Right, not really. Previously, I blogged about 'Big Bang' project put off to 2008. Well, holy moley, it is 2008 and time is running out! So, I was amused by Some fear debut of powerful atom-smasher. ("Atom-smasher." I like it.) "Obviously, the world will not end when the LHC switches on," said project leader Lyn Evans.

But, what really got me laughing is:

David Francis, a physicist on the collider's huge ATLAS particle detector, smiled when asked whether he worried about black holes and hypothetical killer particles known as strangelets.

"If I thought that this was going to happen, I would be well away from here," he said.

Well, really how far away could one get from the Earth being swallowed by Switzerland? (And no, I don't really think CERN will cause a black hole. Just the same, imagine the insurance they have to carry!)

Every meeting can start with a contest. Everyone "plays" or demonstrates what his or her phone sounds like when it "rings." The one with the most obnoxious one wins. Second place wins for the most embarrassing. These ratings are assigned by the group.

I had to chuckle. No, it really was an "LOL," as my kids text. I read Hints of 'time before Big Bang,', in which we read, "A team of physicists has claimed that our view of the early Universe may contain the signature of a time before the Big Bang."

Okay, let me get this straight. The Cosmos as we know it did not explode into existance from nothing at the event we know as "The Big Bang." It exploded from something? What? The Cosmos-1?

There is this very basic, foundation of... what? sense versus nonsense? "Ex nihilo nihil fit." Out of nothing, nothing comes. It doesn't really matter how many big bangs there were. You either believe in an eternal self-existant cosmos or... No, we'l leave it at that. A cosmos that has existed for eternity past is so much safer.

I just need to figure out how to code this up:

IF

• The From: address is all in capital letters
• The word "widow" is in the message body
  and either
  • The Subject is "greetings in the name of the lord!"
    or
  • The Subject: is in Hebrew (this won't work for everyone, I know)

In February, Dark Reading published, The Myth of Conventional Wisdom. I posted a comment. A rebuttal really. It is no longer on the website. (No comments or discussions are for the article.) I think the discussion—what Tim wrote and my opinions—might be useful to present here. So, read his piece (let me know if the link no longer works; I saved a copy). And then read what I suggest, below.

I believe you've misused the term "conventional wisdom." Conventional wisdom are things that are generally accepted as true by most people, not by experts in the field. I suggest that if you ask experts in the field—and for grins, let's stick with people who have been in the business for more than 2 years—you will find that none of the things you mention came as surprises. In fact, they could have been, and have been, predicted. But, using the correct definition of conventional wisdom, I agree with your assessment of conventional wisdom in the info security realm.

You write, "The problem with IT security is that it's not a conventional discipline. It changes with the nature of the business and the nature of the threat." No. Particulars change, but fundamentally there is nothing new in the attack space, and has not been in years.

Neither of the examples you give of zero-day attacks (are we really surprised that attackers go for the low-hanging fruit?) and identity fraud surprised experts in the field. The public believes that because loss of 100,000 credit card names and numbers will lead to more people exploiting more cards. The expert knows that you are still more likely to have you card number taken and used by the young waiter who served you last night.

And what network or security expert said that "DNS systems were unassailable"? Steve Bellovin discovered flaws in DNS almost 20 years ago and security extensions to DNS started in the late 90s. But, yes, "conventional wisdom"&mdashwhich we see is no wisdom at all—would say otherwise.

"IT security 'wisdom'" is far from "fleeting." We just continue to forget the past, and believe that everything is new and needing new solutions. "The security pro" who forgets the basics and neglects what has worked before "will surely be the first one attacked tomorrow."