Rational Survivability

Security-related news from the week…

Two hundred grand
is what you’ll pay,
for that illegally-scored music
says the RIAA.

Big data breaches make a really bad rap,
Think ABN Amro, eBay and the GAP.
Retailers recovering from a big breach black eye
Tell the Payment Card Council
"We hate PCI"

The Representative’s children
download images of lust
He thrilled some high schoolers
with an eyeful of bust!

The Feds were determined
to save Arnie’s day…
nuked ca dot gov
and the ‘Net went away

Extra screen RC toys,
says the ole TSA
next thing you’ll know
they’ll take your Webkinz away

The poor DHS
they’re feeling quite small
They DDoS’d themselves
with a big "Reply-All"

Microsoft’s looking
to increase their wealth
by putting online
your records of health

You’d think that a government
like that of Big Mass.
wouldn’t send out my social
and show their incompetent ass

The experts are puzzled
they say "Storm’s a bot!"
The one thing they’re sure of
is something it’s not.

It’s not easy to corner
it’s causing us fear
for the nextgen of malware
is already here

The Great Firewall of China
Oy!  Vadda mess!
Now it turns out
they block RSS!

The House Committee on Commerce
probes the wiretapping NSA
While the Air Force tried bombs
to make enemies gay?

And finally a comment
on Ex-czar Richard Clarke
whose ideas on security
leave our rights in the dark

We don’t need any more laws
to control what you can’t,
stick to fiction my friend
I’ll take care of the rants

/Hoff

This week in security,
it’s time to review.
What new vulnerability
are you subject to?

Let’s scan Full Disclosure
and find us a bug.
Some new crafty malware
from a cyber-crook thug?

What poor security choice
has some CSO made?
First the VA, then Pfizer, 
now A-mer-iTrade?

All things virtual are scary
vulns are real, take a look
and the TSA’s profiling
your choices of book

Some MIT looney
with a fake bomb on her chest
almost got lit up
by New England’s best

Compliance and legal
are all such a mess
Sarbanes-Oxley and HIPAA
PCI’s DSS

Raytheon bought Oakley,
Shimel got GoogleJacked
while some poor Joe from CITI
had his LimeWire hacked

Peer to Peer and those BotNets
will be our dear network’s death
The next malware vector is
ye olde PDF!

Maynor’s been holed up
with guns, pills and code
Now the statutes are lifted
he’s blowing his load

Curphey’s gone Blue
Ptacek’s gone MIA
Newby’s gone English
Mogull’s rejoined the fray

McAfee’s Dewalt
went on a tirade
seems that cybercrime’s
bigger than the world’s whole drug trade

De-perimeterization,
the Jericho way
doesn’t mean sell your firewall
on Craigslist or eBay

To model or measure
metrics or SWOT
Just don’t define Lindstrom
as something he’s not

Rothman’s now helping
Grandma secure her kit
from malware like trojans and botnets
and shit

Pescatore says we need Security-three-point-oh.
InfoSec costs too much and has nowhere to go
He casually proffers his bold Gartner bet
by the year 2010 we’ll be ahead of the threat.

That’s it boys and girls
till I rhyme once again
Stay happy, stay secure
and now…
EOM