[Full-Disclosure] Wired.com: So Many Holes, So Few Hacks

From: Richard M. Smith (rms@computerbytesman.com)
Date: 12/30/02


From: rms@computerbytesman.com (Richard M. Smith)
Date: Mon, 30 Dec 2002 10:15:14 -0500

So Many Holes, So Few Hacks By Michelle Delio
http://www.wired.com/news/infostructure/0,1377,56955,00.html

Experts who discover and report security holes seem to be far more
industrious than the malicious hackers willing or able to exploit those
holes.

Despite the thousands of hackable holes that lurk in e-mail, on
websites, in files and operating systems, most users' computers are
never afflicted with more than the virtual version of a sniffle.

Few of the ominous potential traumas reported in 2002 turned out to have
any real impact on most computer users. The Klez virus infected some
machines and spawned spam that continues to clutter many e-mail inboxes.
And the Linux Slapper worm made more work for some systems
administrators for a while.

The rest of 2002's reported security holes appear to have languished,
unexploited.

Some security experts suggest that malicious code attacks do happen but
are dismissed by most users as just another wonky Windows software
crash. But those same experts also cheerfully confess that most exploits
aren't all that exploitable, and that the security industry profits by
stirring up fear and frenzy.

Experts also wonder whether they and their colleagues devote entirely
too much time to pouring over program code looking for possible
exploits.

.....