Quite right! Everywhere - in real or virtual world - there is a lot of ghosts, old-fashioned standarts and conceptions. This business world is unready to realize, that they are responsible for something else than billing us for another security patch. It's not matter, that the patch they offering you now is for fixing one old problem and for adding three new ones at the same time... I'm an IT-security advisor in my company in Russia, and beleive me - yes, there's a real possibility and urgent need to change things overnight, but they JUST DON'T WANT to do that, until they won't see a "real hazard"(end of cite). I'm making a new email server right now, because until all the company employees were overflooded by spam and trojans, until it became such a hazard than they started to loose their data - all my recomendations were ignored with a smile and IT department was just receiving their payments as a primary job function... Business world is rather to make another useless, but signed and discussed, sheet of paper - than to make something real good, something that they really and urgently need. And about programmers, OSes and all the hardware/software stuff - yes, it's an Administrator who was hacked. Not a system. Every system, every distribution - it's like an ink on palette - the picture is drawn by root administrator. And it's rare case, if you'll see a beautiful screenshot of good-used skills and praktice - it's often a core dump of theoretical knowledges with big ambitions inside without any common sense and usability/security for end-user ... I'm glad, that you have the same opinion about all the old-fashioned standarts - at least I'm not the lonely one in such a thoughts. Email, HTTP, Telnet - beleive me, it will live and grow forever. Not because of need in it, not because of improvements, but because of all the business people built-in directive "the oldest is the best - let's keep it all working for one more day and save our money"... Sad, but true.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/336/32112#32112