Skip to content ↓ | Skip to navigation ↓

Patch Tuesday has come and gone and there were at least 28 Microsoft Office, IE and Windows vulnerabilities addressed. The IT Mall Ninja’s must be in heaven. They’ll be sitting in Starbucks twittering with their friends about how insecure Microsoft is on their Linux laptops (all IT Mall Ninjas run Linux on their laptops). The number 28 does seem rather largish from security standpoint but take into consideration that Yahoo has begun some serious layoffs and that to me has a signifigantly higher potential security impact. Nothing screams vulnerability like disgruntled soon to be ex-employees with root access…and there are layoffs happening all over the Bay Area apparently…

Can you imagine the havoc that can be wreaked by such a person? Its been known to happen. One of the most recent ones was planted at UBS by a disgruntled sysadmin. Probably a good reason to have good change audit tools in place. I don’t know…something that can detect if someone installs, deletes or modifies files? Probably be worse if someone decided to tamper with a hypervisor…why bother taking down individual servers when you can bring down a whole bunch at once by messing with an ESX host…if I were a security officer, I would be paying really close attention to my mission critical virtual infrastructure right now…

The Executive's Guide to the Top 20 Critical Security Controls
<!-- -->