But it's true... it's TRUE!
For better or worse, there's a reason why "urban legends" become what
they are. Stories, tall tales, and flat-out lies are often repeated
so many times, they become more popular than the truths behind the
myths. Information security has more than its fair share of urban legends,
myths, and lies.
With a little help from our friends (and others), we have compiled
a list of the top ten... well, whatever you want to call them.
Whether described as urban legends, myths, misconceptions, misunderstandings,
deceptions, or lies, these are the things that make us either simply
cringe or outwardly want to assault any living thing sitting next to
us.
If you agree, let us know. If you disagree, let us know. If you
have a suggestion that should replace something in our top ten, let us
know here.
The Top Ten
1. All hackers are criminals.
The mainstream media still has a problem with keeping a consistent
definition of the term
"hacker". If all "hackers" are truly criminals, we would have even
more of a problem with overcrowded prisons. Even worse, Apple computers
wouldn't exist (Steve Wozniak says "hi").
[article]
Others may disagree, but this seems to be a decent baseline for
definitions: [article 2]
Then again, we get things like this from Microsoft CEO Steve Ballmer
himself: [article 3]
To quote the previous article, "Ballmer likens these individuals to
criminals who blow up buildings and says the monetary damage is worse."
Glad to see Ballmer can compare his definition of "hackers" to people who
deliberately put human lives at risk.
[article 4]
And finally, if the statement "all hackers are criminals" is true,
does that make this story false?
[mirror]
2. Y2K will be the end of the world
It seems most ironic that not only did the world not end on
January 1, 2000, but the article listed below was published exactly
one year to the day before the grand event. Doom and gloom... and
how many companies and contractors got rich from this spectacular
non-event?
[article]
3. If we have a firewall, we're safe.
Perhaps the mantra of penny-pinching executives, this
statement couldn't be farther from the truth. Firewalls are necessary but
not necessarily sufficient. Problems with traditional firewalls:
(mis)configuration, not all are stateful, they don't stop most spam,
they don't stop most viruses, attacks can be carried out via open ports,
users can circumvent firewalls (I'll just bring this great free screen saver
program in on a CD...),
insecure management interfaces, not all can perform in-depth traffic
inspection, improper placement on the network.
[article]
[article 2]
4. Using your credit card on the 'net is dangerous!
If your card is lost or stolen, the most you're on the hook for is
$50. The company eats the rest. But since we're on the subject, consider
the last time you went out to a diner and gave your card to a perfect
stranger who then disappeared with it for 10 minutes. That's more than
enough time to take a wax impression of the card, make a copy your
signature on the back, clone the magnetic stripe *and* write down the
three-digit "security code" on the back of the card. How d'ya like
that? Nyack.
[article]
[article 2]
[article 3]
5. Microsoft products only get breached all the time because
it's the world's most popular OS and the 3v1l h4x0rz are just
jealous.
Microsoft is absurdly easy to breach. Its focus is on convenience,
even to the exclusion of security. This simple reality is what makes it a
prime target; not its market share. C'mon... anklebiters with Visual Basic
are writing ridiculously damaging worms that bring Microsoft's malware to
its knees. That's not a sign of jealousy; that's a sign of inferior
coding.
[article]
[article 2]
6. Kevin Mitnick hacked NORAD.
In his own words, "No way, no how did I break into NORAD. That's
a complete myth. And I never attempted to access anything considered
to be classified government systems."
[article]
[article 2]
[article 3]
[article 4]
7. United States v China - Hacker War!
National news reports a "cyberwar" between the U.S. and China...
the result of a slew of defaced websites. *yawn*
[article]
[article 2]
[article 3]
Years after the original story hit, a new development surfaces: systems
from China are scanning U.S. government systems... but what is the impact?
[article 4]
[article
5]
8. Hackers are cyber-terrorists and al-Qaeda is actively recruiting them
So... a Clive Barker fan (nothing against Barker) starts a web
site, /bin/laden supposedly posts to it, an activist "believes" terrorists
are sending messages via the web but won't name any active sites, and a
former NIPC director says "we haven't seen it." In other words, FRONT
PAGE NEWS. Bleh. Just one more argument to support internet regulation?
[article]
[article 2]
9. Regulatory compliance laws will help protect confidential information.
Riiiiight. Whether it's HIPPA, Sarbanes-Oxley, or the Patriot Act,
the actual protection of confidential information lies with those who
handle the information. Compliance laws don't really offer any
"protection" other than deterrence in the form of possible penalties for
those who don't comply. If you want to really protect confidential
information, start at the bottom, not the top. [article]
10. Attrition.org is a "hacker" web site.
Well, this is true... at least according to corporate web
filters. While some sites are "allowed" because of the "computer
security" label, others are "denied" because of the "computer
hacking" label. Guess which one attrition usually falls under? To
quote Jericho, "us having red/black is honestly why so many filters
deem us 'hacker' instead of 'security'. if i had originally picked
'normal' colors, we wouldnt have been branded as such."
Maybe they're just afraid of this... or
this...
or this.
Honorable Mention
1. Toothing
Nothing says 'wanna make out' better than a wireless device on a
London commuter train. [article]
[article 2]
2. Warchalking
For being one of the '100 most significant ideas of 2002', this one
sure did die a fast death. [article]
[article 2]
Once again, any feedback, suggestions, or comments are welcome.
Mail us at errata.
