Here is a perfect addition to my collection of "obvious=stupid" in our security realm. Quoting from RationalSecurity blog:
"The first of many 'Captain Obvious' quotations oft times contradicted further on in the article to fill up the word count:
* But it was the critical holes that caught most security experts' and managers' attention. [!-hmm, I wonder why]
* Anything that is ranked as critical and allows an attacker to take control of a system is very high priority [!-they should have said 'everything critical is of critical priority. duh!]
* An anonymous user from outside could deliver malicious traffic [!-wow, this is serious, guys]
* I wouldn't be surprised if you saw an exploit being publicly released tonight or tomorrow ..."
The source of this is - oh, horror - DarkReading, which is otherwise high quality!
1 comment:
Anton:
Firstly, I don't know how I haven't found my way to your blog before, but I'm glad you left a comment on my blog because it brought me here.
I'm glad to see that someone else -- even on the "darkside" of vendorship -- isn't afraid to step up and call it like it is.
Our industry has reached a point on the stupidity continuum that even I am having a hard time fathoming.
Great set of posts. I am sure looking forward to reading "On Obvious MXMXXLCVIII" ;)
Chris
http://rationalsecurity.typepad.com
Post a Comment