Disqus - Latest Comments for Rob Lewis

Re: Should We Focus on Vulnerabilities or Threats?

Rob Lewis — Thu, 30 Oct 2008 09:55:21 -0000

In light of this discussion, would it not be advantageous to look for something that prevented software vulnerabilities from be enacted on? Does that not kill 2 birds with one stone?

Re: Should We Focus on Vulnerabilities or Threats?

Rob Lewis — Fri, 31 Oct 2008 13:30:45 -0000

Timm,

My question was supposed to be a bit of rhetorical . We are a decade away from secure code,(have millions of legacy bugs probably) and application firewalls are not up to snuff yet either.

Re: McCain/Palin Supporters Dissected

Rob Lewis — Wed, 05 Nov 2008 20:11:45 -0000

Observing an American election can sometimes be like watching Tweedle-dee and Tweedle-dum.

Daniel, you are a smart guy, but don't get caught by the curse of knowledge. There may be some truth in what you say, but a friend once taught me that "you catch more flies with honey".

Why should the world believe that Americans respect anyone else when apparently, they barely respect each other?

Re: A Crazy Idea Regarding the Obama Administration and Security

Rob Lewis — Fri, 07 Nov 2008 12:25:29 -0000

Thinkers are a dime a dozen. Presidents have always had technology advisory committees. Have they been beneficial?

Besides, what have any of these guys done lately? LOL. We need innovators, not thinkers !!!

Re: A Crazy Idea Regarding the Obama Administration and Security

Rob Lewis — Sat, 08 Nov 2008 13:43:12 -0000

@shane,

Maybe I was being a bit facetious, but intentionally.

Lessig is a great thinker, but security is not his focus as far as I know either. Schneier is driving thinking about security theatre. Cryptography is a great tool that no one in business likes to use. Dr. Roger Schell, father of the Trusted System Evaluation Criteria (TCSEC) standard, commonly referred to as the Orange Book, calls cryptography "the opiate of the naive". The reason, one does not need to break it if one can easily steal the keys from insecure systems. Of course, we do still need it in the meantime.

Ranum is a recognized innovator and knows and writes more than anyone about what would be required to fix the system, but is regarded by many as some kind of heretic because he tells it as it is, and his version of truth is too painful and too hard to swallow. Bejtlich is fantastic at getting the most out of a broken model, but true innovation means fixing and changing the model, not reacting faster.

The basis for my sarcasm was a statement by Guy Kawasaki, who said:

"Those on the first curve are unable to comprehend, let alone embrace the second curve".

If this is true, then anyone on the first curve will be unable to innovate. I explored this position in a short essay in an Amazon review of "The New School of Information Security" under the title

"Not much "new school" in The New School of Information Security" found on this page:

http://www.amazon.com/review/product/0321502787/ref=cmcrdp_synop?%5Fencoding=UTF8&showViewpoints=0&sortBy=bySubmissionDateDescending#RTBEMAG1DJOQU

Is this the reason why we do not see any innovation in IT security? Something to think about.

Re: The Connected Web: Why It’s Time For Strong Authentication

Rob Lewis — Thu, 21 May 2009 08:01:51 -0000

At what point does authentication as a proxy for authorization become inadequate, in terms of data level acess or behavior enforcement?

Re: Should We Focus on Vulnerabilities or Threats?

Rob Lewis — Thu, 30 Oct 2008 09:55:21 -0000

In light of this discussion, would it not be advantageous to look for something that prevented software vulnerabilities from be enacted on? Does that not kill 2 birds with one stone?

Re: Should We Focus on Vulnerabilities or Threats?

Rob Lewis — Fri, 31 Oct 2008 13:30:45 -0000

Timm,

My question was supposed to be a bit of rhetorical . We are a decade away from secure code,(have millions of legacy bugs probably) and application firewalls are not up to snuff yet either.

Re: McCain/Palin Supporters Dissected

Rob Lewis — Wed, 05 Nov 2008 20:11:45 -0000

Observing an American election can sometimes be like watching Tweedle-dee and Tweedle-dum.

Daniel, you are a smart guy, but don't get caught by the curse of knowledge. There may be some truth in what you say, but a friend once taught me that "you catch more flies with honey".

Why should the world believe that Americans respect anyone else when apparently, they barely respect each other?

Re: A Crazy Idea Regarding the Obama Administration and Security

Rob Lewis — Fri, 07 Nov 2008 12:25:29 -0000

Thinkers are a dime a dozen. Presidents have always had technology advisory committees. Have they been beneficial?

Besides, what have any of these guys done lately? LOL. We need innovators, not thinkers !!!

Re: A Crazy Idea Regarding the Obama Administration and Security

Rob Lewis — Sat, 08 Nov 2008 13:43:12 -0000

@shane,

Maybe I was being a bit facetious, but intentionally.

The basis for my sarcasm was a statement by Guy Kawasaki, who said:

"Those on the first curve are unable to comprehend, let alone embrace the second curve".

If this is true, then anyone on the first curve will be unable to innovate. I explored this position in a short essay in an Amazon review of "The New School of Information Security" under the title

"Not much "new school" in The New School of Information Security" found on this page:

http://www.amazon.com/review/product/0321502787/ref=cmcrdp_synop?%5Fencoding=UTF8&showViewpoints=0&sortBy=bySubmissionDateDescending#RTBEMAG1DJOQU

Is this the reason why we do not see any innovation in IT security? Something to think about.