Disclaimer: as always, unless expressly stated, the views expressed here are my own and do not necessarrily reflect those of my current or former employers.
Because people hide behind titles!
Director of Research in Computer Forensics lists on his blog IP addresses associated with the latest run of Storm. I thought that everybody got the memo, but seemingly some didn't: Storm is hosted on a fast flux network, using compromised home computers! Enumerating those IP's has the same value as saying
fraud is happening on the Internet!
From the ThreatExpert blog: new Rustock, blah, blah,
All communication with the server is encrypted with SHA1. I kid you not. There are still some people out there who don't know the difference between encryption and hashing.
Final example: as part of my studies I was participating at a presentation held by a telecom equipment manufacturer, who was explaining some communication protocol and said
the passwords are encrypted with MD5. I didn't want embarrass the guy, but I really felt a strong urge to throw a thick security book at him. And these are people responsible for the security of our communication infrastructure!
So remember, the next time you say
encrypted with MD5/SHA1 I might be in the audience and you might get hit by a book!
To end on a optimistic note, here is an article from InternetNews.com which emphasizes the need to study and learn continuously.