So Many Holes, So Few Hacks By Michelle Delio http://www.wired.com/news/infostructure/0,1377,56955,00.html Experts who discover and report security holes seem to be far more industrious than the malicious hackers willing or able to exploit those holes. Despite the thousands of hackable holes that lurk in e-mail, on websites, in files and operating systems, most users' computers are never afflicted with more than the virtual version of a sniffle. Few of the ominous potential traumas reported in 2002 turned out to have any real impact on most computer users. The Klez virus infected some machines and spawned spam that continues to clutter many e-mail inboxes. And the Linux Slapper worm made more work for some systems administrators for a while. The rest of 2002's reported security holes appear to have languished, unexploited. Some security experts suggest that malicious code attacks do happen but are dismissed by most users as just another wonky Windows software crash. But those same experts also cheerfully confess that most exploits aren't all that exploitable, and that the security industry profits by stirring up fear and frenzy. Experts also wonder whether they and their colleagues devote entirely too much time to pouring over program code looking for possible exploits. .....
