http://news.cnet.com/8301-27080_3-57389046-245/why-the-security-industry-never-actually-makes-us-secure/ By Elinor Mills InSecurity CNET News March 3, 2012 SAN FRANCISCO -- Every year, security vendors gather at the RSA conference here to reaffirm their commitment to fencing out hackers and keeping data safe. And every year, corporate and government Web sites continue to fall victim to basic attacks. Heck, ubersecurity firm RSA itself was compromised not that long ago, as was digital certificate heavyweight VeriSign, even if it didn't admit it for two years. In other words, very little changes from year to year beyond the buzzwords du jour bruited about by security vendors. "It's Groundhog Day," says Josh Corman, director of security intelligence at Akamai. Art Coviello, executive chairman of RSA, at least had the presence of mind to be humble, acknowledging in his keynote that current "security models" are inadequate. Yet he couldn't help but lapse into rah-rah boosterism by the end of his speech. "Never have so many companies been under attack, including RSA," he said. "Together we can learn from these experiences and emerge from this hell, smarter and stronger than we were before." Really? History would suggest otherwise. Instead of finally locking down our data and fencing out the shadowy forces who want to steal our identities, the security industry is almost certain to present us with more warnings of newer and scarier threats and bigger, more dangerous break-ins and data compromises and new products that are quickly outdated. Lather, rinse, repeat. [...] ______________________________________________________________________________ CISSP and CEH training with Expanding Security is the fastest, easiest way to grock the relevant data you need now. A free class invite is in every PainPill. Sign up for the free weekly PainPill. It's that easy. http://www.expandingsecurity.com/PainPillReceived on Sun Mar 04 2012 - 23:23:51 PST
This archive was generated by hypermail 2.2.0 : Sun Mar 04 2012 - 23:18:38 PST