Monday, March 14, 2005
Tone down the rhetoric already
Exaggerating security problems is bad for the public.
People need to fix and focus on the real problems. One real problem is that if you attach any Windows system other than XP SP2 to the Internet without a firewall then it will be taken over in minutes. Someone who's trying to fix that should not be distracted with cries of "Wolf!".
Someone shouted "Wolf!" about something Microsoft does. They're supposedly giving the government early warning about security problems. This is a bad idea. As soon as the black-hat crowd finds out about a security problem they invent new attacks that use it. The closest thing to safety is to tell all the defenders at the same time. Otherwise you've got the risk of some blackhat stealing security information from the government and attacking the unprepared public.
It's a bad idea, yes, but this is what hit the press:
Cut the crap.
The worst possible thing for national security is North Korea releasing smallpox. The second worst is an unpaid Russian worker selling a suitcase nuke to Al Qaeda. The chance of yet another widespread attack on Microsoft software isn't even on the map.
Mudge has done important and insightful work. I hope the quote was out of context.
|
People need to fix and focus on the real problems. One real problem is that if you attach any Windows system other than XP SP2 to the Internet without a firewall then it will be taken over in minutes. Someone who's trying to fix that should not be distracted with cries of "Wolf!".
Someone shouted "Wolf!" about something Microsoft does. They're supposedly giving the government early warning about security problems. This is a bad idea. As soon as the black-hat crowd finds out about a security problem they invent new attacks that use it. The closest thing to safety is to tell all the defenders at the same time. Otherwise you've got the risk of some blackhat stealing security information from the government and attacking the unprepared public.
It's a bad idea, yes, but this is what hit the press:
'Peiter "Mudge" Zatko, a security expert who has worked for both the Clinton and Bush administrations, said the risk from Microsoft's effort was "the worst possible thing for national security." '
Cut the crap.
The worst possible thing for national security is North Korea releasing smallpox. The second worst is an unpaid Russian worker selling a suitcase nuke to Al Qaeda. The chance of yet another widespread attack on Microsoft software isn't even on the map.
Mudge has done important and insightful work. I hope the quote was out of context.
# posted by Frederick @ 7:14 AM Email to a friend:
Haloscan: they provide trackback