Random Entry: Tinfoil Firefox Love
< Efficient extraction of data using binary search and ordering information | Brain Krebs Leaves The Washington Post >
Dec 14

"Up to Date" isn't the same as "Knowledgeable"

Security 1 Comment »
Security

Eugene Spafford has a warning for us in his latest entry that I thought worth remembering:

Generally, hackers who specialize in the latest attacks dismiss anyone not versed in their tools as ignorant, so I have heard this kind of criticism before. It is still the case that the "elite" hackers who specialize in the latest penetration tools think that they are the most informed about all things security. Sadly, some decision-makers believe this too, much to their later regret, usually because they depend on penetration analysis as their primary security mechanism.

In many ways, I worry that mechanisms like RSS & twitter and the associated behaviour help us to be up to date, but not knowledgeable, and that the implied arrogance of being up to date stops us from realising it.

Posted by Dominic White

Last modified on 2009-12-14 11:23

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

1 Comments

Display comments as(Linear | Threaded)
  1. Allen Baranov says:
    12/14/2009 11:23:17 AM

    Good point. Especially since Verizon Business's Breach Report (my bible) reports that the number of zero-days that have been used to successfully breach a customer of theirs is basically none. Most breaches are achieved with patches that are more than 6 months old. While cutting-edge (NAC, DLP, etc) is always more fun, managing the basics is more important (firewall, patching, awareness, anti-virus).

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA