MySpace Worm Demonstrates NSM Principles
In my first book, the The Tao of Network Security Monitoring: Beyond Intrusion Detection, I say "some intruders are smarter than you," and "intruders are unpredictable." Because of these two facts, prevention eventually fails. In other words, intruders are cleverly figuring out ways to circumvent security of services you have never heard about in ways you could not imagine. As a result, defenses fail and monitoring is the only way to detect that failure and respond appropriately.
The story Cross-Site Scripting Worm Hits MySpace is a perfect example of these principles in action. In short, someone figured out how to create a worm on the MySpace online community. More details are posted at this Slashdot thread.
I had never heard of MySpace until today, but over a million users were affected by this worm. Did you see this coming? Of course not. There is little point in forecasting future threats. The best we can do is to implement the best preventative defenses we can, monitor everything else, and respond in a timely manner.
The story Cross-Site Scripting Worm Hits MySpace is a perfect example of these principles in action. In short, someone figured out how to create a worm on the MySpace online community. More details are posted at this Slashdot thread.
I had never heard of MySpace until today, but over a million users were affected by this worm. Did you see this coming? Of course not. There is little point in forecasting future threats. The best we can do is to implement the best preventative defenses we can, monitor everything else, and respond in a timely manner.
Comments
Without naming names, 'we' just found someone that had done something they shouldn't have done simply by dumb luck and a few mouse clicks. This was after 'we' had spent a month trying to make our thing 'idiot proof'. Which only goes to prove - no matter how much you try to make something 'idiot proof', there's always someone out there that's a better idiot than you!
Ok, off my soap box now. And, I agree with your last comment,
Sean C