Create an Account
username: password:
 
  MemeStreams Logo

InformationWeek | Security | The Fear Industry | April 17, 2006

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
InformationWeek | Security | The Fear Industry | April 17, 2006
Topic: Computer Security 12:18 pm EDT, Apr 17, 2006

In January, a vulnerability in WMF surfaced that let attackers use the Windows' graphics rendering engine that handles WMF images to launch malicious code on users' computers via these images. A number of security researchers posted information about the vulnerability to their mailing lists. Within a few hours, researcher H.D. Moore posted a working example of a WMF exploit--a piece of code written to take advantage of a software flaw--on his Metasploit Web site. Some defended the action, saying it offered insight into the rules security pros needed to put on intrusion-detection systems to avoid getting hit. Others argued that what Moore did enabled the average hacker to more easily exploit the flaw.

Information Week published a long, sensational, and patently dishonest article on security research today. This text makes it seem as if malware authors used the information H.D. Moore published. The fact is that this vulnerability was being exploited by criminal organizations in the wild before anyone in the security research community knew about it. The article fails to make this fact clear because it doesn't fit into the narrative that the reporter is aiming for and undermines the questions the reporter is raising. Would any major news media organization be interesting in a peice that discusses whether intentially dishonest reporting is good or bad for society?

InformationWeek | Security | The Fear Industry | April 17, 2006



 
 
Powered By Industrial Memetics
RSS2.0