Firewall Wizards mailing list archives
Security dumming down - the king's clothes
From: Roger Marquis <marquis () roble com>
Date: Thu, 11 Dec 2003 14:09:45 -0800 (PST)
Anyone in the news media know why this critical security story was de-indexed so quickly? Internet worms and critical infrastructure, Bruce Schneier <http://news.com.com/2010-7343-5117862.html?tag=nefd_gutspro> It's a detailed examination of the correlation between MSBlast and the Aug. 14 power blackout. Recommended reading, however, despite being published on Dec. 9 it is no longer included in Cnet's front page index or their security index which goes back to Nov. 25. Would it be paranoid to associate this with @Stake's dismissal of Dan Geer after voicing his personal opinion of this same vendor's security and the short shrift major news outlets gave that? These correlations were further supported a couple of weeks ago at Stanford's Cyber Security Conference where all speakers went to great lengths to avoid criticizing the vendor in question. All of which make me wonder about an article by Fred Avolio in September's Information Security Magazine. <http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss81_art179,00.html> It was, on the surface, an attempt to make a distinction between "stateful inspection" and "application intelligence", but anyone who knows Fred can see that the story was dumbed down to a such an absurd degree that it makes no sense at all, except perhaps to a marketing or rhetoric PhD. It should be noted that Information Security Magazine rarely covers anything other than products which run under operating systems written by the vendor in question and that they rarely say anything negative about anything. The common thread is the amazing degree to which cyber security is being dumbed-down whenever it applies to this one particular vendor. Perhaps the most damaging example of this is our own government's failure to even identify the vendor as the source of the it's worst infrastructure vulnerabilities and the cause of nearly every documented security breach. <http://govtsecurity.securitysolutions.com/ar/security_think_tank_gives/>. The logical outcome of this collective failure to to recognize the king has no clothes will, I fear, be as bad for information security as it was for the airlines on 9/11/01. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security dumming down - the king's clothes Roger Marquis (Dec 11)
- Re: Security dumming down - the king's clothes Marcus J. Ranum (Dec 12)
- Re: Security dumming down - the king's clothes Chris Blask (Dec 13)
- Re: Security dumming down - the king's clothes R. DuFresne (Dec 13)
- RE: Security dumming down - the king's clothes Bill Royds (Dec 14)
- Message not available
- RE: Security dumming down - the king's clothes Marcus J. Ranum (Dec 14)
- RE: Security dumming down - the king's clothes Marcus J. Ranum (Dec 16)
- Re: Security dumming down - the king's clothes Marcus J. Ranum (Dec 12)
- <Possible follow-ups>
- RE: Security dumming down - the king's clothes Richard Snow (Dec 16)
- RE: Security dumming down - the king's clothes Don Parker (Dec 17)
- RE: Security dumming down - the king's clothes Wes Noonan (Dec 17)