The Standardized Critique (LART) Form
Written by Gordon Fecyk, 11/28/2007
COMPUTER SECURITY ARTICLES are taking a standardized form these days. They usually contain certain standardized elements:
Usually, the vulnerability / exploit / hack attack / malware / etc requires certain conditions to be met to work in the first place. Usually, it's very easy to avoid such conditions, rendering the threat harmless.
Critiquing these things is getting boring. It's like a chore: You have to do it to keep these guys on their toes, but eventually there's no fun in it anymore. You can only laugh at the same old clichés so many times before they start to get old.
The anti-spam industry had a solution to the problem of repeated critique back in 1997. They called it the "Standardized LART Form." And it's high time someone resurrected it for critiquing computer security articles.
Rather than bore your readers with the same old critiques and, even worse, type them out every time, just copy from here and paste into the comment boxes or e-mails to your favourite computer security authors. Then, check all items that apply -- that is, put an "X" in the spaces that apply.
Feel free to modify this form to suit your needs, especially if your author's comment forms can only take so much text. Also feel free to send changes to me, so I can add them here.
Standardized LART Form for poor computer security articles Released under the GPL v2 for everyone to use. Please modify as needed and send mods to email@example.com for redistribution. See http://www.gnu.org/ Check all that apply to this article. You may have to delete unchecked items to fit in the space alloted by the author's comment form. For a copy of this form, visit: http://www.antiwindowscatalog.com/index.asp?mode=rant&id=50 Indices ======= Troll-O-Meter: [ ] 10. More slime than in all the gutters of NYC [ ] 9. Caps lock is all stuck^H^H^H^H^jizzed up [ ] 8. Them little increasingly expensive dolls [ ] 7. False reverend [ ] 6. False prophet [ ] 5. Grand Nagus [ ] 4. Gargamel [ ] 3. Enough warts to put Compound W into the Fortune 500 [ ] 2. Your lips keep flapping, how odd [ ] 1. You're operating a toll bridge out of season without a permit Flame Meter / Threat Level: [ ] 10. Lucifer's tanning bed [ ] 9. Dante's Inferno [ ] 8. Crankshaft's barbecue [ ] 7. Napalm [ ] 6. Bonfire at a book burning demonstration [ ] 5. Weapons grade flame-thrower [ ] 4. Bonfire at political demonstration [ ] 3. Car bomb [ ] 2. Dynamite [ ] 1. Firecracker [ ] 0. Paper bag full of air BS Meter: [ ] 10. "Don't use Microsoft Windows. End of problem. Use Linux or a Mac." [ ] 9. A day's work for the street sweeper in Pamplona [ ] 8. "My personal integrity is none of your concern" [ ] 7. "I am not a crook" [ ] 6. "We're here to protect you" [ ] 5. "Now that I've been found innocent, I'll pursue the REAL hacker" [ ] 4. "We are not in the business of scaring people" [ ] 3. Pro wrestling [ ] 2. "Can't we all just get along?" [ ] 1. "I MEANT to do that!!" Conditions of exploitation ========================== Your article assumes the victim: [ ] Uses Microsoft Windows [ ] ...with Administrator access [ ] ...without regularly visiting Windows Update [ ] ...and turns off the firewall (XP, Vista) [ ] ...and turns off User Account Control (Vista) [ ] Uses Windows 95, 98 or ME and not 2000, XP or Vista [ ] Uses MacOS X [ ] ...without using Apple Software Update [ ] ...and gladly provides his admin password to everything that asks for it [ ] Uses some distro of Linux [ ] ...as Root [ ] ...while surfing the web / checking e-mail / etc The problem described was addressed: [ ] More than a month ago by a patch [ ] ...more than a year ago [ ] ...more than five years ago [ ] More than a month ago by a simple workaround [ ] ...more than a year ago [ ] ...more than five years ago [ ] By the current version of whatever has this problem [ ] ...by the previous version [ ] By turning off whatever useless feature has this problem [ ] ...by leaving it turned off as part of the default setup Reproducing and/or exploiting the problem requires: [ ] Clicking a malicious web link [ ] ...while logged on as an Administrator [ ] Opening a malicious attachment in an e-mail [ ] ...while logged on as an Administrator [ ] Following whatever instructions the perp says [ ] ...with the promise of money / sex / music / whatever [ ] Jumping through more hoops than a dolphin at Sea World Exploiting the problem also requires: [ ] Google [ ] Blogspot / Blogger / other major blog site [ ] A laptop and a 56k modem Umbrella salesmen predicting bad weather ======================================== Your article cites: [ ] A computer security firm [ ] ...more than one firm [ ] ...more than one person from the same firm [ ] An organization sponsored by a computer security firm [ ] ...more than one person from the same organization The quoted person / firm / organization: [ ] Has a fix for the problem for a price [ ] Claims they had known about and/or had fixed the problem [ ] ...more than a month ago [ ] ...more than a year ago [ ] Predicts the death of the Internet as a result [ ] Predicts the death of their own firm or organization as a result [ ] ...by association [ ] Has unearthed a diabolical conspiracy to destroy the Internet [ ] ...or whatever Celebrities =========== Your article cites: [ ] A Hacker [ ] ...ex-Hacker [ ] ...wannabe [ ] ...who says he can take down "X" with this problem [ ] A federal agent [ ] ...who's been retired for more than one year [ ] ...more than ten years [ ] ...who worked with a computer maybe once [ ] A politician [ ] ...who was chastised for gross incompetence [ ] ...shortly after 9/11 [ ] An athlete [ ] ...with big... um... whatever [ ] Paris Hilton The celebrity is relevant to this article because: [ ] He or she crafted an exploit that takes advantage of the problem [ ] ...or copied the exploit from the person who really crafted it [ ] ...or watched his or her child's teenage friends do it [ ] He or she did far worse things in his or her time [ ] He or she attracts attention to the problem [ ] He or she looks cute / sexy in a photo The author or quotee accuses the following celebrated entities of abusing the problem: [ ] China [ ] ...even though the author or quotee's firm admits to sending virus technology to China [ ] North Korea [ ] Any other country on the list of Cyber-Enemies of the United States [ ] Al-Qaeda / Al-Qaida / however they're spelled [ ] The Irish Republican Army [ ] The Recording Industry Association of America [ ] The Motion Picture Association of America Punishments =========== For crafting this article, you deserve: [ ] To be interviewed by... [ ] ...Rick Mercer [ ] ...Rob Rosenberger [ ] ...John Leyden [ ] ...Steve Gibson [ ] Megabytes of hate e-mail [ ] ...Gigabytes [ ] Sixty or more negative comments on your article / blog / YouTube video / etc [ ] ...each [ ] A nitpicking diatribe demonstrating your lack of... [ ] ...computing knowledge [ ] ...historical knowledge [ ] ...legal knowledge (WARNING: Do not check this without a license to practice law) [ ] ...a clue Before writing another security article, you must: [ ] Ask one or more real security experts first [ ] ...that don't work for computer security firms (Yes, they do exist.) [ ] Ask a critic of whoever you're going to quote [ ] Try reproducing the problem yourself [ ] ...while logged on with a Limited (XP) or Standard (Vista) account [ ] ...while leaving User Account Control (Vista) turned ON [ ] Use your favourite search engine for research [ ] ...and not just Yahoo! this time [ ] ...or MSN [ ] ...or AOL [ ] Search vmyths.com [ ] ...snopes.com [ ] Search something else besides Wikipedia or Everything2 [ ] Buy a copy of "Euthanize the Internet" by Rob Rosenberger [ ] ...and actually listen to it for more than five minutes [ ] Proofread your last article again, hopefully learning something
Recently Edited Categories:
All trademarks are property of their respective owners.