informa
/
Risk
News

That's No Ordinary Rabbit!

Heed security warnings and keep handy the Holy Hand Grenade

5:45 PM -- In the legendary film "Monty Python and the Holy Grail," Tim the Enchanter (for whom this blog is humbly named) warns King Arthur and his knights of a fearsome, man-eating monster that guards a sacred cave. When the knights arrive at the cave, however, the only monster they see is a small, everyday white rabbit, surrounded by heaps of human bones.

"Oh, that's no ordinary rabbit!" Tim says. "He's got big teeth!" Then, seeing the look of incredulity on their faces, he sweeps his hand toward the mouth of the cave and says, "Look at the bones!" Minutes later, of course, one of the unbelieving knights steps forward to kill the rabbit, and is promptly decapitated by the bloodthirsty bunny.

(Interestingly, this would not be the last time humans fell prey to bunnies in modern cinema. In "Night of the Lepus," one of the great bad horror movies of all time, the world is terrorized by mutant rabbits -- metamorphosed to 100 times their normal size -- with a taste for human flesh. Kinda gives you a new respect for the Cadbury bunny, doesn't it?).

Which brings us, inevitably, to the topic of IT security.

Like King Arthur's brave-but-stupid knight, many end users -- and sometimes security professionals -- tend to view things at face value. A domestic bunny. An email virus that looks as if it came from a friend. A "safe" client platform such as the Macintosh or Mozilla. When something looks benign, many people rush out to meet it. And they become dinner for the extraordinary rabbits of the world.

Interestingly, all of these people ignored warning signs that could have kept them from their gory fate. Strewn bones should be your first clue that you're not dealing with Peter Cottontail here. End users are warned every day about the dangers of opening an attachment, but they do it anyway. IT people were told that platforms like the Mac and Mozilla weren't inherently safer than their Windows counterparts, but they just couldn't wait to stick it to Microsoft.

Whether you're in a cave or on the Web, it pays to be suspicious. Spammers, we discovered earlier this week, have developed software that studies the traffic coming into a mailbox and morphs (lagomorphs?) into a form that makes it seem more friendly and common. (See Smarter Spam Could Mimic Friends’ Mail.) And in the past week or so, we've seen numerous bugs exposed in supposedly safe technologies like the Mac and the Mozilla suite, and databases such as SQL and Oracle. (See SANS Exposes 'Safe' Technologies, Security Bugs Undercut Mozilla, and SQL Injection Exploits on the Upswing.)

So what's the smart play? In "Grail," King Arthur sits back, assesses the situation, recognizes the danger, and calls for the Holy Hand Grenade. Monitoring, vulnerability assessment, remediation tools. Whether you're looking at a rabbit or a fiery dragon, the process is the same. If you're going to live in this IT world, keep your eyes open, don't be fooled by hype or surface images, and hold your best tools close at hand.

You have to know these things when you're king.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5