[attrition] Errata Overhaul and Re-launch

security curmudgeon jericho at attrition.org
Mon May 3 13:57:27 CDT 2010 


Re-launch Overview:
-------------------

Started over a decade ago, the Errata project of attrition.org is the 
longest maintained section of the site. While consistently the least 
viewed, it has provided a valuable resource to many people in and out of 
the computer security industry including employers and media. While far 
from a complete history of the darker side of our industry, the project 
serves as a reminder that security providers and companies can be as much 
of a risk as they provide help.

http://attrition.org/errata/

Changelog:
----------

Significant changes for re-launch:
- Standardized HTML (mostly)
- Slightly better META content
- Massive re-org of several pages
- Most indexes converted to tables
- Snazzy new graphics for main page
- Significant backfill of events for several pages

Moving forward:
- Several ideas for new pages in the works
- Endless backfill (1500+ mails / articles)
- More HTML standardization (e.g., titles, META)


Errata Information & Background:
--------------------------------

Whether it is $39.99 anti-virus software, or $500/hr specialty penetration 
testing, you are paying a price for a piece of security. The security 
companies that offer these solutions insist that security is important for 
you as a person and critical to your business. So important in fact, that 
they expect you will pay ridiculous prices for solutions that aren't as 
complete or helpful as they seem. One of the cornerstones and components 
of 'security' is integrity; "1. adherence to moral and ethical principles; 
soundness of moral character; honesty". When security providers have a 
breakdown in their own integrity, you should be aware of it. When the 
company taking your money in return for security products and services 
fails to maintain a certain level of integrity, you should challenge them 
on why they think they are qualified to sell security offerings.

This page exists to enlighten readers about errors, omissions, incidents, 
lies and charlatans in the security industry. With the media running 
rampant and insufficient checks and balances for their reporting in place, 
the general population has been misled about everything from hackers to 
viruses to 'cyberwar' to privacy. In recent years, companies peddling 
security products and services have taken a turn for the worse, casting 
aside ethics in favor of lies and profit. Over the years, many companies 
and people have developed a taste for money and fame when it isn't 
deserved. These frauds and charlatans survive on being in front of cameras 
and news articles, constantly peddling their ideas and solutions, when 
they typically have no merit.

People often ask why we are so critical about articles, or focusing on a 
single paragraph of a larger article. Regardless of the size or frequency 
of errors, these problems can be viewed as single bricks in a large wall. 
The more people read these bricks, the more they begin to see the entire 
wall. After reading the same errors or omissions from several news 
sources, the information makes an amazing transition from 'unbiased news' 
to 'fact'. The notion that it is 'unbiased news' in the first place is 
just as ludicrious, but a fact of life. Like the news clips, charlatans 
build their careers by using the same methods. Quoted in an article here, 
give a weak presentation there and before long it is spun into an 
elaborate resume, extensive use of the word 'expert' and "twenty years of 
experience."

The contents of these pages are the opinions and observations of 
attrition.org staff. However, we frequently receive pointers to articles, 
information and budding charlatans in our industry. In some cases, we 
receive material that we republish as is. For any material to appear on 
this page, we feel that our opinion or posted content is backed by a 
reasonable amount of evidence and logic. We try to distinguish what is 
factually incorrect versus our opinions. Do not take this page as gospel; 
use it as one of many information resources, do your own research and form 
your own opinions. While we will strive to keep this project as unbiased 
as possible, there will be many times where we can only counter opinions, 
bias and implications with those of our own.

More information about the attrition mailing list