The last couple weeks I have been dealing with a security compliance scan for a website that handles financial transactions. I’m not going to tell you who is involved in any of this though. If anything it is just a general reminder that a lot of things that are touted as secure are very brittle. Not everything, but a lot of things. For instance, a couple weeks ago the Washington Post ran an article where they explained how Social Security Numbers can be predicted. Somebody can guess yours. Anyway, while talking to one of the guys from this security company, he misread the output of a standard testing tool called nslookup. It is for a quasi-obscure vulnerability and I’ll admit that I misread one minor item on their report, so we’re even. I just received a second report from this same company for a scan of another computer. The scan passed the computer with flying colors. So, why is this a problem? The scan didn’t detect anything. At all. It didn’t even see a web server running, but we are certified to use their compliance logo on it. These scans serve a legitimate purpose but some days I can’t help but wonder about people. This is why hackers have a saying that nothing is completely secure. There is always a way in. Don’t trust any more of your data to computers than you absolutely must. PS. Don’t worry if all of this doesn’t make sense. I could explain in more detail but I’m afraid it would make this post even less readable for most people.