CSO - As we wrap up another year of security vendors ringing the alarm bell about every conceivable threat and the media willingly playing along, it's time to reflect on stories that got lots of attention but didn't necessarily do much to move security in a better direction.
Here are three such tales of fear, uncertainty and death (FUD) that were certainly problematic, but not enough to blast us from existence:
Just a couple weeks ago, a British security vendor named Prevx stirred up all kinds of angst by announcing that recent Windows security updates were sparking mass "black screen" lock-outs. Here's how Gregg Keizer, my colleague from across the aisle at Computerworld, described the debacle in his story:
"The brouhaha began when Prevx said the Windows security updates issued in November changed Access Control List (ACL) entries in the registry, preventing some installed software from running properly. The result, said Prevx, was a black screen, sometimes dubbed the "black screen of death" -- a reference to the "blue screen of death" that Windows puts up after a major system crash. Microsoft said it was investigating the reports, but by Tuesday it was denying that its updates caused black screens. Moreover, said Microsoft, its technical support teams were not fielding any appreciable number of customer calls on the issue. Microsoft turned up the heat on Prevx yesterday in other ways, as well. Roger Halbheer, Microsoft's chief security advisor for the company's European, Middle Eastern and African operations, argued that the black screen news was causing customers to delay deploying Windows security updates."
After Microsoft pushed back, Prevx came out with this bizarre blog posting that attempted an apology, though it was just as mired in "we-really-didn't-say-this" speak:
"As you will see, at no time have we categorically stated that these patches are the cause of the Black Screen problem. We shared our initial findings around the two patches with Microsoft, conducted further tests and have confirmed that these specific updates are not the root cause. Regrettably, it is clear that our original blog post has been taken out of context and may have caused an inconvenience for Microsoft. This was never our intention and we have already apologized to Microsoft. Microsoft is a valued partner and our fix was developed to ensure its customers were able to quickly resolve the Black Screen issue without having to reinstall Windows as some users indicated."
Paul Kurtz -- a long-time homeland security expert who served on the transition team of then President-Elect Obama and whose name had been bandied about for the much-hyped White House cybersecurity coordinator job -- pushed the overdrive button this year in Congressional testimony and at more than one security conference by throwing around the term "Cyber-Katrina" to describe the nation's lack of preparedness in readying for a potentially devastating cyberattack.
Last month I blogged about the partnerships you should build inside your organization. In keeping with that tone it's time we discussed expanding that partnership mentality to include some of the best technical resources you can ever get hold of, those are the ones that work in your neighboring cities, municipalities, counties, regions, townships etc. Come on folks, these people are already doing exactly the same things as you!
Free Insider Guide
