Well the ASN exploit _could_ have been huge. Historically everytime an exploit comes out and everyone says it's not a big deal they are proven wrong pretty quickly.

I whole heartedly agree with your belief security has become product. Talk to any IT manager they can tell you the names of a million AV companies, firewalls, spam protectors, etc. etc., but they couldn't tell you the first thing about actual security. The AV/Firewall/etc companies need this because without IT manager ignorance they have no company. Security is not a product, but unless the AV companies can make it one they don't make any money. They keep the public just enough informed for them to know security is a problem and just ignorant enough for the public to think they are the answer.

The biggest problem is email viruses. We could almost completely get rid of them if we a)used pgp sigs religiously b) disallowed ALL attachments. People have started using their email accounts like they are file transfer clients. Or, if that is not possible, have all files sent or recieved encrypted and signed and unless they are, automatically do not accept them.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/225/25370#25370