said by lugnut :I have no time to argue with people who refuse to acknowledge the obvious.
... but you seem to have plenty of time to argue with people who have more hands-on insight on a topic than you do.
said by lugnut :Heartbleed existed for over a year before it was "Discovered" by the white hat crowd.
That's a great example of what I'm referring to - how many sites were still exploitable
after Heartbleed was public knowledge?
From Wikipedia (not Genius Hacker Monthly):
"A fixed version of OpenSSL was released on April 7, 2014, on the same day Heartbleed was publicly disclosed."
"As of May 20, 2014, 1.5% of the 800,000 most popular TLS-enabled websites were still vulnerable to Heartbleed."
That's more than a month of time to patch... and that was just the 'most popular' sites.
Quite frankly you don't have any credibility when you refer to 'idiot admins' as you exhibit sheer ignorance on the topic of security. People like you are grossly contributing to ineptitude in suggesting that it's not a preventable issue. This attitude gives cheap decision makers a pass for bad decisions, diminishes the wages of skilled technical people, and encourages the hiring of unskilled technical people.
You refer to 'the next big thing' but what you fail to realize is that sites and networks are regularly compromised because people in responsible positions that fail to follow competent security practices.