InfoSec 2003: 'Zero-day' attacks seen as growing threat
“Zero-day” attacks that take advantage of software vulnerabilities for which there are no available fixes are emerging as a major threat to corporate security. More than ever, the threat underscores the need for companies to have safe configuration policies for software and systems, as well as good incident-response and patching capabilities, said users at the InfoSec 2003 trade show here last week. “I’m very concerned about it,” said Joseph Inhoff, LAN administrator at Lutron Electronics Co., a manufacturer of lighting equipment in Coopersburg, Pa. Because such attacks take advantage of flaws before software makers can fix them, the potential for damage from so-called zero-day exploits is something Lutron’s management is especially worried about, Inhoff said. “I’m trying to figure out what I can do about it,” said Inhoff, who was at the show to see how automated patching software could help bolster the company’s response capabilities to such attacks. Full Story