Although slightly more sophisticated than spouting off how many bits of encryption a protocol uses, saying that a given protocol is not Internet-facing, or claiming that to fix an implementation flaw in a weak protocol you should upgrade to protocol that uses SSL, some of the security cliches (or at worst, half truths) that undermine his credibility, and even I can recognize include:
- Open source is more secure...
- He mentions viruses and virus vendors in his first breath.
- Equating security fixes with security/insecurity (and slamming VMWare!)
- Bringing up EAL something or other
- Mentioning TPM in any context
Done. There no more faux Hillary (or Hilter) on top. Can sleep now.