I'd like to add "software updates" or security patches to the list of life's certainties. Designed to prevent malware and other exploits from doing all sorts of nasty things, downloading updates is a way of life if you surf the web.
Recently I downloaded patches from Adobe, Apple, Apple Safari, Mozilla Firefox, and Microsoft. There were also recent patches to CISCO's IOS, which runs routers, and to BIND 9, the dominant DNS software. And don't forget recent fixes for the iPhone, which now has applications that allow you to deposit checks.
And fake software updates are being used to attack systems by altering DNS settings and installing malware. See Mac Users: Avoid the MacCinema Installer. The DNS is the soft underbelly of Internet security. If the DNS is compromised it does not matter how well your firewall or anti-virus software works.
The recent denial of service attacks on Twitter highlight how vulnerable the Internet can be. These attacks are more amusing than dangerous but serve as a warning.
We are slipping farther and farther behind in this never ending cycle. As noted by Network World, Patches put a heavy load on IT and on users. They require continuous diligence. And when you take into account that patches are always in the works and only address known vulnerabilities, it can never be said that a system is secure. The situation makes a mockery of HIPPA, PCI compliance and other laws and regulations that stipulate Internet security. Who are they kidding?
We are not going to throw out the current infrastructure overnight. But improvements underway to the DNS, including DNSSEC, will finally provide authentication - a necessary first step. This will take a few years to deploy. In the meantime, be diligent with software updates.
Comments