3x09_3x10

If only I believed in random overzealous patenting. Until then, here is a suggestion for RSA...

1. Take a SecurID SID800, add a bigger chunk of flash memory to it
2. Make a model that is bootable and maybe one that has a VM on it
3. In that bootable environment or VM include Terminal Server, SSH/X, and NX clients
4. Make it so the device will only pass the OTP while within the boot or VM
5. And don't forget step two.five to add a VPN client or three
6. Advertise it as a malware proof enhanced RAS solution and partner with MS, Red Hat, Citrix, etc. to enhance integration for remote printing, etc.
7. Make loads of dough (whole grains please)
8. Press out some pasta (I suggest adding basil like my lovely wife does)
9. Enjoy your meal as the money rolls in

In a later revision develop a system whereby the core OS on the device can be updated live after confirming the OTP and some enterprise provided management code.

Oh, and for step ten you can give me some money. And have it all done by morning. Thanks, -Ali

It's depressing to me how I can be so scattered while other people can create pentesting trees for the masses. Available in a poster too. I think I'll make it a homework assignment for myself to spend time contributing to that tree soon.

One completely disorganized and random thought is to include scoping out the closest airport and coffee shops that employees of a given organization frequent. I have found it's much easier to footprint a typical client or passively gather information about a network by utilizing an employee's off-site asset as a proxy. Provide an 'open access point' near them and voila! Cheers, -Ali

ScienceDaily has a story on pharmaceutical industry advertising expenditures relative to R&D. If the research is anywhere near validated, which I believe it will be, then this should become the first Michael Moore sequel. (I think I'm going to need some sort of pill mentioning that man but still.)

Those World Series, Super Bowl, and Oprah spots don't come cheap. Did I say just say Oprah? -Ali

I was fortunate enough to be given an iLiad for the past six months. At first I couldn't believe my luck and loaded many books and PDFs onto it, in some cases giving away the hard-copy versions I had to save shelf space. Woe is me... wwwoooooeeeeee is me... *groan*

Before you get the wrong impression let me say the iLiad was a great recreational book reader while on travel. The screen was good, features adequate, battery life sufficient, and a great space saver.

I seem to have turned some friends onto commercial intelligence services inadvertently. However, there is a huge breadth of (potentially better) resources open to anyone and everyone. Some tools and tutorials, a decent blog, and a loud mailing list that should all be seriously considered. Then your own bookmarks, RSS, etc. will eventually be your mainstay. Cheers, -Ali

The US, China, and many others called the North Korean nuclear disclosure delay a minor hiccup. A much more accurate description of the situation exists. -Ali

Over the past eight years I've toyed with various software updaters that range from hose-the-system-bad to hose-the-system accuracy and quality. In the past week I've had better luck on my extended-family systems using Secunia PSI. Give it a try on your family use Wintel machines and save yourself a few phone calls in the future.

Where are the single-quotes and *boggles* and misplaced apostrophes? It's been a long morning. -Ali

In no particular order:

• Mobile malware will be responsible for toll call fraud. Somebody, somewhere, is working on a mobile network botnet infrastructure to disrupt services. Somebody else, who owns the building the first somebody pays rent to live in, is working on a mobile network botnet to accommodate organized crime telephone fraud.
• The end of the ITSec independents. We'll see the end of the smaller shops as they're absorbed into larger companies, private management firms, and other shops that have many more lawyers, proposal writers, and Government contacts for contracts. Either that or In-Q-Tel will expand their operations significantly to make sure some of the smaller innovators get the appropriate guidance without getting lost in the mix of old timers. Remember 2006? I think 2008 will be at least twice as big as companies start seeing new regulations and cyber panics squeeze out from under the doors of Industry and Government.
• The 'Great Firewall of New Hampshire' goes online. While I doubt New Hampshire, being the Free State and all, will be the first but I expect State legislatures to start going down the naive road of more ISP filtering and monitoring. This will lead to a lot of other genius initiatives like State control over IDS, DRM, QoS, etc. Actually, I'm being naive, this will almost certainly come down from the Federal level first. And, mark my words, part of the justification will be to defend against foreign adversaries whose networks are more closed to us therefore to protect ourselves we need to close our networks. Sound familiar?
• Power usage will become a competitive factor. Expect to see vendors start advertising their battery friendliness, low overhead, small footprint, and operating costs including power usage. Some already do but I think 2008, with continued pressure in the Energy sector, will cause most customers to seriously look at all computer asset overhead. An AV that uses 10% less power will get scored higher in corporate reviews. Don't ask me how they'll prove it but you know they will.