Online Trust Failing Overall

twitter writes "The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure. The BBC goes on to quote experts who back up the perception, ZDNet claims that action is being taken and is well."

Re:A lot of the problem is bad design

[EnronHaliburton2004]

or not taking the security concerns seriously.

In my experience during the last few dark years of the dotcom bust, too many of the people responsible for security were canned. I had to quit my last job after 6 months because my suggestions on security -- Simple things such as "Don't use Telnet. Use SSH." and "You really shouldn't 'chmod -R 777' everything", were seen as a barrier to progress.

I speak to too many technical managers who don't understand why opening non-anonymous FTP is a bad thing, when everything else is done over SSH or a secure VPN connection. When I discuss SFTP, they scratch their head and drool a little bit, and it's clear they don't understand the threat of cleartext passwords ...

Scary...