OK, yeah, that was a reach. As long as it makes me giggle, things will be just fine.

I assume most of you are away from your RSS readers this week because you are furiously patching your DNS servers. The attack is actually quite genius, and continues to demonstrate the inordinate amount of trust we place in servers and data that should not be trusted.

The details of how the attack works can be read in the above linked article if you are interested. You probably don’t have the time right now because you are rushing to patch though.

Bruce Schneier takes this opportunity to lash out at the patching process. While some security pundits don’t take Bruce seriously, he’s got a point. The state he speaks about is a bit Utopian in nature, but the points are valid.

Can we get to a state where software is written with security baked in? Even if we can, would that prevent this or much more sophisticated attacks from occurring?

Electronic crime is a profitable business. As we cut off the money supply, they get more creative to recover their losses. My true fear is that they will get creative enough to create a vulnerability that goes undetected for some period of time, until a trigger point hits that causes mass chaos. If we’re struggling to deal with relatively simple fixes today, what will we do when something like that hits?

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts: