Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. Noam Eppel writes how the Internet security is failing and what can be done about it. He compares the current state of security industry with a boiling frog:
They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite complacently. As you turn up the heat, the frog will sink into a tranquil stupor and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death. The security industry is much like that frog; completely and uncontrollably in disarray – yet we tolerate it since we are used to it.
The article lists out attacks that made the headlines recently and points out that failure can be seen everywhere — spyware, phishing, trojans, viruses, worms, spam, botnets, web application vulnerabilities, DoS attacks, Active-X, passwords, patch management, zero-days, wireless access points, internal attacks, vulnerabilities in security software, mobile viruses and encryption.
Recently Noam Eppel has published an update to the failure article with Community Comments & Feedback, where he highlights the Good, the Bad and the Ugly comments generated by his article.
I think both articles are very useful, with loads of data and insights, specially for Information Security Professionals.