3 areas where FUD needs to stop
Beware of what you see and hear about these topics, according to infosec veteran Jimmy Blake. If it's a security story about Facebook or anything with an 'i' in front of it, it may just be hype
By Joan Goodchild , Senior Editor
August 26, 2010 — CSO —
There is a new breed of animal appearing in the infosec community, according to Dr. Jimmy Blake, chief security officer for Mimecast, a cloud-services company based in London, and host of the blog Cloud Computing and Bad Behavior. The new breed is what he calls the "attention monger" (he actually used a more colorful word, but we toned it down for this article.) The attention monger is courting headlines with the media that add no real value to information security.
Most infosec pros know the term FUD; it stands for Fear, Uncertainty and Doubt. But increasingly Blake thinks he sees FUD making headlines too often because opportunists are hoping to get their name out there. However, while drumming up concern over vulnerabilities in popular products does often garner media attention, it can be detrimental, too, he warns (See also: Good FUD vs. bad: Is there really a difference?).
"The danger in raising FUD is that users get attrition. They get so used to a constant stream of things that they are told to watch out for and when the really big things actually occur, they aren't ready for it," he said. "If we are constantly bombarding users with this stuff, it gets lost in the noise and they aren't prepared for the real vulnerabilities."
Blake recently outlined three areas where he sees rampant hype spewed in the media with little value.
Anything with a small i in front of it is fodder for headlines lately, said Blake. He points to the recent dust-up about a vulnerability with the iPad that was discovered by Goatse Security. The vulnerability was hardly newsworthy at all, according to Blake, and was actually a coding error on an AT&T website which leaked email addresses.
"The device itself didn't play a part in this," noted Blake. "It was really a sloppily-made web site."
Blake said attention mongers are hot to point out any issue with an Apple product because of their popularity, resulting in a disproportionate amount of attention on a product line that really has a much lower rate of vulnerabilities.
"The initial reaction is 'Oh, its iPad or iPhone related, so that's what we are going to hit the headlines with.'"
A day doesn't go by when we don't hear of a new scam or vulnerability on Facebook. Security pros agree Facebook is a hotbed of opportunity for criminals, but Blake wonders if a lot of the concerns are being blown up inappropriately. (Also see: 4 things Facebook doesn't tell you about your privacy and security)