We're not all perfect, bulletproof or even smart. Funny how it works that way. In fact, there's a certain percentage of IT and security pros out there that come up with bone-headed, stupid ideas - and who make decisions based on those ideas.

Marcus Ranum wrote about what he calls "The Six Dumbest Ideas in Computer Security." It's a good read, and I agree with almost everything he says there:

http://www.ranum.com/security/computer_security/editorials/dumb/

In reality, anyone in the IT and security field should have a solid, well-formed opinion that they can back up on everything Marcus mentions in his essay.

(via Bruce Schneier)