Um...what "security experts" are you hanging around? Sure, there are a lot of charlatans in the field, but that doesn't mean they're all pretenders.
Personally, I put little stock in security wizardry claims. I instead look for papers, utilities, and presentations done by the party in question. Those speak more clearly to their skill set than any FUD-hyped media coverage or overinflated security claims.
21 posted on 01/03/2006 10:56:26 AM MST by Prime Choice
Security will always be big issue until the industry comes to understand
that the greatest charlatan is Bill Gates.
The basic design of all windows allows for penetration.
Vista will be no better!
BSD was designed on a DARPA contract to be unhackable twenty-five years ago.
Long live OSX and Solaris.
Get Root !
The secuirty field has become a hot field. Like web scripters in the 90's everyone and their dog is getting into the field. The market has become a mess. Take a short example.
For some reason my CTO wanted to implement webmail. He went with exchange because M$ gave it to us for free. We called in a security expert /MCSE to give us the lowdown on the risks associated with implementing OWA. Goes like this
Security expert: Open these two billion (I exaggerate) ports and your webmail can sit on your DMZ.
Myself: No
Security expert: It will only work that way, I'll secure your DMZ for you
Myself: No
Security expert: OK big shot
Myself: Proxy pass through Unix open one port 443 on the firewall.
Security Expert: Refers to Unix box as magic box. Refers to solution as wizardry. Still claims that it should not work.
Security Expert still gets paid wanders off with head up ass.
I admit there are guys out there that are good, very good, but my experience with the majority has been lacking.