Just finished lunch and was browsing my RSS feeds. I ran across the following article on Slashdot (amazingly – the article itself hasn’t been ‘Slashdotted’ as of 1:00pm my time):
If that doesn’t scare your pants off, please seek medical attention immediately. 
But seriously… this IS scary stuff – and it isn’t the first time a piece of ‘critical infrastructure’ has been attacked by terrorists. I sincerely hope the National Strategy to Secure Cyberspace is more than just politics, or else it’s only a matter of time before we see a September 11th type attack that does more than take out Blue Security and a few innocent bystanders.
So, aside from ranting – what can we do? For starters we can educate those around us on how to secure their home/work PCs. I blogged about this back in Dec. 2004, and continue to spend a few hours now and then making sure my friends/family have all the latest patches and up-to-date security software. It might not seem like much, but if all of us ‘geeks’ secured 10 to 15 home PCs – that’s a lot less bots for the bad guys to use as ‘technology IEDs’.
On the work side there’s a lot we can do as well. Since I’m a Microsoft-focused guy… here’s a link to the Ten Principals of Microsoft Patch Management. And patch management isn’t just a Microsoft issue – last time I checked there were some nasty OS X, QuickTime, and Java, vulnerabilities that needed patching too. Patching is only part of the solution… but that’s a topic for another post.
Have a nice weekend.