Home > General Rants & Raves > Slow News Day + Patch Tuesday = FLANtastic One-liners!

Slow News Day + Patch Tuesday = FLANtastic One-liners!

I was actually going to write about how I think that so many of the FOG (you figure it out) security icons we have in the industry have turned into grumpy old bastards — all telling us how we’re "doing security wrong" and that all you need is a few ACLs, a stick of chewing gum, a tampon and and a teaspoon of Sucalose to secure your network…but then that would just be stating the obvious and I might be mistaken for an analyst…

Rot Roh.  Ah well.  Onto more pressing security matters because I have no interest in talking about privacy breaches, NAC or regulatory pressures today…we’re in the midst of moving our HQ this week and BOTH our existing and new buildings were struck by lightning today.  I figure I’ll use up my other 7 lives and pick on someone else.  Film @ 11.

So anyway, I was reading this fine piece of work today and I swear, this thing is written like page 6 of the Post.  I usually enjoy reading the scribbles over on Dark Reading, but it seems that every damned sentence in this article is gleefully punctuated with some doomsday quotation from the security-expert-rolodex-autobot Outlook 2000 journalistic quotamatron plug-in!

What happened to getting on with it and telling folks what they have to worry about instead of glamming it up with quote after quote of wag!?  If it wasn’t interesting enough to stand on its own as a story, why tart it up and put it on the corner hoping that someone might find it sexy?  Bah!

The fine folks quoted in this article probably gave some salient and well-articulated commentary (sigh) on the state of patching hell (oh, how rare,) but the way it came across in this article, you’d think this was the first Patch Tuesday, evah!

The really funny thing about this story is that comes across as though 80% of it is comprised of a bunch of strung-together quotations from these (mostly) vendors that actually contradict one another in some places.  Two of the quoted are contributing columnists from Dark Reading.

Read the article. You’ll laugh.  You’ll cry.

Check this out (of context):

  1. First, the title: "The Patch Race Is On"   Like, wow.  It’s, like, Patch Tuesday…again!?
  2. Then, the leader: "There were no big surprises among Microsoft’s Patch Tuesday releases today, but there were a couple of holes Microsoft kept under wraps until now." … so why write a big ass fluffy article about nothing then?
  3. The first of many "Captain Obvious" quotations oft times contradicted further on in the article to fill up the word count:
    • But it was the critical holes that caught most security experts’ and managers’ attention.
    • "Anything that is ranked as critical and allows an attacker to take control of a system is very high priority,"
    • "Although there were no real show-stoppers among the patches, the sheer number of vulnerabilities they cover is notable."
    • "Once a system is seized it can be used to penetrate other systems that otherwise would be more secure."
    • "You should jump on any server-side vulnerability quickly."
    • "An anonymous user from outside could deliver malicious traffic."
    • "That’s significant. I don’t think we’ve ever before seen so many vulnerabilities in Office applications."
    • "It’s not too surprising to find a bunch of Excel and
      Office vulnerabilities in here,"
    • "This will continue until we’ve caught all the big ones."
    • "It’s the Holy Grail of hacking,"
    • "Now the race is on for enterprises to test and install their patches before hackers can exploit these vulnerabilities."
    • "The problem with Patch Tuesday is Hack Wednesday,"
    • "I wouldn’t be surprised if you saw an exploit being publicly released tonight or tomorrow."

I think this was a synopsis of the "Idiot’s Guide to the Internet," right?  Or is it a history of the IRC?

I’m certain that within that article there were supposed to be a few useful nuggets of information, but I couldn’t see it for all the comedic value I extracted otherwise.  Many of these stories are becoming progressively anchored on goofy out-of-context quotes from some really notable people whom I respect…but it’s making them sound like total tools.

Save yourself some time, just go here.

Hey, my $0.02 (not accounting for inflation.)  Aw, crap.  I’ve turned into a grumpy bastard myself.

Did I mention you’re doing security wrong?


Categories: General Rants & Raves Tags:
  1. July 12th, 2006 at 06:09 | #1

    The Daily Incite – July 12, 2006

    July 12, 2006 Good Morning: Ill admit it, Im happy today. Probably not as happy as I should be, given that CipherTrust got acquired yesterday – but happy. Im happy that many of my friends over there got an exit that makes sense. Many w

  2. July 13th, 2006 at 09:08 | #2

    All I have to say is, "Forget Phishing! First 'vishing' Attack Appears!"

  3. July 13th, 2006 at 12:21 | #3

    That whole article could have been summed up with the last line:
    Microsoft's next patch release comes on — you guessed it — Tuesday, August 8.

  4. July 20th, 2006 at 15:54 | #4

    Goes right into my collection of obvious=stupid: http://chuvakin.blogspot.com/2006/07/on-obvious.h

  1. No trackbacks yet.