Chris Baraniuk’s report: ‘Project Sauron’ malware hidden for five years should light a fire under your ass to write malware today!
If you wait too long, all the good names for malware are going to be taken!
From the post:
The malware may have been designed by a state-sponsored group.
It can disguise itself as benign files and does not operate in predictable ways, making it harder to detect.
Experts from Kaspersky Lab and Symantec said it allows the attacker to spy on infected computers.
In September last year, Kaspersky first detected the malware on an unspecified “government organisation” network.
Since then, the firm claims to have found evidence of Project Sauron at more than 30 organisations in Russia, Iran and Rwanda.
These were generally government, scientific, military, telecoms and financial organisations, according to Kaspersky.
Separately, Symantec said it had found the malware in other countries, including at an airline in China and an embassy in Belgium.
…
You don’t want to get caught like the inventers of SCSI, who thought it should be pronounced “sexy,” but became known as “scuzzy.”
Nobody wants to be “there goes N, creator of the scuzzy malware.”
How embarrassing.
Almost as much as the experts missing Project Sauron for five years.
With ten year old vulnerabilities still in play and experts sleeping at the switch for five years, isn’t it time to presume all data is insecure?
That sets a common starting point for debating how much money should be spend making X data how secure?
Even data at the NSA is insecure, as Edward Snowden so ably demonstrated. The question is how much are you willing to spend for certain amount of security.
Or to put it differently, security is never cheap nor absolute.