What motivates a journalist?


OK, I have to unload a burden here.


I often interact with the tech press in various places throughout the world. I've had wonderful, productive meetings with many fine journalists. New Zealand and Malaysia particularly stand out in my memory. However, a thing has happened today that, while not affecting my relationships with individual journalists, irritates me about tech reporting in general.


Take a look at this: "Windows Wi-Fi patch could be a long time in coming." It describes a "vulnerability" recently reported by a researcher at a security conference. c|net also wrote about this two days ago.


I'm disappointed at the seemingly superficial reporting here. Mark Loveless (the researcher) has discovered a way to confuse unsuspecting people simply by taking advantage of a feature in Windows. He has not discovered a vulnerability. There's no error in either code or the default configuration here.


Today's article implies that a bad guy can get access to any system he wants to. Thing is, the default configuration won't permit that. You have to run as local admin and deliberately misconfigure your wireless settings for a bad guy to connect to your computer -- and when you do this, Windows warns you multiple times about potential threats.


It saddens me that, rather than truly analyzing the researcher's report, the journalist simply chose to report "yet another vulnerability."

Comments (4)
  1. Anonymous says:

    I was going to title this post "Microsoft Representative Says to Return Quickbooks for Refund". …

  2. Alun Jones says:

    Don’t forget that, with news articles, you have to contend with at least two people – the journalist and the editor. The journalist puts the story together, and submits it for publication. At that point, he usually loses control of the story to the editor, who makes changes, trimming for size without (yeah, right!) changing the meaning, correcting any "obvious" misstatements in the article without (yeah, right!) introducing errors, and then she gets to put a descriptive title at the top of the story. The title, of course, is designed to make the reader go "whuh?" and read the story, although in many cases that’s the same title as will make the reader go "yeah, that’s just what I always thought", and skip the story.

    So, let’s say you talk to a journalist and say "the only safe computer is one that has been unplugged and encased in concrete". The journalist writes it up as "Computers can be made safe by surrounding them with brickwork."

    The editor changes that to "Computers are not safe – bricks are." Then she adds the title "Windows vulnerabilities – again".

    News media – even trade journals – serve a single purpose – they bring eyeballs (near) to the pages containing the adverts. They will employ any means necessary to do so. Much like the joke’s computer salesman, they may very well not know when they are lying; there’s also the possibility that they have an agenda to push. [Security magazines want to persuade you that the world is unsafe, but can be made safe by buying more product, for instance.]

    The really good trade journals are those that attempt to rise above the fray by printing meaningful articles every now and again – but when things get busy, it’s easier to just "phone it in", and produce the headline that makes people stop long enough on the page to notice the advert next to it.

    My advice – try to ignore those papers that distort your words, and make sure that you publish the full story in a place that you control, to which an interested party can go for the full skinny.

    Of course, since you work for MS, there’s a natural inclination to believe that your prime motivation is to keep, or get, people using Microsoft software (and paying for it). We can only divine your motives from what we read of your content. 🙂

  3. RockyH says:

    I couldn’t agree more Steve. I recently had an issue with a guy who was emailing a security list and said that he discovered a remote code execution vulnerability in Visual Studio. Essentially he said that he could embed code in a User Control on a form and then when someone opened up the form.cs file in Visual Studio the code would execute.

    Well no kidding. This is how Visual Studio provides all the cool design time support for user controls. Sure you can create a user control or a designer that will do cool stuff when the control is on a form much like the Datagrid formatting designer. This isn’t a vulnerability or a bug, it’s Visual Studio operating the way it was designed to.

    This is like saying that I have discovered a remote code execution vulnerability in MS Word. All I have to do is embed arbitrary text into a *.doc file and when the victim tries to open the file it will display my arbitrary text on his screen.

    Sometimes I think people like this have Chicken Little syndrome. Every time they see something that anyone calls a vulnerability, all of a sudden the sky is falling.

  4. Scott says:

    Business as usual, it would seem, for a "professional" journalist. Functionality described, as designed. If the machine is deployed as perhaps it should be and security is considered an issue blah blah blah, then it is all just another yawn. Don’t get upset by this type of reporting. Just more M$ bashing. He is just another wanker, amongst the plethora of others. Anybody that has a clue will treat this "revelation" with the regard that it should accorded. Sweet FA.

Comments are closed.

Skip to main content