It’s been one of those weeks in information security. The kind that makes me think about raising sheep in New Zealand, because they won’t argue with me about APTs and attribution. In addition to the Java/SMTP/FTP vulnerability that has vendors scrambling, I’ve suffered through trying to explain the following:
- The“dirty cow” Linux DCCP vulnerability
- The announced SHA-1 collision
- The overhyped Rasputin campaign
- And of course, Cloudbleed
While I could probably break each of these down and explain how the sky really isn’t falling, I think Val Smith said it best recently:
Are you able to get an accurate inventory of your network?
Can you rebuild any system, anywhere, in less than a day?
Can you push software and configuration changes, including patches, remotely?
Do you have tested backups?
Do you have enough IT/DevOps to keep your environment stable?
Do you have a tested IR plan?
Do you have proven data sources (logs, netflow, full pcap, endpoint telemetry)?
If you answered no to any of those questions, you probably shouldn’t be too worried about SHA collisions.
Here endeth the rant.