lessons learned from zotob so far
zotob is still running around, but we can already have some lessons to talk about
- the patch-timeline is now 3 days after the publishing of the patches. Some attacks were done even faster, but the timeline of one week that was commonly accepted before (testing) is now 3 days and the planning will be all different. In that timeline it is important for Microsoft to have enough programmers and security people ready to responds immediately to all problems that may arise in this short timeline because before friday all critical systems will have to be patched.
- maybe the exploit publishing gangs and business should be hold responsable for its consequences.
- everything pda, usb, portable that is not part of the strictly controlled environment of the desktop-server environment of a network should be isolated and treated as possible hostile
- the access by vpn should be rethought and computers that use such a connection should be checked on security and enormously limited in their possibilities
- if you do not need the service on the computer or server, you should not activate it, period
- whatever we learned after the previous incidents doesn't necessarily tell us anything about what will happen next, I think nobody has a clue for the moment what will happen next
- limit, limit limit no more nice guy but wise guy