amanfromMars 1 Fri 4 Dec 11:23  ….. sharing the/a reality on http://forums.theregister.co.uk/forum/1/2015/12/03/industrial_control_system_gateway_fix_opens_heartbleed_shellshock/
An In-Q-Tel's Worst Nightmare and Super Sublime Attack Vehicle
Trying to "stay secure" sounds a lot like trying to climb an untied rope in free-fall faster than it's falling to avoid hitting the ground; ie. a nice ideal but an oxymoron nonetheless. Granted, the sort of shenanigans described in the article doesn't help at all - but even in its absence, even the best security will only get you from "ludicrously unprotected" to "merely vulnerable". Even if you religiously apply every new patch as soon as it comes out, you're perpetually open to attack from anyone interested enough in the time-frame between the discovery of the latest hole and the release of a fix for it. Strict patching and doing nothing both work best if no-one is actually trying to get in; once someone wants to, _both_ are a game of Russian Roulette, the only difference is the number of bullets in play. Patching - a smart thing to do, just don't expect it to change anything whatsoever… … DropBear
That is what makes the CyberIntelAIgent Defence Systems Enterprise such a Root Hoot to Boot, Mentor and Monitor, DropBear. Security is not needed whenever Sub-Prime is not an Element or Component in Projects and Programs.
Lipstick on a Pig of a System is a waste of Lipstick and changes not the Pig of a System.