Ignore vulnerabilities! Welcome to Fool's Town!
There are multiple ways to miss security updates. Maybe you do not even notice that there is an issue. Or better: you just ignore it (this happens too often!). Welcome to Fool’s Town, where all keys are under the doormats.
In Fool’s Town, it is good manners to put the keys under the doormats in front of the houses. Everybody does this. Just in case.
One day, the local mafia “Sneaky Gang” has the sudden inspiration to use the keys to break into the houses. It is a vulnerability unknown to the local sheriff Weisenheimer and the Fool’s Towners. This is called a “zero-day” vulnerability. The Sneaky Gang exploits this vulnerability in the hidden and for high-value targets only. Like Fool’s Bank and Fool’s Jewelry. They must keep the exploit secret to get the most out of it.
One day, sheriff Weisenheimer observed the Sneaky Gang on a security camera. He published an announcement to the towners asking them to immediately remove the keys under the doormats. It is no “zero-day” anymore. It’s a known vulnerability.
Everybody who knows about the vulnerability now knows about the exploit either. The claustrophobic village idiot Thievish Theo now went into action. He started going from door to door, looking for keys under doormats to break into houses and to steal things he didn’t need.
The Goony-Gardner family heard about the sheriff’s announcement but did not remove their key (due to laziness? Or stupidity? We never know.). It will take some time until Thievish Theo has looked below each and every doormat in town. But he will certainly reach the Goony-Gardner family’s house sooner or later.
This is the reason, why security announcements should be read and dealt with. To provide a nice and low-effort service to notice important announcements, I started my new side project vulnerabilityalert.me. Subscribers will receive a daily vulnerability and exploit digest every morning and immediate warnings via email.
And just to make it clear: We all live in Fool’s Town.
Sign up to the beta phase of vulnerabilityalert.me:
Okay, and now in clear words: You should…
- …know about vulnerabilities in your infrastructure, software, etc.
- …be notified when new vulnerabilities and exploits pop up.
- …patch serious vulnerabilities as soon as possible.
- …not ignore warnings and serious issues just because you have other current priorities.
- …make sure these tasks are done if you are unable to do them yourself.