[fw-wiz] Security dumming down - the king's clothes
From: Roger Marquis (marquis_at_roble.com)
Date: 12/11/03
- Previous message: Lee T. Christie: "[fw-wiz] PIX Authentication Question"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Security dumming down - the king's clothes"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Security dumming down - the king's clothes"
- Maybe reply: Marcus J. Ranum: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Maybe reply: Richard Snow: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Maybe reply: Don Parker: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 11 Dec 2003 14:09:45 -0800 (PST)
Anyone in the news media know why this critical security story was
de-indexed so quickly?
Internet worms and critical infrastructure, Bruce Schneier
<http://news.com.com/2010-7343-5117862.html?tag=nefd_gutspro>
It's a detailed examination of the correlation between MSBlast and
the Aug. 14 power blackout. Recommended reading, however, despite
being published on Dec. 9 it is no longer included in Cnet's front
page index or their security index which goes back to Nov. 25.
Would it be paranoid to associate this with @Stake's dismissal of
Dan Geer after voicing his personal opinion of this same vendor's
security and the short shrift major news outlets gave that?
These correlations were further supported a couple of weeks ago at
Stanford's Cyber Security Conference where all speakers went to
great lengths to avoid criticizing the vendor in question.
All of which make me wonder about an article by Fred Avolio in
September's Information Security Magazine.
<http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss81_art179,00.html>
It was, on the surface, an attempt to make a distinction between
"stateful inspection" and "application intelligence", but anyone
who knows Fred can see that the story was dumbed down to a such an
absurd degree that it makes no sense at all, except perhaps to a
marketing or rhetoric PhD. It should be noted that Information
Security Magazine rarely covers anything other than products which
run under operating systems written by the vendor in question and
that they rarely say anything negative about anything.
The common thread is the amazing degree to which cyber security is
being dumbed-down whenever it applies to this one particular vendor.
Perhaps the most damaging example of this is our own government's
failure to even identify the vendor as the source of the it's worst
infrastructure vulnerabilities and the cause of nearly every
documented security breach.
<http://govtsecurity.securitysolutions.com/ar/security_think_tank_gives/>.
The logical outcome of this collective failure to to recognize the
king has no clothes will, I fear, be as bad for information security
as it was for the airlines on 9/11/01.
-- Roger Marquis Roble Systems Consulting http://www.roble.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Lee T. Christie: "[fw-wiz] PIX Authentication Question"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Security dumming down - the king's clothes"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Security dumming down - the king's clothes"
- Maybe reply: Marcus J. Ranum: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Maybe reply: Richard Snow: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Maybe reply: Don Parker: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
