“They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite complacently. As you turn up the heat, the frog will sink into a tranquil stupor and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death. The security industry is much like that frog; completely and uncontrollably in disarray – yet we tolerated it since we are use to it.”
This paragraph starts of Noam Eppel’s article titled The Complete, Unquestionable and Total Failure of Information Security. I think it’s a very interesting read but I don’t entirely agree on his more or less pitch black view of things. I guess it reminds me to much of Despair Inc..
There are a lot of problems when it comes to IT Security, but this doesn’t differ much from the “real world”. Sure you have click and play rootkits and what not, anybody can learn to break into a computer using tools easily found. You don’t have to be skilled to; grab someone’s purse, steal a car, physically “deface” someone, blackmail, steal from the office and so on.
Ok, so the Internet is a dangerous place. This doesn’t mean consumers or corporations can’t mitigate the risks and stay reasonably secure.
Might I guess that the user who created the screenshot with all the spyware wasn’t logged in as a limited user?
Anyway I’m looking forward to Noam’s next update and make sure you read his article.
[tags]security, cyber crime, hacking[/tags]