Terryorisms

The sad state of computer security October 16, 2006

The sad state of computer security | InfoWorld | Test Center | October 06, 2006 | By Roger A. Grimes
The world of computer security is so much worse than the average Internet user or politician believes. Bots own tens of millions of computers at any single point in time. The people who make a living at closing tens to hundreds of thousands of bot-infected computers a day readily admit that they are not making a dent in the bad guy’s ability to use bots for crime.

Most malware exists to steal your money. No need to guess why you’re infected anymore; it ain’t to send greetz to teenage hacker friends. The average criminal hacker is making thousands of dollars a day, if not more, and will never be caught. The only ones we ever catch and prosecute are the dumbest ones.

Just think about what it took to put mandatory data encryption of confidential data on the world’s radar screen. One-third of all adults had their financial information stolen this year. And outside of the government, encryption is still not mandated.

Most corporate networks can be owned in an hour. Just send a spam e-mail to corporate employees entitled “Pending 2006 Layoffs” pretending to be from the CEO, and have it contain one of the many MS-Office zero days with an unscannable remote access trojan. I do it for a living, and rarely do I have to wait more than a few minutes for complete network access.