September 10th, 2008
Obama sex tape? Not exactly
There is no Obama sex tape. Nor did Angelina Jolie’s lips explode. Bush also did not think that “Iraq was the fun thing to do.” I hope that readers of this column quickly realize that these messages are pitches to attract you to read the spam contained within. However, millions of people on the Internet do believe that these salacious headlines are true and proceed to click on links in e-mails that claim to offer video or photographic proof of these events as well as many others. These individuals are lured to a piece of malware, and their systems become another element in the many botnets that exist on the Internet.
In a week where both Apple and Microsoft both released patches for major exploitable security vulnerabilities, malware authors continue to push attacks that depended, not upon exploits, but upon end user complicity. The reality is that the time invested in developing a slight modification to an existing piece of malware and a new spam pitch provides far more bang for the buck in terms of newly compromised computers than developing an exploit for the vulnerabilities covered by this week’s patches.
The sad truth is that software is fixable at a low cost while human weakness is not. Software security is steadily improving due to better engineering processes, developer education, patch management, and code analysis tools. User education has been nowhere near as effective as naĂ¯vete regarding information security ever so slowly decreases.
Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
