Some class of suppliers must be making money off of the weaknesses.
Anybody out there have a prescription for the cure?
Sure, but you're not going to like it.
The Internet was originally a walled garden, where its operators knew
who all the users were and could eject anyone who misbehaved. It's
not surprising that its design was robust against technical failures,
but not against malicious behavior by people who had access to it, and
it had essentially no security other than its physical perimeter.
Fortunately or unfortunately, the design was robust enough to scale up
many orders of magnitude to the Internet of today without any
fundamental changes to the design or security (non-)model.
Similarly, the most popular operating system on the net, Microsoft
Windows, was originally designed for standalone computers and then
disconnected office LANs, again with wide open access within the LAN,
and the security model mostly being a physical perimiter, with utterly
predictable results when it was attached to the public Internet.
Popular web applications such as blog hosting and content management
systems are riddled with exploitable security holes because people
select them for being cheap and full of glitzy features, not because
they're secure or reliable.
It's no surprise that retrofitting security to an existing design is
really hard, both because of design issues, and because users hate
anything that makes their systems harder to use. Even the stuff that
doesn't directly annoy users is expensive, and the key to
understanding the Internet's economic model is to realize that
everyone foists off costs on other parties as much as they can.
Hence we have millions of virus and worm ridden PCs, with nobody from
the users who own them to the vendors that sold the insecure software
to the ISPs (Internet Service Providers) through which the worms propagate taking responsibility
for fixing the damage they enable. We have untracable DoS attacks,
with hosts forging their source IP addresses with impunity, because
it's too expensive for networks to do proper ingress filtering.
Irresponsible ISPs and networks, not all of them, but we know who they
are, continue to get connections from Network Service Providers (wholesale
networks) that don't want to know what their customers are doing.
McColo festered for years
until the Washington Post named and shamed its providers, who then
turned them off overnight.
The basic answer to your question is that the people who run the net,
all umpteen million of us, have collectively decided that it's
cheaper to live with the damage that criminals cause than to deal with
the problems that let them do it. Change that attitude, then we can
talk.
