Just in case you forgot, security is only as strong as the weakest link.
Security is not about how strong your systems are. It is all about how weak they are. Security is not about the 99.99% uptime your firewalls boast of. It is all about the 0.01% time when your systems are open to attacks. In fact security is not about systems. It is about processes and people. That is why we hear about all the successful social engineering attacks even on the most secure systems in the world.
I would argue that we have excellent cryptographic algorithms and protocols that can remain secure for many years to come. For instance, when we double the key length of AES from 128 bits to 256 bits, the security is not just doubled; It is increased 2^128 times. That is a huge difference. This means that most of our security failures are not the case of some expert cracker breaking our algorithms or protocols. Instead, all of the attacks target our implementation flaws.
Read more if you are interested:
- The Six Dumbest Ideas in Computer Security : Marcus Ranum
- Security in Ten Years : Schneier on Security
- A case of the wrong technology applied incorrectly : Avi Rubin
- Massive Computer-Assisted Fraud : Steve Bellovin
- Human-scale security and the TSA : Matt Blaze
- And the lighter side: http://geekz.co.uk/schneierfacts/fact/26
[...] Security issues are discussed all over the web as if everyone cares. Actually none does. Anyway, amidst the fuss, we do miss many simple things. [...]