The software risk silly season is upon us again. Every so often a big trend washes over the industry, and soon afterwards well-intentioned people start telling us why we should be afraid to dip our toes into the water. Or perhaps they are not so well-intentioned... Even as cloud computing takes off in the enterprise and Android …
A Matt Asay column I absolutely agree with
Yes, but even then there's the rather annoying fact The Register has been perhaps the Internet's biggest headline gabbing drama queen, continually bigging up "security weaknesses" that, on closer inspection turn out to be no more than theoretical concerns, seeking to find any possible angle to turn a story regardless of the facts of the case. What makes this worse is that every now and then they report real security threats and the layreader, used to the melodramatics, has no idea if they are crying wolf.
There's nothing like a well-argued, cogent rebuttal to a point someone has made.
But your one-word answer was nothing like it.
For heaven's sake, you're supposed to be a journalist - can't you do better than that?
@SuccessCase: citation needed
@DrewC: citation needed.
if Orlowski, Page and Worstall (and even TPM sometimes) aren't drama queens then I'm the King of England. But they get page hits, so who's worrying?
Don't follow the money, follow the laws
You might not get fired in the US however any Foreign CIO who allows their critical business data to be exposed to the patriot act probably will be.
Silly season? What silly season?
It's /always/ silly season in the IT security scare industry. Then again, there's few industries that can match the wider IT industry for waves and waves of hype. It's a veritable sea, every tide something new. And let's face it, sloppy coding and vendors unwilling to fess up to the mess they've sold(sometimes for more than a decade) did create a fertile ground for the scaremongers and snake oil salesmen to work on, and sow we did and reap they do. The poor code quality has been noted literally decades ago (EW Dijkstra for one, just to drop a name), and with the commodisation of computing the industrialisation of "securing" it (by preference heroically failing to, for extra profit) was sure to follow.
Nothing against Matt's scribblings here, really. The really sad thing is that it still needs to be said.
"You will be fired as a CIO if..."
If really was hoping this to be a HP internal memo.
RIGHT! THAT'S IT! FIRST ONE TO BUDGE WILL GET IT UP THE WAZOO!
I keep getting phone calls from people with thick Indian accents claiming to be from "The Windows 7 Helpdesk" and who say that they've detected a virus on my PC. Then they tell me that I'll need to buy some software from them to remove it...
I know it's a scam since I don't have Windows on my computer...
I know it's a scam and I do have Windows on my computer. Any Reg reader who doesn't know it's a scam should hang their head in shame.
When 2 days ago two news stream aggregators ran with a headline from the telegraph online, (vaguely about a computer security flaw being used for snooping) strangely the actual article on the telegraph website was nowhere to be seen....for around twelve hours. There are several possibilities of course, from a digital D-notice descending, to someone having tripped over a server ethernet cable, taking down a single, factual article. The fact that the articles' re-appearence happened after exactly the right amount of time required to ask thousands of remote access technology 'infected' PC's to deliver their final payloads, update their c&c server channel then tidy-up afterthemselves, deleting the fake iTunes evidences, makes you think, dunnit? But yeah, silly season!?
One of the by-pass sheds (I really could not be bothered to notice which) was advertising Android tablets on the idiot box last night, ending with a splash for anti-virus (brand similarly forgotten) to run on Android.
My first thought was 'Yuk, exploiting the gullible again'
Well, everyone forgets security.
Any time there's a new way of doing things (Twitter, YouTube), some people, in business particularly, get all excited about it, and don't look for or don't see problems, mostly because up to now, somebody else has been responsible for security or compliance policy. So a company gets fined for something that a company officer Tweeted... or your cute new phone or tablet ravages the company network. Because you didn't think about that happening.
And nowadays cybercrime is a ruthless an efficient business: ripping you off happens at the speed of light.
If I ran a business, employee Android devices would run only apps and updates that I personally approve - or none at all - and Internet access will be limited similarly to a short whitelist of work-related sites, unless I can get an extremely secure browser, too: maybe Opera Mini.
The new Windows.
And how many Apple devices did you say you own (or lust after)?
I blame that google guy
After I read him claiming that all android security vendors are charlatans, I have setup Kaspersky to run daily scans since I have serious concern about how android security handled.
I purchased it to do other things like location and anti spam.
McAfee? "charlatans and scammers"?
My dear fellow, why on earth would you call such nice people such nasty names?
Android apparently a malware-maker's dream?
Show me an Android mobile you can root by opening an email attachment or clicking on a URL ..