Thursday, January 17, 2008

Luck-based Security?

Fun quote from this interview with Art Coviello of RSA: "Coviello: But I can tell you that every retail customer I went into, and I say, Why hasn't this [TJX-scale breach] happened to you? They say, Luck. All these systems were built prior to the Internet and they get connected to the Internet and then all of a sudden everyone's a schmuck."

It is a very useful reminder that a lot of our "security" is luck-based: in other words, you are not 0wned 'cause nobody got around to hacking you yet :-)

Dr Anton Chuvakin