What if you can’t do anything?

Yesterday Elizabeth came to my office wondering about the latest hack she read about on CNN that’s big news.  Now generally speaking, I’m not at the immediate forefront on all things IT or security, but I had heard of this one several weeks ago.  What was making news was how quickly the exploit was discovered once the patches were made available.  Most of those who choose to write exploits can do so shortly after patches are released due to the fact that they ‘reverse engineer’ the patches to find out what exactly was being fixed, then find a way to exploit that.  Then if other servers are not patched, they can run their malicious code to do its dastardly deeds and then make-believe that they’re awesome and write blogs about it to make them feel better about their miserable lives.

Now, I get the whole figuring it out and seeing if it works thing, because I love to do that myself, but I just generally don’t agree in creating chaos for the sake of personal gain.

I told Elizabeth what this whole thing is basically about and how we really can’t do anything about it, because we don’t run DNS servers.  We can’t control whether local ISPs have patched their servers, we also can’t control whether our DNS providers have done so, other than taking our business elsewhere if they haven’t.  I wouldn’t know if they had patched or not either, until it was too late. 

There are a lot of things that are out of our control on the Internet as a whole, and we have to accept that as a company.  We can’t prevent things from happening to connectivity due to mother nature, the best we can do is try to set up the best system we can, with backups and fail-overs and keep our little company running.