We have recently been hearing and reading a lot about Zero Day exploits and attacks thanks to our good friends at Microsoft, Adobe and Oracle. But what are Zero Day Exploits exactly? and how can we tell non-technical staff and lawyers why they should care about it?
Our good friends, at Carlson & Wolf - and these are really good friends, posted a good entry in their
C & W Security Blawg that is a good reference material to pass on to those folks that only speak "plain English", which is the vast majority of poeple in the law firm that you and I serve. They describe these type of exploits as a "security community term for an attack on vulnerable software for which there is no patch." But "why has that software not been patched?" the partner asks. Instead of giving you my sarcastic answer I will let you insert it <here> and I will tell you that these vulenerabilities are discovered not by the vendors, but by other folks outside that company. These folks are actually not always bad guys but many times researchers. The problem according to Adam Carlson is that "Newly discovered software vulnerabilities provide hackers a powerful weapon that can be used to attack law firm networks, even where the firm has made substantial security investments." Adam also provides examples of how these vulnerabilities are exploited and therefore, systems and networks can be compromised as a result. The question then becomes, how can we prevent being compromised? The answers is also perhaps one of the toughest challenges that the security professional in a law firm faces: User education.
While user education in a law firm enviroment remains a challenge can also become a quick and low cost win for your security program and we will discuss in later posts, but for now I invite you to read
this entry in the
C & W Security Blawg. As I mentioned it is good educational material, as is most of the content on their blog worth sharing.
Best regards,
Carlos Rodriguez
PGVP, Servers Operations & Security
Chair of LegalSEC™ Committee
Carlson & Wolf is a LegalSEC™ partner. Visit their websire at
http://www.carlsonwolf.com for more information about their products and services.
#ServerOperationsandSecurity #LegalSEC