In a followup blog post on Zalewski’s security engineering rant, Charles Smutz argues that security engineering cannot solve the problem of targeted attacks:
»Lastly, while it technically would be possible to engineer defenses that would be effective, very few people really want to live the resulting vault in fort knox, let alone pay for the construction.«
So what can security engineering do for us—and what can we do if we want to take reasonable precautions against targeted attacks?
P.S.: This new paper by Cormac Herley might be losely related: The Plight of the Targeted Attacker in a World of Scale. I haven’t read it yet.