The Complete, Unquestionable, And Total Failure of Information Security
In this SecurityAbsurdity.org editorial, Noam Eppel writes about the current state of information security and how security professionals have been failing themselves, their community and the people they are meant to protect. One of the good things about this article is that it points to one of our password cracking tutorial to prove that passwords, even if they are complex, aren't really safe after all. A great read for anyone who is even remotely interested in IT security.
They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite complacently. As you turn up the heat, the frog will sink into a tranquil stupor and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death. The security industry is much like that frog; completely and uncontrollably in disarray - yet we tolerated it since we are use to it.