Take Me Off Your List!

Thomas Ptacek | March 15th, 2007 | Filed Under: Industry Punditry, Navel Gazing

The anonymous “editors” at SecurityFocus-A-Like IT Security Dot Com have whipped out the zero-day on the blogosphere, exploiting an obvious vulnerability (flattery injection) to hijack the keyboards of most of the security blogosphere. In this case, the vector for the attack seems to be a maliciously formatted OPML file.

You may remember IT Security Dot Com from such IT Security Scoops as “Complete Windows Vista Security Analysis”, the “in-depth technical assessment of the security improvements in Windows Vista, including shortcomings of the Vista model and how to gain full control over a Windows Vista machine”, for which you must provide your phone number, and which is actually just a cached copy of Matt Conover’s Symantec Threat Research report.

Speaking of Matt Canover: he is not among the “59 Top Influencers in IT Security”, even though he’s clearly among the top 59 Influencers at IT Security. Neither is Joanna Rutkowska (of Blue Pill fame), Mary Ann Davidson (firebrand CSO of Oracle), or Michael Howard (co-author of Microsoft’s security turnaround).

That’s OK, though. IT Security was at least smart enough to remember that there is a company called Oracle, and that they are kind of big, and that they have a management team page, from which they were able to find Amit Jasuja, who runs Oracle’s identity management line of business.

Obviously there’s a danger that IT Security Dot Com could mean something different than we do when they say “security influencer”. Never fear: they’ve classified the whole industry for us:

  • Chief Blogging Officers (people with blogs, with titles that include the letter ‘C’)

  • Bloggers (other people with blogs, some of whom even have names)

  • The 31 people that have blogs that are also equivalent to each other —- a class that simultaneously includes Pete Lindstrom (“write an advisory, go to jail”) and Robert Graham ( “write an advisory, you’re a sucker”), along with Ross Brown (CEO of one of the most influential vulnerability assessment company in the world), Alan Shimel (evil twin of Alan Shimel, the #2 most influential person in security), and Ron Gula —- and therefore all share position #21 on the list.

  • Corporate Security Officers (including Christopher Hoff, evil twin of Chris Hoff, best known for being 3% of the 21st most influential person in IT Security —- and Ron Gula, CSO of Tenable Security, who only coincidentally shares the name of Ron Gula, CEO of Tenable Security, to whom he reports). Also John Thompson and Thomas Noonan, respective security officers for Symantec and IBM/ISS.

  • White Hat Hackers, most noteably the evil hobbit Fydor, who gained infamy in 2007 by stealing credit for Nmap from Fyodor, his river elf nemesis. Also includes “white hat hacker” Mark Russinovich, whose hacking feats include being the W. Richard Stevens of Win32, Kevin Mitnick, whose “white hat” hackery earned him fame as a convicted felon, and Tsutomu Shimomura, who sadly passed away 3 years ago, murdered by white hat hackers.

  • SANS Internet Storm Center, the name chosen by the “white hat hacker” artificial intelligence that secretly animates the security blogosphere, powered by membership dues rumored to have exceeded $1Bn USD after it gained fame for defeating the treacherous Li0n worm, a force so important to security that I will lie and claim to have heard of it before reading this list.

  • The Dot Govs And Dot Mils, including “Heckuva Job” John Grimes, nominated by President Bush as Assistant Secretary of Defense for Networks and Information Integrtion, and Chief Information Officer for the Department Of Defense, controversially avoiding Senate confirmation for this post by recess appointment. Also, the secretive Committee on National Security Systems, which is actually just one person (hence, position on this list), but we’re not allowed to tell you who. Also 6 other agencies, organizations, and subdivisions, including CIAC but not CERT.

  • Last But Not Least Our Website And Please Can We Have Your Phone Number, another “A-list” of 30 “security pros” who’ve never been stumped by a security question from IT Security Dot Com’s readers, including head-scratchers such as “how much will it cost us to get you to co-sponsor our webinar, IT Security Dot Com IT Security Experts?”

I should mention that I’m joking about Tsutomu dying. I actually don’t know if he died or not, because I have no idea what he has done since 1995. Maybe Fyodor knows. The enduring mystery of “Where Is Tsutomu Now” has presumably vaulted him into the ranks of 2007’s Top Influencers; this makes sense to me, and I think it’s not fair that he’s all the way down at #42 while our silly blog is all the way up at 14. He can have our spot, and you can promote Peter Lindstrom from 3% of the 21st top influencer to 100% of the 42nd.

PS: You can tell me that it’s not really an ordered list. But then you’re going to have to acknowledge that Alan Shimel is not really more important than Bruce Schneier, and you may wind up in a blog war with #1 influencer Amrit Williams.

Viewing 30 Comments

Trackbacks

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus