I love this kind of statement. It contains total ignorance of the fact, that security is not an absolute value and that it should take into account the actions of people attempting to cause damage. This time it was Hans-Jürgen Nantke, head of the German governmental trading platform for CO2 emission permits (DeHSt - Deutsche Emissionshandelsstelle), who said this, after a successful phishing attack had caused a damage of 3 Million Euros to some of the companies using this platform to trade their emission permits.
Imagine - a trading platform where "real" money is being moved - with just a simple password protection. Not even transactions are protected with TANs. Once you have access to one of the 2,000 accounts on this platform, you can do anything. And they did. The only thing the attackers did slightly better than in most other phishing cases - their mail did not contain too many spelling errors and looked pretty serious.
I hope that the companies now suffering the damage take a good lawyer, because it will be not very difficult to proof, that in the year of 2010 the technology market offers some better options to separate assets from threats than just a simple password.
What really strikes me is that again it is a German governmental institution showing this kind of willful ignorance, when it comes to technology.