But since a majority of the people on the list are are least certified in
one area or another, I am going to rant for a minute on the significance of
"XYZZY" The term 'XYZZY' from the Crowther and Woods Adventure game has
propagated widely throughout both academia and the computing community.
This nonsensical string of consonants is still a part of the vocabulary of
many who participated in computing's earliest days.
"XYZZY" also appears in Microsoft Window's Mimesweeper game: type xyzzy,
followed by ENTER and the right SHIFT key. A tiny dot will appear at the
top left corner of the screen that will change color depending on whether
the cursor is over a bomb or not. . This feature temporarily diasappeared
in Windows 98, but reappeared in Windows 2000.
Actually the use of the word is still mentioned in
http://www.oreilly.com/catalog/puis/
"You are in a debris room filled with stuff washed in from the internet. A
low wide passage with cobbles becomes plugged with mud and debris here, but
an awkward notion strikes you to hit your browser's "Back" button in the
hope that this will take you west toward the faint glow of as-yet-unsorted
captured text files. A note on the wall says "XYZZY""
And some of the most popular Network based Intrusion Detection system
scripting language is based on their dabbling into MUD game development.
It's great to earn all that certification, but what is being glossed over
at every single organization offering their certification shingle is the
history which ione can then deduce why Internet security is in the shape it
is. That is the difference between a good honest to goodness security type
person versus the Joe Blow/Jane Blow who just passed all the SANS
certification, and is now advertising themselves as "Hi, I am so and so,
and I will be your security expert today".. Understanding why Internet
security is in the sad shape it's in, and producing solutions or working
with vendors in producing less than sloppy code. There should be no reason
why buffer overflows still exist but they do.
Basically, the direction and meaning of security certification is the
following:
"There's no earthly way of knowing which direction we are going. There's no
knowing where we're rowing or which way the river's flowing. Is it raining?
Is it snowing? Is a hur-ra-cane-a blowing? Not a speck of light is showing.
So the danger must be growing. Are the fires of hell a-glowing? Is the
grisly reaper mowing?! YES! THE DANGER MUST BE GROWING! FOR THE ROWERS KEEP
ON ROWING! AND THEY'RE CERTAINLY NOT SHOWING! ANY SIGNS THAT THEY ARE
SLOWING!!!"
It is a world where security professionals learn perils of greed when they
work for eccentric organizations throughout their career..
/cheers
/m
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
