Ok,
I agree the 0 days are not the norm that folks are getting hit by, although process procedures, patching and security hardening, isn't going to stop an 0 day, because its something you don't have a compensating control for, if you are using a specific piece of software or OS that is targeted. Phishing (Spear), Pharming, Driveby Malware ( BEP toolkit), Botnets etc etc we all talk about them and the remediation, but are we using what we learn from how they are getting on our systems ( either by drive-by download) or users installing stuff they shouldn't to create effective controls in our security hardening process for servers, workstations, and devices in general to reduce or sometimes eliminate these threats. So you can start focusing on a small ecosystem of threats in your companies/organizations, instead of running around playing whack-a-mole. I have always said control the code execution that is essential to keeping your systems clean. Again knowing what is rouge and what is friendly is a process its own right. ( Trust me seeing a lot of stuff even in my own environment, as I tune my IPS and filter out malware domains etc etc) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Jonathan Link [mailto:[email protected]] Sent: Tuesday, October 18, 2011 1:27 PM To: NT System Admin Issues Subject: Re: Zero-day bugs overrated, Microsoft says No, but the article said not to panic. First two words. Strong message. On Tue, Oct 18, 2011 at 1:20 PM, Kennedy, Jim < [email protected]> wrote: I don't believe I used the word panic or suggested it. From: Steven Peck [mailto:[email protected]] Sent: Tuesday, October 18, 2011 1:11 PM To: NT System Admin Issues Subject: Re: Zero-day bugs overrated, Microsoft says So you are saying panic? If you are the target of a specially crafted phishing attack just for you, you have a lot more problems then a specific patch. On Tue, Oct 18, 2011 at 9:58 AM, Kennedy, Jim < [email protected]> wrote: I think you have to include how big a target you might be. Zero day's can be pretty effective in a spear phishing attack. So if you are someone that might be more of a target zero days become more of an issue. From: Steven Peck [mailto:[email protected]] Sent: Tuesday, October 18, 2011 12:57 PM To: NT System Admin Issues Subject: Re: Zero-day bugs overrated, Microsoft says Sounds like it. To be honest, I believe that MS has a point. They aren't saying they are not important, they are saying to not panic. You need to asses the information for each one. Zero day threat - 1. RDP will hit your system remotely and blow it up - you should probably do something about this one sooner. 2. Customer must have ie7 (unpatched), word 2003, flash, and open a specially crafted email package that got through your mail system filters - well, maybe you don't have to panic and schedule an immediate change On Tue, Oct 18, 2011 at 9:50 AM, Jonathan Link <[email protected]> wrote: So, bascially, I could've learned the same thing from Hitchhiker's Guide to the Galaxy. On Tue, Oct 18, 2011 at 12:44 PM, Andrew S. Baker <[email protected]> wrote: I think that the title of the article does not do that actual article content justice. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Tue, Oct 18, 2011 at 11:18 AM, David Lum <[email protected]> wrote: Thoughts? http://www.computerworld.com/s/article/9220705/Zero_day_bugs_overrated_M icrosoft_says?taxonomyId=85 David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image002.jpg>>
