Re: Dilemma
The trouble is that it's a dilemma. With the first, you MAY have a crack team running the place...or you could have a bunch of idiots who couldn't be asked to fix a breach on a weekend. With the second, when something happens, you can nip on down yourself and work on it...if you have the time and wherewithal to do it.
As for limiting scope, guess what's one of the hottest things in the exploit trade? Privilege escalation. With them, it doesn't matter how limited the entry point is, it becomes like the proverbial foot in the door: all they need to bust the pinata wide open no matter how hard you set things up. Use a VM? Red Pill. Separated machines? Gather credentials then traverse the intranet. Quite simply, if there's a door, someone can kick it down, and because physical presence is not required unlike your front door, everyone's going to come knocking eventually.
I frankly think this'll come to a head and start asking existential questions about the Internet: questions about whether or not we need to start over using a whole different model of statefulness and (dis)trust. Kinda like how open season eventually gives way to necessary regulation.
Biting the hand that feeds IT
