformance of security function to such standards we can not only create a perception of "sacredness" for the security program but also communicate value of the program easily through the standard's framework.