StillSecure, After All These Years

I started blogging about 2 and half-years ago because I felt like it would be fun to add my two cents to the public debate.  When Brad Feld introduced me to the Feedburner guys I was given an insiders view into the quickly developing blogging world.  When Feedburner started networks, I thought it would be interesting to start a network of all the security blogs that I was reading.  I also inherently knew in my gut that eventually there would be some common good that would benefit all of the members of the network by aggregating our content and buying power for ads. I also believed and still do believe that there are other ways that a network such as the Security Bloggers Network can be a force for good.

However, reading the SBN feed tonight I was just blown away! From being on the road, I had not read the SBN feed in my Newsgator reader for almost 2 days.  I had over 160 articles cued up in the feed.  Forget for a moment that the Security Bloggers Network now has over 160 blogs and a combined feedburner subscriber base of almost 67,000 readers!  The content is king.  Going through the articles I could not believe the total coverage, the ongoing commentary and give and take, but most of all it was the quality.  There are so many great members of the network who are just so damn smart and are writing about such important stuff.

I am humbled and incredibly proud of the what the Security Bloggers Network has become. If you are interested in security, whether it be the technical aspects of security, the business of security or the security industry, you cannot afford to miss this SBN feed. 

We are kicking around a lot of new activities and ways to publicize the member blogs of the network over the coming months.  Stay tuned for details, but in the meantime keep reading, you won't be sorry!

I had every intention of blogging during the long holiday weekend. Catching up on email and work at some point was on the agenda as well.  However, this morning in the middle of email my laptop froze up.  I could not do anything with it and so had to power down.  On start up I got a missing media notice and it looks like my hard drive went kaput.  Luckily my Windows Mobile phone has everything I need to stay connected. Email, typepad blog platform, etc.  Well we went to my family in Hollywood Beach for a fireworks display and BBQ tonight.  I left my phone in a backpack, so I would not take it in the beach or water with me.  Great, it rained, the backpack got soaked and my phone is down now too! 

So I think it is God telling me to go off grid this weekend.  I am writing this on Bonnie's desktop machine. The kids are staying with my cousins and Bonnie and I are headed down to Key Largo for the weekend.  I have her spare pink Razor with my Sim card for phone calls, but that is it.  No email, no computers, no blogging!  Speak to you all Sunday night or Monday, enjoy your weekend!

Hopefully, I had one article written scheduled for tomorrow morning. I hope it publishes.

Rich Mogull has been writing a bit about his disagreement with a the SecurityRatty site posting his content (original posts here and here). These posts have set off a rash of comments and other articles on both sides of this issue. Finally Rich wrote his defining post on this topic here. Rich's position is that he owns his words. Ratty took them without his permission, ads nothing to the conversation or commentary at all and actually hosts the content rather than just linking to it. Now for those who don't know, SecurityRatty is a site allegedly owned and operated by some Russian CISSP dude. Basically, they claim they are an RSS aggregator and they just republish blog posts in their entirety. A couple of things to note though:

1. SecurityRatty does not usually add any content of their own or edit the posts in any way
2. They link back to the blogs or articles which are aggregated
3. They do appear to sell some advertising on the site
4. You can search their aggregated content on their site
5. At least recently they are removing content and feeds from their site if you request it.
6. They did not ask anyones permission that I know of before posting content

OK, now that the groundwork is laid, let me give my Shimel view on this. I disagree with Rich. Hey it is a big world and I think there is room for a dissenting opinion here. The reasons I disagree with Rich are:

1. Though Ratty plainly posts up others content, he does not hold it out as his own. He plainly gives credit to those who actually created the words and in fact links back to their sites.
2. Rich is publishing his data under a creative commons license, I am not sure if the meager ad on Ratty would qualify this as a commercial site.
3. Rich distinguishes what Ratty does from Google and other search engines (who clearly profit from Rich's content) by the fact that they just point to it. Not all together true. They also keep a cached copy of the content that you can go to as well.
4. The fact is that I have a tough time seeing any harm to Rich here. In fact if Ratty were not pointing back to Rich's site, if he did not make it as easy to see that it is just an aggregate feed or if Ratty were adding his own comments and not clearly delineating his from Rich's, I would feel differently. Some of this is directly in contrast to Rich who says that if Ratty did add his own views to Rich's, that would make it right by him.
5. Finally, I would go even further than Rich not being harmed by Ratty. I think Rich actually benefits from Ratty. It is yet another outlet for Rich's content and though not everyone reading it at Ratty may go back to Rich's site, they do know it is him and can go back easily. In fact if Rich did advertise at his site, I could understand him losing hits at his site. Otherwise if Ratty just pointed back, one could say the more hits Ratty generates, it could cost Rich more money. Much like people who link to graphics hosted elsewhere.

So, Rich I see that Ratty has stopped aggregating your content so that should be enough of a victory for you. In the long run though I think it is a Pyrrhic victory and you would have been better off with Ratty publicizing your words.

One of the cool things about the first dot com bubble was the "ebay millionaire". These were people who built businesses around selling goods at auction on ebay.  There has been much written and said about the methods of these people and certainly it was a big attraction to people selling on ebay.  I had an interesting plane ride home today where I met someone and discovered todays equivalent. I call it the StubHub millionaire. It  is a testament to American ingenuity and shows that given the tools, people will find a way to exploit and make money.

Up until fairly recently you bought tickets to sporting events and other entertainment from a box office or ticket agent such as ticketron.  The "after market" in ticket sales or scalping as it was called in NY was often times illegal.  There were though some legal ticket brokers that you could buy tickets from. Now with the advent of StubHub and similar type of ticket reselling outlets on the web though, the infrastructure is in place for anyone to sell tickets on line.  You would think that most of these people selling tickets were people who had either extra tickets to an event or perhaps a season ticket holder looking to unload some tickets to help defray the costs. Not the case!

There is a now a whole class of businessman who buys season tickets to multiple teams, sports and cities and than uses outlets like StubHub and others to sell these tickets.  The guy I spoke to today had season tickets to 6 different NFL teams, 3 major league baseball teams and multiple basketball and hockey teams.  Many of his tickets are sold months and weeks before the event. If any are left within 14 days of the event he puts them on ebay.  His average mark up is about 40 to 50% of face value, but by buying season tickets he pays below face, so his actual margin is closer to 60 to 70%. He keeps a few tickets for him and his family to go to a few games a year. 

This started as a hobby for him with Yankee season tickets, but he has done an analysis and compared to what he would make investing that money in the market, he has come out way, way ahead.  He thinks that on a 12,500 investment, he makes about 40k!  That is not bad.  This year when all is said and done he will make six figure income from the resale of tickets he bought.  Think about it, no office or anything.  Just list your tickets and let people buy them.  Take some of the money and buy more tickets.

So what the heck am I doing trying to show people why it is important that they put good security in place on their computers?  There has got to be a better way.

First it was Bradford Networks announcing they had raised another 8 million dollars in venture funding to help them break out beyond the edu market. Now comes word that Forescout has raised a like amount  amount of additional capital. This was based upon a 80% growth rate for Forescout.  This is well below the numbers I have seen Ray, Ken and Gordon throw about in interviews and at presentations.   I guess you can spin all you want about how many customers you have or have won, but when it comes to raising cash, you can't play as fast and loose as you do in your marketing.

Also this is a series E round for Forescout and brings their total raise to 44 million dollars.  That makes for a tough number to make work.  They need to roll some hard ways to make that bet pay off.  I was led to understand they just raised 6 million last September.  That makes 14 million in a little under a year.  Can you spell big B-U-R-N. 

The thing about both of these raises is that in the present market, just like the gas you put in your own tank, the gas these NAC vendors are putting in their tank is I am sure quite expensive!

For a long time I have been writing and speaking about the many ways that NAC can help with securing your endpoints and your network. Yesterday, Tim Greene lays out some good reasons for NAC and the many ways it can help.  However, he couches it in terms of NAC as a personal firewall.  I am not sure I agree with that one at all.  Personal firewalls are usually thought of as host based security on the endpoint.  While NAC certainly has an aspect of that, NAC is inherently about networks as well.

I am reminded by this article of Senforce.  They had one of the best personal firewalls in the market and were often called a NAC solution.  But when you spoke to Nolan Rosen and the folks at Senforce, they would tell you that they were not a NAC solution, but needed a network based NAC component to compliment their product.  That was the basis of a partnership we had with them.  In any event, I think we are seeing NAC used for a variety of uses and we will continue to see it evolve in the market.

A while back I wrote about how much I liked the Xobni email add on for Outlook. A short time later I heard rumors that Microsoft was buying them, but that appears not to be true at this point, though I still think it makes a lot of sense.  In the meantime, I have continued to use and be impressed with Xobni.  I have come to rely on its ultra fast search and the way it organizes threads of conversations and groups of people, as well as attached files.

An interesting thing though about Xobni. As I was given invitations, I would send them out to people I know.  Though many of them liked the functionality of the product, they said that it slowed their Outlook to a crawl and just did not think the performance hit was worth it.  Maybe I got used to the slowness or I am just not seeing it, but I did not see what they saw. In any event, many people were not using the product.

Well the Xobni folks just released a new version of the product that promises improved performance. I hope that helps those people who were complaining about this. It also offers several other new features, the biggest being LinkedIn integration.  I really like this LinkedIn integration as it gives you yet another layer of information on the people writing to you. All in all, I think this just makes the product more indispensable than it is already.  It is now available to the public, so I would encourage you to check it out for yourself!

For a while over the past few years it seemed like there was a security show a month. It got so watered down that it was hard finding any value in some of these shows. Over the last few years though in a case of natural selection I guess, many of these shows began falling by the way side. This past year I have attended a few good shows and over all I would say the shows have been better attended. I think shows that have great content and not just a trade and exhibit floor provide the value that people want to see.

In any event, the folks at SC Magazine first approached me about show they were planning in the NY area, around the time of RSA. I think a good security show in the Northeast would be great. I also have a lot of respect and admiration for the Haymarket Media group who run SC Magazine. So I am really happy to write about the first SC Magazine World Congress taking place December 9and 10th at the Javits Center in NYC. I will be there for sure and hopefully you will be too! Mark your calendars.

It's not often that security issues make mainstream media outlets. So when I saw this article on cbsnews.com I wanted to see what kind of "investigative journalism" the same folks who do 60 minutes would bring to the story. The story takes the particular case of Direct Marketing Services, Inc, the parent company of Montgomery Ward. It does a good job documenting the breach, the discovery of the breach and how the company complied with credit card company rules by notifying Visa, Mastercard, Discover, etc. but did not notify the 51,000 potentially affected customers. It also does a nice job of giving credit to Affinion Group Inc.'s CardCops for spotting and discovering this theft.

The article than goes on to say that 44 states have passed statues making disclosure and notification of security and confidential breaches to affected consumers mandatory. The article does caution though that based upon the volume of data being sold in "online black markets", there are many more breaches than we are being told about. I think it good that CBS bangs the drums on this, but frankly that "evidence" is a bit flimsy. I also found it gratifying that the article blames the credit card companies themselves for not doing more to publicize these breaches, so that they don't have to issue new cards. Just goes to prove what has been written before, that in the bigger picture the cost of doing business may include the risk of compromised data and big business has determined that that is a risk worth taking.

Dark Reading had a good article today talking about GuideWorks, the TV Guide/Comcast joint venture's 2 year odyssey with NAC, which finds them finally starting to see some good results. I immediately went to the website of the NAC used car salesman to see if they claimed them as a NAC customer too, but didn't see anything yet. But with those guys you never know.

Seriously though folks, this story is a classic NAC story. GuideWorks had guests and unmanaged users visiting their offices all the time. When they would ask to plug in they were told sorry, wait till you get back to your hotel. Over time this answer became unacceptable and they realized they needed a way to give these people a way to get on the net and get their email while keeping their network secure. This very same need drives many initial NAC deployments.

Like many other NAC customers they wanted something easy, not add major overhead or network changes and easy to administer. Again straight out of the NAC playbook. In the Summer of '06 they began a pilot of the Tipping Point NAC product which is based on the old Roving Planet technology. Now Roving Planet was more of a wireless security company, but near the end they rebranded themselves as NAC and Tipping Point uses that with their IPS devices to enforce. Best of all for GuideWorks the price was sub 10k.

Here is where the other side of NAC comes in. This is what the article says:

While NAC tools are often advertised as plug-and-play, GuideWorks found that the NAC setup required a high level of networking expertise. Fortunately, the Inglewood site had plenty of technical expertise because that’s where many of the company’s developers are stationed. In addition, GuideWorks put one of its front-desk employees in charge of setting up new accounts. But because her technical background was limited, the company had to walk her through a learning curve.

Now the company is planning to deploy the system at its Radnor office, which will be a bit more challenging since there’s less technical expertise there, and that office gets a greater number of visitors. So GuideWorks has been on the search for employees to support the NAC system there. The company expects to have NAC up and running there by the end of the summer.

So 2 years after trial they are rolled out in one office and have to hire employees to support the NAC system at the next office. This was a problem with many of the failed NAC companies over the last few years and I think the problem with this Tipping Point solution. Just providing guest access should not be that hard! Yes the StillSecure Safe Access solution would have been much easier and faster to implement, but to be fair, any of the leading NAC solutions would have been up and running easier as well.

While this article was supposed to serve as reference and case study for the Tipping Point NAC solution, it is far from inspiring. If I were a customer looking into NAC, I don't think this would make run out and look at the Tipping Point solution. Moral of the story is, just because you made a good IPS doesn't mean you have a very good NAC product. When it comes to something like NAC, quality counts and buying a 2nd tier solution can cost you in time to implementation and total cost of ownership.

Andy Jaquith had a good post up that I first heard about from Mike Rothman's blog. Andy, fresh off of attending the Symantec Vision conference laments the obligatory "we're so big" slides that find themselves into almost every deck you see. Whether it is for analysts as Andy says or for customers or partners, from the biggest to the smallest, companies seek to show how good they are by how big they are. Numbers of customers, nodes, sensors, yada, yada. Usually these "we're so big" slides are followed by the obligatory circular diagrams that show the "life cycle" of the companies product or services being complete. After a while you seen one, you've seen them all.

But lets face it, even some of you men out there who may be resisting, size does matter! No one wants to say that we don't have the scale and success breeds success. It is just a fact of marketing. You will feel more comfortable if you see so many others (even brands you know) picking the same solution you are looking at. You feel good knowing that your vendor has an army of machines and/or people watching your back. Sounds better than 3 guys in a garage for sure.

It is all part of the marketing game. Those same rules say that if you repeat a story enough times, whether it is true or not, eventually people believe it. The bigger the lie, the more times you repeat it, the more people will believe it. But that should not stop others from pointing out the facts and doing their best to call out those who just cross the line with marketing claims that are not true.

Here is another pet peeve of mine. Why do analysts base their market size numbers on what vendors tell them they do in revenue. With the past performance of some of these vendors, I wouldn't put much weight into what they say they do for revenue. I think analysts need to show market size independent of vendor revenue reports unless they are in fact audited or some how verified.

So our first topic of interest as part of the Black Hat Bloggers Network promotion was virtualization and security in honor of our own Chris Hoff presenting at Black Hat this year. While several members of the network wrote some really great stuff, I was hoping we would get more of a broader response from the 150+ blogs on the network.  So for topic #2 I wanted to pick something more generic and easier to blog on.  Our topic is why go to Black Hat.  Most of the blogger network members either go to Black Hat or wish they did.  Why?  Lets hear your reasons for going to Black Hat. Is it the briefings?  the parties? seeing old friends? what?  I am hoping to see a lot of blogs on this subject from all of our BHBN member blogs!

I should also point out that Black Hat is doing some great promos leading up to the show.  They have a great webinar coming up today that I totally spaced on because I wanted to give everyone more notice and time to register. In the meantime, don't be like Mike, I mean Shimmy, go register and check out the webcast!  Also be on the look out for some of the other great events they have cooking, as well as registering for the Black Hat Twitter feed.

In a blast from the past, Sybase is aiming to be your mobile phone security provider. According to this article in Information Week, Sybase iAnywhere division's, Afaria security line already provides device authentication and encryption and now will add anti-virus and firewall capabilities.

I was glad to see the Sybase name in the article.  I have fond memories of Sybase on Sun servers from my early web hosting days.  It is also good to see a new competitor in the mobile phone business. Lets see if Sybase gives the McAfee's, Symatecs, etc a run for their money. Or who knows maybe another not yet heard from name will come out to dominate the mobile phone market.

What I also was unaware of was that there were over 500 viruses that target mobile phones.  With Sybase covering Windows Mobile, Symbian (they just went open source), Blackberry and more, even the Apple iPhone appears to be covered.  Though overall I still think this is an immature market, it will be interesting to see who steps up.

One of the newer, but very well known members of the 155+ blogs of the Security Bloggers Network, is the Errata Security blog from Dave Maynor, Rob Graham and Marisa Fagan.  Dave has a post up today about his frustrations with trying to remove McAfee AV from his new mobile phone. I share his frustration.  Having run Windows Mobile for over a year now and changing ROMS in addition to installing and deleting a multitude of applications, I am often frustrated by the lack of visibility you have into the files and system on Windows Mobile.  if an application does not remove itself cleanly, you are hosed.

A far larger frustration for me though is removing AV vendors security from any computer, mobile or otherwise.  It is not just a McAfee thing either.  Symantec, CA and Microsoft are just impossible to remove with out a major pain.  What is the reason?  Do they make it hard because they think people might remove them by mistake?  I don't think so.  Like Dave says, when does AV become a virus itself?

Barracuda continues their poker game with Sourcefire today raising their $7.50 all cash bid to $8.25.  Are Dean and company just bluffing for publicity or are they willing to keep playing and stay in this game until all the cards are on the table?  I don't know for sure, but find it interesting that Barracuda did say to Sourcefire that they would be willing to explore ways that would show Sourcefire's increased value to Barracuda and based upon that increase their offer.  Of course $8.25 is still to low, but it is getting closer.  If the offer gets near 10 bucks, Sourcefire has some serious decisions to make.  In the meantime, Barracuda will again reap the PR bounty from having a seat at the hottest poker game in security.

Tim Greene makes the point again in his column that NAC is a great tool to help with PCI compliance. He is right on. Here at StillSecure we have several customers who are using NAC to help with PCI.  My issue is Tim highlights some recent spin fed to him from the "used car salesman of NAC". They claim to have a "PCI kit" that will help with 8 out of 12 PCI requirments.  A kit sounds like something you put on your car to help with gas mileage or something and for all I know is just more snake oil.  They claim to have an "unnamed customer" who is already using it.  Who could that be, LVHH again?  Or maybe they found a Cisco or Juniper customer that they say uses them for NAC now too.  The BNBB advises to take anything they say or write with a grain of salt.  Remember Caveat Emptor!

Was reading Amrit Williams blog today on the AV market and followed a bunch of links back to read more. I have to say reading the articles left me with just a bad taste in my mouth for where is the innovation in security, especially the AV market.  As Amrit points out, the first article has Eva Chen CEO of Trend proclaiming "the AV industry sucks".  She says with 5.5 million new viruses, how can anyone claim they are doing a good job.  I don't disagree with her but unlike Amrit, I don't think the Trend response is such an innovative response. In fact I think it is exactly what the folks at Panda Security in Spain have been talking bout doing for some time now.

A couple of other things that Eva says I found disturbing as well. Most of all was her analogy of open source software and proprietary software to capitalism and Communism.  I don't buy into the whole open source - socialist/communist thing.  I think it once again shows that Eva Chen doesn't get open source at all.

The other interesting article that Amrit pointed out was one announcing the new Symantec endpoint management suite. This represents Symantec integrating endpoint security suite with the Altiris management platform.  I think Amrit is right about it takes more than slapping it all in a yellow box and putting a portal interface on it.  Often times that amounts to little more than seeing how high you can make that pile.

A Google alert caught my eye today about an article entitled "The Essential Guide to NAC", in ITSecurity.com.  It is by John Edwards and dated June 23, 2008.  It was pretty much the usual about NAC.  In line, out of band, agent based and agentless, yada, yada, yada.  At the end of the article was a list of "market leaders" including Vernier Networks and a few other smaller NAC vendors.  Now as we all know Vernier ain't Vernier no more and is not really in the NAC business.  I would not hold it against John Edwards or ITSecurity.com except at the head of the article it said, "Stay Current, Features - The Essential Guide to NAC"

Not exactly what I would call keeping current, would you?

Dr Anton has a short to the point post up about a conversation he had with someone recently. The bought a "security appliance" (and I use that term loosely) that is just off the shelf hardware with Linux/BSD and some security software. The vendor however refuses to give the customer who bought the frigging box the root password! Root password is shared among vendor's support people only!

Dr Anton want to know if somebody is insane. I am afraid the answer is yes. Too many vendors do this to add a layer of mystique to their "black box, purpose built" schtick. Give me a break. If you buy a box and you can't have root password to it, either give it back or use it as a flowerpot!

The golden age of comics in the 30's and 40's saw the creation of the superhero.  The good versus evil storylines mimicked the real life events of the day. It elevated the comic book to an art form.  Comic style illustration and story telling in short dialog balloons had never before or since reached those heights. Than after WW II, with the advent of TV and one evil empire ending, comic books seemed to recede back into the background of young boys play things.  Their numbers never again reached the levels seen during the war and many of the characters faded away.

Over the years the comic industry tried to regain their former glory, but the age of the superhero was over.  Yeah there was the TV cartoons, who didn't watch Superman or Batman when you were little.  Some of you like me, may have even watched the Marvel Superhero Show that had short segments of many of the Marvel characters (check them out in the You Tube video), but they were campy and never appealed to an audience beyond young boys.  The Superman movies with Christopher Reeves market a turning point on the return of the superhero and the Batman movies were very successful.  But beyond those two, there were many flops.

With better technology and better story lines, Spiderman, Iron Man and now the latest, The Incredible Hulk have brought comic book superheroes from the page to the screen in a big way. I know that I was not a big fan of the Iron Man movie, but seeing Tony Stark come in at the end of the Hulk movie did get even me excited by the possibilities. Also seeing the Hulk and Iron Man, I began to see that these movies are not aimed at adolescent boys with stories that I am used to from comic books and TV shows.  These are movies aimed at adults with adult storylines.  The technology is great, the heroes are played by big stars (I hear Brad Pitt is playing Thor) rather than unknowns and the productions are first class.

Besides the movies already out, Thor, Captain America, and Namor, the submariner are all headed for the big screen. Once each of these and more have their movie debuts, the subsequent combinations and sequels are almost infinite.  This could be the biggest movie franchise of all time and make the original comic book owners more money then they ever dreamed of!  In the meantime, I am excited to see many of my boyhood heroes get this new big screen treatment! 

These days every one wants to be seen as green.  Larry Seltzer over on PC Mag has an interesting story from McAfee Avert Labs that using anti-virus on your computer is green. The reasoning goes that by keeping your computer free of malware, your CPU usage stays lower, thereby using less energy and lowering your carbon footprint.  OK, I get it.  My question is what about all of the extra CPU cycles that some of the bloated endpoint security suites use on all of these machines they are installed on.  I would bet that they far outweigh any energy savings from clean machines. 

I guess in place of wrapping yourself in the flag, the thing to do now is wrap yourself in the green thing. How long will it be until some company hires Al Gore to hawk thier technology. In the meantime I would beware of Jolly Green Giants.

A blog with one of the biggest followings on the SBN is the GNUCitizen blog. Today in a post called "Fear" the author states, "The entire information security industry today is based on fear." He then goes on to say, "This is what gives security vendors the power to sell you useless products which you don’t really need."  So of course I don't agree with the later statement, not all of those products are useless, but is it really fear that is motivating buyers?

Fear of what is a good first question. The blog post talks about fear of being hacked, fear of harm to reputation.  To that we can add fear of jail or fines and by doing so cover the compliance issue. So yeah, at first blush it does appear that fear is the prime motivator in security.  But think a bit deeper on this and you come to the conclusion that fear is a primary driver for so much of what we do besides security.  Fear of failure, fear of loss, fear, fear, fear. Is there anything besides fear that motivates people?

For me it comes down to the carrot or the stick.  The carrot being the reward.  So making money or however you measure success is certainly motivating.  The stick is failure.  Their are consequences of failure.  But really isn't success and failure two heads of the same coin.  Aren't the rewards of success and the consequences of failure a Zoroastic type of Yin and Yang? 

So if in the final analysis, success and failure are intrinsically linked. There really is nothing wrong with saying security sales are motivated by fear, because by the same token they are motivated by success.  Now as to useless security products, lets discuss that a bit later. All of this philosophy is hurting my head.

Episode 55 of SSAATY is a fun one.  Mitchell and I are joined by JJ, Jenifer Jabbusch of Security Uncorked blog.  JJ is someone I have gotten to know over the last year or so and she is a lot of fun. On top of that she is very technical and huge supporter of 802.1x, NAC and security in general.

JJ, Mitchell and I talk abour Rohati, NAC, 802.1x and a bunch of other stuff in our usal rambling, stream of consciousness style.  It is about 40 minutes of informative good times.

If you like the content of these shows or have any other comments or questions, please drop us a line at podcast@stillsecure.com

Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!

Or download here:

mp3