Slashdot Mirror
Why All The Hype About 0day?
nuthinbutspam writes "Michael Sutton has up an interesting post on the security vulnerabilities that we really need to be concerned about. According to Sutton, it's not the new ones that are scary, it's the old ones that have long since been forgotten. He illustrates his point by walking through an example where he uses Google and Yahoo! to identify 50 web servers that are wide open to attack. The list includes an ivy league school, various colleges and a company traded on the NYSE. Sobering stuff."
I wonder if his webserver was one of the 50.
If you, as the admin, haven't secured your systems for KNOWN vulnerabilities, then you probably aren't one of the people concerned about 0 day exploits.
On the other hand, those of us who DO secure their systems ARE concerned. And rightfully so.
Don't forget, no matter how much you firewall or patch or try to secure your systems and network, you can never truely protect yourself from an uniformed user. All it takes is one user getting their personal laptop infected and putting it back on the corporate network for it to attempt to spread. And all it takes for the it to take hold in the network is a couple of developement boxes that some group has forgotten about for a few years and forgotten to patch. And while your most important systems remain protected, worms and viruses can still cause havok by flooding the network, sending out bogus emails, etc. And then you have to take time off your projects and track down those old boxes and deal with their owners. So yes, while old problems are not hard for you to protect against, never forget the other person who doesn't know how to protect themselves and how they can still effect you.
Space for rent, inquire within
Why the omnipresent need to analogize the most straightforward things? The world may never know.
Because a good analogy is like a diagonal frog.
We're all born with nothing.
If you die in debt, you're ahead.