Gartner Debunks Over-Hyped Security Threats 134
TPIRman writes "At Gartner's recent IT Security Summit, the research company's analysts identified five over-hyped security concerns. Among the supposed FUD are mobile malware, unsafe VoIP, and cracker-friendly wireless hotspots. Gartner, which has made a name for itself tracking hype, claims that irrational anxiety is holding back technologies that offer benefits greater than their security risks. A Techworld columnist argues, though, that Gartner is sending mixed messages."
"cracker-friendly wireless hotspots" ?? (Score:5, Funny)
I'm so confused...
Re:"cracker-friendly wireless hotspots" ?? (Score:1, Funny)
For some reason this causes them to be more secure.
Re:"cracker-friendly wireless hotspots" ?? (Score:1)
Why can't we drop the hacker/cracker nonsense and just use the word intruder?
Re:"cracker-friendly wireless hotspots" ?? (Score:1, Funny)
Crack your FUD, white boy! (Score:2, Insightful)
I've always thought it was dumb to call a malicious hacker a "cracker". It makes a hash of the whole concept of "hacking", and it just confuses non-techies. Besides, it sounds silly.
Another word we need to get rid of: "FUD". Started out as Sun's way of saying that all criticism of Java was Microsoft propaganda. Then it became a way of dismissing anybody you disagreed with as being dishonest. Now this submitter is using it to
Re:Crack your FUD, white boy! (Score:1)
Typically refers to Fear, Uncertainty, and Doubt as propaganda.
Submitter's use seems fair to the original spirit to me.
Re:Crack your FUD, white boy! (Score:2)
Re:Crack your FUD, white boy! (Score:2)
Actually it was started by Gene Amdahl [wikipedia.org] in reference to IBM's marketing after he left and started a competing business. It is specifically meant to refer to innacurate marketing propaganda to scare consumers away from your product.
Re:Crack your FUD, white boy! (Score:2)
Racial and ethnic slurs aren't funny. (Score:2)
I'm inclined to assume - THIS time - that it was ignorance rather than hatred-driven intent that led to this faux pas. But please be aware of how such statements might affect others - and that the same pun is available in a non-painful form.
By the way: If you're living in
Re:Racial and ethnic slurs aren't funny. (Score:1)
but I was wondering what you meant by this:
It was no accident that Darrow and Scopes were both hired by a mine manager to break the local religion, which supported the unions and provided a place where workers could meet to o
Re:Racial and ethnic slurs aren't funny. (Score:2)
Got it from a person with a history degree and labor union experience, who studied that period. This is apparently a quite well-known piece of union history - among academia, not just lore within unions.
Check it out with your local history department if you don't believe me. (Be sure to ask someone who specializes in the history of unionization.)
Scopes was a local High School teacher,
Re:Racial and ethnic slurs aren't funny. (Score:1)
I'm not a historian, my knowledge of the Scopes trial is limited to the movies and a few debunking articles ( I think Stephen J. Gould wrote one, can't remember the others). I've also read some of Mencken's original reporting.
Your reply looked like it had a bit of research behind it, so I looked around a bit, not exhaustively of course.
Here's 2 references that seem to dispute your statements:
The first is an account by scopes, quite interesting in that it give
Re:Racial and ethnic slurs aren't funny. (Score:2)
I am making a mental note to always go with my first instinct, which in this case was to make a "cheese" reference...
The point of it all, for those who can't see past the allegations of bigotry, is that the continued use of the word "cracker" in an IT context when it already has so many other definitions (particularly some
Re:"cracker-friendly wireless hotspots" ?? (Score:3, Funny)
Jimmy crack kernel and I don't care,
Jimmy crack kernel and I don't care,
McAfee's gone away.
Re:"cracker-friendly wireless hotspots" ?? (Score:2)
And in what way have I broken your crayons recently, Bunky? C'mon, I'm in a humbled and expansive mood right now, creep out of the AC closet and let's talk about it like adults. If I need to apologize, I will (but I don't apologize to -- let alone usually speak with -- AC's, so you've got to walk like a man if you want anything besides a monologu
Re:"cracker-friendly wireless hotspots" ?? (Score:2)
Oh, and I guess "RobotRunAmok" is supposed to denote you as a serious individual who retired his crayons years ago, huh? Sounds like a misguided sci-fi fan still living in mommy's basement to me. I post as AC...big fucking deal. Having an account on
See you after the Klan rally, asshole
Do try to keep up, Niblet. I addressed the statement you mistakenly call "racist" els
Gartner, debunk yourself (Score:5, Insightful)
Gartner, please debunk yourself as anything other than a PHB-opinion-bolstering old boys club. I battle the Powers That Be here constantly - any proposal is met with "well what does Gartner say about it?". Take your magic quadrant, and... well, you know.
If everyone waits for everyone else's opinion before they can make a decision, no wonder we have organizations with forms to change forms, where Dilbert stories are all true, and employees read Slashdot all day instead of working (because 50% of their projects won't go anywhere, and the other 50% of their projects are pending some approval process or another).
Gartner is just a multiplicity of Dvoraks, all groupthinking what the Next Big Thing is.
Re:Gartner, debunk yourself (Score:3, Interesting)
The question here is whether in this case they were paid by the VoIP and mobile technology providers, to convince everyone that everything is alright and nobody needs to worry, or by the virus writers, to convince everyone that everything is alright and nobody needs to worry...
Re:Gartner, debunk yourself (Score:3, Funny)
You work for the federal government too??
Re:Gartner, debunk yourself (Score:2)
Yeah, I'm starting to believe that Gartner is a Microsoft funded alias for Dvorak. The shit that these guys come up with (and reverse their opinions) is absurd.
However, Dvorak and Gartner are great flamebate stories for slashdot!
Re:Gartner, debunk yourself (Score:2)
You often see a press release with "The Enderle Group has determined that our new product is great." On the new product page, of course.
It seems to be a lucrative job these days repeating crap.
Overall, I do think there is an over paranoia about security on some of these wireless networks. With the poor security of major organizations that already have all your important data (like Wachovia), anyone who wanted to
Re:Gartner, debunk yourself (Score:2, Insightful)
Often company's setups are not as secure as they should be.
Sometimes is that people are too lazy. Or they're too occupied with things assigned by the powers above.
Example:
Company that I'm temporarily working in as a techie has approximately 80 machines, with a mix of Win2k and WinXP. I just found out yeseterday that 3 of the XP machines were still running Service Pack 1a. I don't want to come across as a self-promoting bastard, but none of the IT guys here both
Overhype??? (Score:1, Funny)
I didn't even know they existed in this world of secretarial computer experts and "computer enthusiasts".
Warhol (Score:4, Funny)
A "Warhol Worm" is a worm that infects all
vulnerable machines on the Internet within 15 minutes.
Warhol must be a new spelling for Windows...
Re:Warhol (Score:3, Funny)
Bring it on Warhol fans.
Mobile (Score:1)
Re:Mobile (Score:1, Insightful)
five under-hyped security concerns (Score:2, Funny)
Re:five under-hyped security concerns (Score:1)
Re:five under-hyped security concerns (Score:1)
Re:five under-hyped security concerns (Score:1)
"the originality!!!!!!!!!!!!"
I gather that
a) you've been playing too much World of Warcraft (or talking about it too much)
b) both your '1' and shift keys are stuck
Re:five under-hyped security concerns (Score:1)
Re:five under-hyped security concerns (Score:1)
Oh look, another basher zombie. Someone get the net, he's fouling up the gene pool!
Depends on what you have to protect (Score:4, Insightful)
For instance, I don't use wireless on my work network because I have a lot of confidential client information to protect. But at home I like the convenience of being able to roam the house and yard.
Re:Depends on what you have to protect (Score:1)
Gartner is part of the grand design (Score:1, Insightful)
Re:Gartner is part of the grand design (Score:1)
Paranoia, or laziness? (Score:2)
Benefits of Technology? (Score:5, Interesting)
This is actually a good question, especially in light of the security risk question. I think the only way to evaluate benefits of technology is to look at how much a technology reduces the cost of living and/or how much it improves quality of living. For instance, a plow greatly reduced the cost of living for farmers - they now had to spend less time plowing for a given amount of production. The invention of air conditioning increased quality of living quite a bit. It's a little more difficult to measure just what having VOIP, for instance, gives us. VOIP doesn't really reduce the cost of living, and it really doesn't improve the quality of living compared to POTS. Perhaps it does slightly reduce the costs, if VOIP is less expensive than POTS, because that means VOIP users spend less of their "time" paying for communications.
The risks need to be weighed against the benefit though. For instance, there's a greater risk of getting injured by a plow than by digging things by hand, but the benefit is huge. The way I think things should be examined is what is the added risk for added benefit?
My personal assessment is that VOIP or wireless hotspots, or whatever, are not going to improve my life quality over what it is now, nor will they reduce my cost of living significantly. So, if there is *any* added security risk, it's not even in my consideration.
Re:Benefits of Technology? (Score:1)
Do you not see how to perfectly contradicted yourself? First you say that VOIP does not reduce cost of living, then you say it does. Make u
Re:Benefits of Technology? (Score:1)
I guess I should clarify that what constitutes 'quality of life change' or 'cost of living change' is different per person. My personal assessment was correct though. True, if I was paying $65 for phone and could go
Re:Benefits of Technology? (Score:4, Informative)
They reduced the time spent planting, and allowed planting of fields with harder soil.
Re:Benefits of Technology? (Score:2)
Then came plows, for cutting a giant trench to put seeds in, and then convering them over.
Now the new thing is No till [usda.gov] farming. Basically a high tech stick poking a hole in the ground, and moving on. Cuts down on erosion, and reduces the need for fertilizer.
Yay progress.
Re:Benefits of Technology? (Score:1)
One seed. One hole. Works like a charm.
Thoureau even questioned the necessity of the hole and one season simply scattered seeds on the ground. He raised enough peas to eat with enough left over to sell, le
Re:Benefits of Technology? (Score:1)
In fact, crop lands that are played out are typically planted in a 'soil food' crop and then plowed under during fallow seasons to rebuild the nutrients for later production seasons.
"For every complex problem, there is a solution that is simple, neat, and wrong. "
- H. L. Mencken
Re:Benefits of Technology? (Score:1)
Naturally healthy soil does not get played out and gets turned under without the use of plows.
Your Mencken quote is apropos. .
KFG
Re:Benefits of Technology? (Score:1)
The plants lived just fine. They lived, reproduced and died. What we need from them is more demanding. We need them to efficiently produce more and more food while taking up less and less farm land and consuming less and less human effort in the process.
If you grow the same crops on the same ground repeatedly, by whatever farming methods, the nutrients are used up. Fertilizers can make up some of the difference, but elements not
Re:Benefits of Technology? (Score:1)
Most of our modern agricultural methods exist only to solve a bigger problem created by our previous "solution" to a smaller one.
Just because there is "motion" does not imply there is progress. Reasonable men do not prop up bad ideas with worse ideas.
KFG
2 major benefits of VoIP (Score:2, Insightful)
VoIP has allowed some customers to have free worldwide (where permitted by law) long distance between VoIP-equipped endpoints, and very low-cost (
The Pot Calling The Kettle Black (Score:4, Insightful)
Re:The Pot Calling The Kettle Black (Score:2)
Overhyped == "Hasn't happened to me Yet" (Score:5, Insightful)
There is much truth... (Score:3, Insightful)
Common sense is, unfortunately, not that common. Defense in depth security measures can be achived without spending a lot of money. BUT... your best security is useless if the people behind it are lacking in common sense.
Re:There is much truth... (Score:2)
Sorry, but I've seen that once too often.
Patching insecurities is a process, patching with bandaids is a neverending process. If something actually is secure, it is secure and there is no process about it. OpenBSD is uber secure. However, note that they do not make the claim without some sort of qualifier. ("Out of the box" is a qualifier. Sorry.) Secure is the ability to run an upatched vulnerable server being attacked by competents and watching the process with a tota
Six wireless myths debunked (Score:3, Informative)
Re:Six wireless myths debunked (Score:1)
(before you mod this down, it's true. It's on Wikipedia!)
Summary (Score:2, Informative)
Gartner analysts project that through 2007, the Internet will meet performance and security requirements for all business-to-consumer traffic, 70 percent of business-to-business traffic and more than half of corporate wide area network (WAN) traffic.
[2]
"Enterprises that diligently use security best practices to protect their IP telephony servers should not let these threats derail their plans," Mr. Orans said.
Re:Summary (Score:2)
whaaaat? (Score:2, Interesting)
WTF!?!?!? (Score:2, Insightful)
1. VoIP is UNSAFE!
While Gartner contends that VoiP is safe because it is protected like all other data on the LAN, they fail to realize or point out that public internet usage of VoIP has now exceeded that of corporate use thanks to the likes of Vonage, SpeakEasy, Time Warner and Verizon who all offer ineternet based VoIP to millioins of subscribers. These subscribers ARE vulnerable to eavesdropping but, more importantly, they are vulnerabl
Re:WTF!?!?!? (Score:2)
Re:WTF!?!?!? (Score:1)
Re:WTF!?!?!? (Score:2)
Re:WTF!?!?!? (Score:1)
Need for casual encryption. (Score:2)
The only reason this is not an issue is that there aren't a lot of crooks taking advantage of it. But let this become a widespread utility of business by people thinking "the security issue is overhyped", and then you only have people reacting after they have been badly stung.
I can easily see a lot of c
Re:Need for casual encryption. (Score:2)
Re:WTF!?!?!? (Score:2)
How are you defining "unsafe"? There are security concerns, yes, but your tone is a bit shrill. Especially regarding eavesdropping, which is actually *harder* to accomplish in a VoIP environment, even when that environment includes the public internet.
With POTS, tapping only requires a "buttset" (available at Home Depot) to clip onto your line anywhere between your home and the nearest pole or pedestal, for a third party to be able to listen freely. Or they could use a cheap RF scann
Gartner, which has made a name for itself tracking (Score:2)
Shouldn't this really be, "Gartner, which has made a name for itself CREATING hype"?
Gartner is bad. Their security summit is worse (Score:5, Informative)
This company, which I left recently, based all of their decisions on Gartner's Magic Quadrant. Of course, it was always funny doing the conference calls with their analysts to discuss technologies we were interested in, and they could never go beyond the script they had prepared for the call. When my boss wanted to buy some form of HIDS, they basically did a call on why we should purchase Symantec's new product over Symantec's older product. Nevermind that there were better products from their own literature. The guy couldn't answer any question about the product that wasn't on the literature he'd sent or was reading from. It was depressing, because his opinion mattered more to my management than the opinions of those who would be using and monitoring the software and knew what our requirements were.
Re:Gartner is bad. Their security summit is worse (Score:2)
The only one that was in that league of lameness, is Information Security Decisions by Information Security magazine. Another free conference. Horrible. Avoid at all costs.
Hardly sending mixed messages (Score:1, Funny)
Aren't They? (Score:3, Interesting)
How about the under-hyped issues? (Score:2, Insightful)
One example is VPNs. Seen by most as improving security, and uncrackable due to strong encryption, but poor config and vendor flaws often make them the easiest way in.
Some of the things I've seen, even with large financials, are downright scary. This link gives some examples of the problems: http://www.nta-monitor. [nta-monitor.com]
If Gartner had been consulted about the Titanic, (Score:2)
Gardner is a name well known for FUD (Score:2)
OTOH, I must admit that most of what they talk about is just of zero interest to me whether what they claim is right or wrong...so in those cases I just assume they are wrong. It hasn't hurt me yet. (N.B.: Presume does not me that I believe something, merely that I consider it more probable than not.)
Risk and benefits depend on the user (Score:1)
True, having an honest assessment may delay rollout of new technologies and may cause others to be abandoned because the vendors think the payoff won't be as great if they expect to have only 10 million customers instead of 20 million in the time before the tech is obsoleted, but in the long run this is better than the technological equivalent thalidomide [nih.gov].
The bottom line:
If risks are properly understood, those who can afford to take the risks wi
Five reasons I'd love to work for Gartner (Score:2, Funny)
Unhelpful (Score:1)
We get this everyday at work. What (at least our) senior management guys don't understand is that it's possible to implement virtually anything, but there's a stupid way of doing it (with big secu
Gartner? Who cares? (Score:1)
Anything Gartner (or any other analyst company) says is bought and paid for by someone.
Ignore them the same way and for the same reasons that you don't watch the shopping channels: They are peddling over-priced garbage that you don't need.
Security Fairy (Score:2)
Wireless is still not secure enough....... (Score:2)
You now have their login,
gartner's conflict of interest (Score:1)
this consultant is the same fellow that will be reviewing our product later on in the year. it's not that out company is doing anything underhanded, that's just the way it works with
Re:Trust Gartner? (Score:5, Informative)
Since then, anytime I see "Gartner Group" in print, my brain replaces it with "information prostitutes".
Re:Trust Gartner? (Score:1)
Re:Trust Gartner? (Score:3)
Care to back that up!?
Re:Trust Gartner? (Score:3, Funny)
Source please? (Score:4, Interesting)
Re:Source please? (Score:2)
Re:Source please? (Score:2)
Re:Trust Gartner? (Score:1)
Like blood transfusions right? You realize that if the government hadn't stepped in to say "hey wait, you might want to check that blood before you go around pumping it into people" we'd still not be testing for diseases, especially with all the blood banks screaming about this or that crisis these days. It's not like the blood tests are free either, and they certainly aren't going to charge people to give blood.
Or hey, saving lives. You give someone CPR, and most of the time, t
Re:Trust Gartner? (Score:1, Offtopic)
Yes, there are people who got it without engaging in irresponsible behavior, and that is a tragedy.
But they are VASTLY outnumbered by people who used dirty needles or fucked someone they shouldn't have. THEY are representative, not your ridiculously small example groups.
Re:Trust Gartner? (Score:1)
Like married people whose spouses turn out to be unfaithful.
Just because the majority of people with the disease got it because of their behavior is no reason to continue to tar everyone's reputation. You wouldn't go around calling Blizzard copyright infringers because they use bittorrent for distributing patches, would you?
Re:Why is my Linux broken? (Score:2, Interesting)
Re:Why is my Linux broken? (Score:2, Interesting)
Re:Phishing is overated (Score:2)
Phishing can and fool intelligent people ... once (Score:1)
The average person who is told "verify the URL" and "look for the security lock" will fall for this once.
Even better if the email does not sound alarming and does not specifically ask for a login. For example:
-------
From: carloans@yourbank.com
Subject: Need cash? Let us give