7/15/09

Schneier on North Korean Cyberattacks

The complete text is at http://www.schneier.com/blog/archives/2009/07/north_korean_cy.html.

Some great quotes:
  • "What [the President] didn't add was that those infections occurred because the Air Force couldn't be bothered to keep its patches up to date. ... Even this current incident is turning out to be a sloppily modified five-year-old worm that no modern network should still be vulnerable to."
  • "Securing our networks doesn't require some secret advanced NSA technology. It's the boring network security administration stuff we already know how to do: keep your patches up to date, install good anti-malware software, correctly configure your firewalls and intrusion-detection systems, monitor your networks. And while some government and corporate networks do a pretty good job at this, others fail again and again."
  • "The news isn't the attacks, but that some networks had security lousy enough to be vulnerable to them."
Organizations can learn from this. "The news isn't the attacks, but that some networks had security lousy enough to be vulnerable to them."

No comments: