I've audited enough crappy systems to say with some faith that there are VERY few systems out there that would stand their ground against an at least halfway organized assault.

And I'm not really disclosing anything that is under tight NDA or similar bull. Anyone who has an inkling of a clue about IT security will come to that conclusion by the hacks that get public alone. Take the Anonymous/LulzSec (or whatever that was called) hacks of some time ago. Now, I don't want to belittle their effort, but when you look at how high profile the targets were and what simple tricks were involved, you can't help but wonder.

I can't think of a single published attack vector they used that was not part of the OWASP Top 10, which is pretty much the baseline for IT security. That's essentially the very least of what you have to have "down" when you're at least remotely concerned about the security of your IT assets. We're talking about the equivalent of having your door locked at night or closing your windows. Very basic stuff that makes you wonder just why it was possible for them to overcome.

You stop wondering when you spend a bit of time in the corporate IT security business. The problem boils down to a single factor: money. And that's where security really has a problem: It costs a ton of money, but makes none. Every cent spent on security is gone with no chance to ever see it again. And you spend a lot of cents on it because not only the people who can do it sensibly are quite expensive, but because security is also usually anathema to productivity. Of all the companies I know, only in a single one security trumps productivity and availability in cases where they are mutually exclusive (and they are usually numerous). One. Out of hundreds.

IT security is much like an insurance. And just like with many "unnecessary" insurances, companies have it mostly due to either legal or contractual requirements. And just as with insurances, they will "waste" only the bare minimum of resources on it, just enough to abide to contract or law.

I think it goes without explanation just why such a Potemkin village of security straw huts won't stand a breeze, let alone some dedicated storm.

When did that happen? Why didn't I get the memo?

I prefer to "neutralize" them. It sounds way more legal.

Just 'cause your imaginary friend is ok with it doesn't mean that it's sensible.

Now suddenly the free market, with its rule of supply and demand, is bad?

I have to admit, it could hardly come at a better time. Budget talks are due.

(this is me doing my happy dance)

I'd rather not call the average attack "very advanced". I'd rather call the average security situation in the average company "very crappy".

And I have little reason to assume this being different.

At 30 mph your braking time (the time between slamming the brakes on and you stopping) is 1.8 seconds. Reaction time varies, but depending on circumstances it usually is between half a second and a second.

At 55 we're already at well over 2.5s for braking alone, without reaction time.

All of this assuming dry weather and tire and brake condition.

In short, not slamming the brakes down will not allow you to come to a stop before the traffic light turns red.

Allow me to present a sensible traffic light.

Please tell me how in the world you could possibly be surprised by it turning yellow. If your reaction speed is THAT low, you should NOT be on the road!

(and yes, that yellow phase is a bit short, but essentially you should not even enter the intersection at yellow anymore)

So I should be expected to see the next disarmement talks being held at DefCon or BlackHat? You sure have a lot of people with WMDs assembled there anyway.

I expect him to have insurance because, at least in my country, your number plates are gone if you don't. You simply don't get any unless you can prove that you're covered. And even if he doesn't pay his premium for a time, his insurance is required to cover him until they can be assed to cash in his plates (so guess who is REALLY interested in you NOT having any license plates when you stop paying for your insurance?).

Trust me, whoever is on the road with license plates in my country HAS insurance. And without plates you don't get far, our police kinda wants you to have some.

Well, thankfully I live in a country where it is virtually impossible to get into the predicament due to the special way our traffic lights work. You know 5 seconds before your green light goes to yellow that it's about to happen.

Actually I have on more than one occasion. Funny enough, never in front of a traffic light.

I don't know about your country, in mine it's easy: You rear end someone, you're guilty. Period. There is no good explanation you could possibly give why you couldn't keep enough distance that you had enough time to react and stop your vehicle before slamming into another one.

I know exactly one case that didn't end like this, and only because the rear-ending car could PROVE that the other one was slamming into him in reverse instead of the other way around.

Aww. You could've taken him for a ride and you let him get off this easily.

I'll invent a tool that allows you to kill people via a phone line. I could see a really HUGE market for something like this.