Tuesday, November 25, 2003

Well, Pete Lindstrom is at it again. This time, he's quoted in a Register article on some Diebold ATMs that were infected with the Nachi worm. While not as boneheaded as his comparing virus writing and sex, this quote is still a beaut:
I think of ATMs as a relative of SCADA systems, as those things not really being on the Internet, but being on some network, says Peter Lindstrom, an analyst with Spire Security. In some ways, it's kind of ironic, that I think standardization across the board has created some of the issues.

Merriam-Webster defines irony as 3 a (1) : incongruity between the actual result of a sequence of events and the normal or expected result (2) : an event or result marked by such incongruity.

So, what exactly is incongruent about standardization causing security problems? It may not be intuitive, but, as security professionals know, it's one of the disadvantages of homogenous systems, to be balanced against their many advantages. Defense-in-depth ring a bell, Pete? If your network design calls for layered firewalls, use different products at each layer. Exploits that work against one layer will likely fail against the other.

Man, this guy is really starting to bug me.

No comments: