You can't secure what you don't acknowledge.SM

Wednesday, December 17, 2008

What, employees exploiting the new Windows flaw???

I've been talking about (and exploiting in my internal security assessments) this very thing for a long time and it's finally reaching the "mainstream media". Never ever underestimate the intentions of rogue insiders to exploit a Windows flaw like this.

It's not just this Windows exploit....It's a whole slew of them. And Metasploit's cheap and very easy to use.


  1. Security fails when insiders are ignored and all the organization's defenses are aimed outward in a static Maginot Line formation. While there are other serious causes for security failures, the fact is that rouge insiders have an advantage because they already have a certain level of approved access that allows them to move around the system, search for information, and execute attacks.

  2. Agreed djb! It's this one little detail about insiders that management doesn't seem to get.