OK, whoever named this product should be shot:  Ashampoo Magical Security.

However, as much as I love sprinkling on the Magic FISMA Fairy Dust, “Magical Security” is craziness.

I won’t go into too much detail on hackers, shampoo, washing, and South Pacific.  I have a feeling I’ll get plenty of comments to that effect.

• Stands Alone
• An Open Letter to the Next President of the United States
• Blog Statistics and Search Strings
• A Little Advice From Mike and Lee
• Got Training?

So we had a great bit of weather yesterday.  I had just gotten back from lunch with Chris from How Is That Assurance Evidence (pretty smart guy, similar content to myself, worth checking out some time) when  I got a tweet from the National Capitol Region Battlespace which is a civil-defense kinda organization but they have a good condensed tweet feed.  Anyway, the contents was this:  “Severe weather has entered NCR. Frequent lightning, tornado warnings for VA suburbs.”  Ooooh, tornado drill time, shut down the home servers, make sure Mrs Rybolov is wearing real shoes not sandals and get ready to bolt to the basement when you hear the train coming through your house.  Where’s Mogull to make a pithy saying about how twitter might have finally gotten a legitimate use.  =)

Meanwhile, less than 5 miles away at Dulles Airport, Jennifer Leggio was grounded and all but abandoned by the UAL crew who headed to the bunkers, so she had to wheel an elderly nun to safety (BTW, that’s fairly heroic/good-samaritan-like all things considered).  I think she finally got home today around late afternoon.

Parts of the DC area lost some power (Falls Church proper still doesn’t have power), including my server, which didn’t come back up when the power came back on because, well, I borked up LILO previously and didn’t know it.  After a trip over to see it this afternoon, everything is back to working.

Now from a blogging sense, this was the worst time for me because the day before I put up a slideshow about “What you can learn from the US Government” and now that my server’s back up, I’ve most likely dropped off everybody’s rss feeds.  The preso’s still there, go check it out.

After the storm blew through, NCR Battlespace sent the link to this beautifully evil picture of clouds in Alexandria:

Impending Evil photo by Joseph J D’Angelo

• Workin’ for the ‘Counters: an Analysis of my Love-Hate Relationship with the CPAs
• A Little Advice From Mike and Lee
• Super Secret Security Control You Were Never Meant To See
• DHS is Looking for a CISO
• Moving

Interesting blog post at Freedom to Tinker about government releasing the raw data.  It makes the security geek in me cringe because well, most of the data that the government has is PII, and I know that the typical government reaction is to say “not only no, but h*ll no!!”  I mean, after all, most of our goal in the Government is to keep the data from reaching the citizens and evil-doers–giving away data is a cultural clash.

Yes, transparent government is a pretty good goal.  I think the authors of Freedom to Tinker have forgotten that not all Government data is fit for public consumption.  The problem is one of sanitization:  how do you clean all of the PII out of data before you release it to the public?  Not only that, but because of the size of the data sets, most likely you need an automated method to sanitize it.  I think that because of the sanitization factor that the Government would not gain that much efficiency by outsourcing the data presentation to others.

As with all things in security, this is nothing new.  There’s a little-known project (First Rule of “Fight Club” being what it is…) known as Radiant Mercury that does exactly this with classified data.  You can check out the basic concept in quasi-official presentations here (.pdf caveat) and here.

If we were going to make all this data available, we would need an unclassified version of Radiant Mercury to filter out all the PII and “Sensitive but Unclassified” bits.

Now as far as letting second parties build interfaces into the raw data, I’m torn on it.  On one hand, private industry can provide access to data “Now at Web 2.0 Speeds!” but on the other hand, then the Government loses control over the presentation and, by extension, accountability for the content.

• Database Activity Monitoring for the Government
• Civilians Ask “What’s With All the Privacy Act Kerfluffle?”
• Random Thoughts on “The FISMA Challenge” in eHealthcare
• “SBU” Must Die
• It’s a Problem of Scale!

In amongst all the usual ISC2 spammings, this one should perk the interest of my blog readers:  The Government Information Security Leadership Awards.  Nominations are open until July 25th.

• Downtime
• Business Leadership Training
• AppSec DC Press and Themes
• Stands Alone
• Transparency in Government: Just Give us the Data!

Nice, somebody added up all the security events in Northern Virginia and put them in one place. Not only is this a good idea, but I have no less than half a dozen events happening every month within 2 miles of where I live.  I now have a busy social calendar and I have to manage my “copious amounts of free time”.

Things haven’t been this happening since the Army of the Potomac invaded.

• Learning GovieSpeak: The Plum Book
• Federal CIO Council’s Guidelines on Security and Social Media
• Communicating the Value of Security Seminar Preview
• Jeff Jones and Flameproof Underwear
• Super Secret Security Control You Were Never Meant To See

Oh yes, maybe I ate too much sushi last night, but I’m now adding a LOLCATS section to my blog over in the categories.  Stay tuned for moar.

• Lolcats and QR Codes
• Lolcats, Capital Hill, and a Haiku
• Lolcats Coming to you from the Cloud
• The Authorizing Official and the Lolcat
• LOLCATS, Eric Schmidt, and Privacy