German authorities in the state of Lower Saxony were proud of their arrest. They’d captured a German teenager and charged
him with loosing the Sasser worm on the world. They reported that the teenager seemed surprised that his malware had wreaked such havoc; surprised or not,
he’ll get to spend as many as five years in a German prison if convicted.
Another German youth was also recently arrested for releasing the Phatbot worm. Together, these two creators of havoc have cost the world billions. It’s a shame that they’ll get so little time to
consider their transgressions.
What’s really important is how these teenagers were caught. In a word, money. When Microsoft put up a reward of as much as $250,000 for information leading to the arrest and conviction of the Sasser perpetrators, the company demonstrated
that when used properly, money talks.
In this case, it was a sure bet that a reward of that size would work eventually. After all, one of the prime motivations
for creating worms such as Sasser is to have bragging rights -- so someone has to find out about the exploits for worm-creation
to be any fun.
When somebody finds out, it doesn’t take a lot to call Microsoft and provide the necessary tip, which is what happened here.
Microsoft engineers investigated the tip, found the bad guy, and called the police. If we’re lucky, this will become a trend
-- after all, it diminishes the fun of creating a worm if you can’t brag about it without fear of being caught and tossed
into the hoosegow.
This is good news, if only because it might reduce the rate of growth of these worms and their attendant security headaches.
It doesn’t mean, however, that you can rest easy. The danger isn't gone. You still must keep on top of your patch management
and vulnerability assessment plans.
But maybe there’s something else you can do. Consider rewarding your employees for passing along a tip when they notice a
security hole at your company. It could be something as simple as an individual with their passwords stuck to their monitor
with Post-Its. Or it could be a problem with physical security, such as a door that doesn’t lock properly every time it’s
used. Or maybe it’s that guy in sales who has set up a rogue access point so he doesn’t have to go through the procedure required
to get one set up according to your security policy.
Rewards such as these can easily remain confidential, and although you’ll have to work through your HR department to set up
the procedure, it could reap dividends. After all, as Microsoft demonstrated, money not only talks, it helps other people
talk.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
