[attrition] Errata Overhaul and Re-launch
security curmudgeon
jericho at attrition.org
Mon May 3 13:57:27 CDT 2010
Re-launch Overview:
-------------------
Started over a decade ago, the Errata project of attrition.org is the
longest maintained section of the site. While consistently the least
viewed, it has provided a valuable resource to many people in and out of
the computer security industry including employers and media. While far
from a complete history of the darker side of our industry, the project
serves as a reminder that security providers and companies can be as much
of a risk as they provide help.
http://attrition.org/errata/
Changelog:
----------
Significant changes for re-launch:
- Standardized HTML (mostly)
- Slightly better META content
- Massive re-org of several pages
- Most indexes converted to tables
- Snazzy new graphics for main page
- Significant backfill of events for several pages
Moving forward:
- Several ideas for new pages in the works
- Endless backfill (1500+ mails / articles)
- More HTML standardization (e.g., titles, META)
Errata Information & Background:
--------------------------------
Whether it is $39.99 anti-virus software, or $500/hr specialty penetration
testing, you are paying a price for a piece of security. The security
companies that offer these solutions insist that security is important for
you as a person and critical to your business. So important in fact, that
they expect you will pay ridiculous prices for solutions that aren't as
complete or helpful as they seem. One of the cornerstones and components
of 'security' is integrity; "1. adherence to moral and ethical principles;
soundness of moral character; honesty". When security providers have a
breakdown in their own integrity, you should be aware of it. When the
company taking your money in return for security products and services
fails to maintain a certain level of integrity, you should challenge them
on why they think they are qualified to sell security offerings.
This page exists to enlighten readers about errors, omissions, incidents,
lies and charlatans in the security industry. With the media running
rampant and insufficient checks and balances for their reporting in place,
the general population has been misled about everything from hackers to
viruses to 'cyberwar' to privacy. In recent years, companies peddling
security products and services have taken a turn for the worse, casting
aside ethics in favor of lies and profit. Over the years, many companies
and people have developed a taste for money and fame when it isn't
deserved. These frauds and charlatans survive on being in front of cameras
and news articles, constantly peddling their ideas and solutions, when
they typically have no merit.
People often ask why we are so critical about articles, or focusing on a
single paragraph of a larger article. Regardless of the size or frequency
of errors, these problems can be viewed as single bricks in a large wall.
The more people read these bricks, the more they begin to see the entire
wall. After reading the same errors or omissions from several news
sources, the information makes an amazing transition from 'unbiased news'
to 'fact'. The notion that it is 'unbiased news' in the first place is
just as ludicrious, but a fact of life. Like the news clips, charlatans
build their careers by using the same methods. Quoted in an article here,
give a weak presentation there and before long it is spun into an
elaborate resume, extensive use of the word 'expert' and "twenty years of
experience."
The contents of these pages are the opinions and observations of
attrition.org staff. However, we frequently receive pointers to articles,
information and budding charlatans in our industry. In some cases, we
receive material that we republish as is. For any material to appear on
this page, we feel that our opinion or posted content is backed by a
reasonable amount of evidence and logic. We try to distinguish what is
factually incorrect versus our opinions. Do not take this page as gospel;
use it as one of many information resources, do your own research and form
your own opinions. While we will strive to keep this project as unbiased
as possible, there will be many times where we can only counter opinions,
bias and implications with those of our own.
More information about the attrition
mailing list