detecting snake oil
working for a bank grants me a privilege to work with a lot of partners in security-related projects. it seems that in most people mind, bank is equal to security, so they tend to set a very high focus on security (which is good) whenever they have something to present to me. all of the partners i've been working with for the last few years try very hard to prove that their solutions, their products, their networks...are secure. some of them are pretty awesome, working with them sometimes give me a lot of hints to do the right thing (TM) in security. unfortunately, those are rare. in other words, most are clueless about security. here are some hints that maybe helpful if you want to detect those snake-oil companies: 1. security-clueless often talks restlessly about stuff like firewall, ids, and anti-ddos (some even tell me proudly that their firewalls can strike back to the sources of the ddos attack;)). with all due respect to networking gurus, i have to say it seems that a lot of...