Thursday, March 18, 2010

Navigation
Recent Posts
Bookmark and Share

Archive for the ‘SC Mag Blues’ Category

Hot or Not Part Deux

PostDateIcon November 6th, 2006

In case you’ve been following along, I promised last month to keep on top of SC’s “Hot or Not” feature. Well, I’m a bit late to the party (seeing as how it’s November and the column came out in late October,) but at least I didn’t miss it entirely. Anyway, this month eEye founder Marc Maiffret posits that wireless card attacks are not hot; saying instead that they are just hype – nothing sums up his take better than this selection:

Do we all really believe that the next major wave of identity theft attacks is going to happen by Eastern European hackers flying to the United States to sit at your local Starbucks and hope that someone with the correct vulnerable wireless card driver is going to fall victim to their scheme?

Now, in my opinion, Marc’s half right – or how about “right from a certain point of view.” Here’s what I mean: everything Marc says about the attack is 100 percent true: it’s not being particularly likely to occur, it’s the least of your worries at the local Starbucks, and it not any more technically interesting than other kernel-level issues already documented in other products. All true. So, judged solely on the merit of the bug, I would tend agree with Marc; the panic associated with this issue is way out of line for the threat. But there is one area where I think we do need to move beyond the merit of the bug to determine “hot vs. not” status – namely the Mac community’s response to it.

Now I’ve learned the lesson that saying something negative about Mac security signs you on for the flame email barrage, but just for the record, let’s not forget the following:
- MacWorld denied the existence of this flaw
- Public laims were made that the BlackHat demo was entirely fabricated
- public Assertion appeared in the press that the demo was rigged
- Apple still hasn’t given full credit to the researchers

So, while I agree with Marc that this isn’t the worst thing in the world from a security perspective, I think it makes for interesting fodder for discussion nevertheless.

Bookmark and Share
PostCategoryIcon Posted in SC Mag Blues | PostCommentsIcon 2 Comments »
“To help companies succeed by providing rational insight”
Blog Cloud

The Law: Fear It Administrative Cruft (16)
Analysts (31)
Apple (25)
AppSec (12)
Assessments (2)
Auditors (2)
Biometrics (4)
Blogs (13)
Breaches (21)
Buzzwords (2)
By Grabthar's Hammer!! (1)
Certifications (1)
Change Management (1)
Cheezburger Network (1)
Chupacabra (1)
Cloud Computing Security (4)
Collaborative Strategy Guild (2)
Compliance (4)
Copyright (9)
Credit Cards (3)
Crypto (11)
CXO Summit 2010 (1)
Cyberterrorism (2)
Data Protection (2)
DHS (25)
eBay (1)
Emergence (1)
End-to-End Encryption (2)
England (1)
Financial Fraud (1)
FISAP (1)
Forensics (5)
FTC Red Flad Rules (1)
FUD (12)
gnisreveR (2)
Google (2)
Holidays! (3)
Humor (16)
Identity Theft (4)
James Bond Shiz (1)
Legal Shiz (13)
Linux (3)
Malware (35)
Marketing and PR (9)
Messaging Security (1)
Microsoft (26)
Monoculture (3)
Mouth-Frothing (2)
Musings (17)
Open Source (3)
Oracle (21)
Outsourcing (4)
Paris Hilton (1)
Passwords (1)
PCI (4)
Phish-Eye (8)
Phones (5)
Planes (1)
Privacy (1)
Programming (1)
QDSP Blues (15)
Research (30)
Resources (6)
Rhesus Monkeys (2)
Risk Management (18)
RSA 2009 (1)
RSA 2010 (1)
SAML (1)
SAN (1)
SC Mag Blues (1)
SCADA (1)
Security Curve (8)
SecurityCurve Speaking (2)
SIEM and Log Management (5)
Social Networking (1)
SOX (1)
Speaking (2)
Spinach (1)
Spy Stuff (1)
Stealing Stuff (8)
Storage (1)
Symantec (7)
Tarot (1)
Teleological suspension of the ethical (3)
The Great Borack (1)
The Law: Fear It (10)
The Old Man of the Mountain (1)
The Regs (5)
Tokenization (1)
Useless Shizz (13)
Vendors (37)
Virtual Worlds (2)
Voting (2)
Vulnerabilities (40)
Walt Disney (2)
Wi-Fi (16)

WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.

Archives

Copyright © 2003-2010 Diana Kelley and SecurityCurve. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.