An explanation of the term Zero Day, and how it affects your digital life.
Episode #4-04 released on October 6, 2013
Computers used to be simpler. They used to have fewer features. They used to have fewer vulnerabilities, and they used to be offline. Welcome to the age of the Zero Day.
What is a computer or program vulnerability?
Programmers miss things, make mistakes, amateurs don't know better, it can be a number of different types of separate issues, it can even be in the way the hardware is implemented, but it is a weakness that allows for a malicious attacker to make the target program or operating systems malfunction to their own benefit.
What is a Zero Day vulnerability?
A Zero Day vulnerability is a previously unknown flaw in the way the program or hardware operates that allows malicious attackers the ability to make the target program or computer malfunction to their own benefit with the benefit of not necessarily alarming, or catching unaware the target computer's user.
What is the potential for problems with Zero Day attacks and vulnerabilities?
You don't know the attacks or vulnerabilities exist, or you can't do anything about it, in many circumstances. Many of us don't even follow the latest security news. We don't know that various versions of software or hardware we use have security issues that can, to some degree, cause us some kind of annoyance or harm.
Can this kind of attack vector be limited, or eliminated almost completely, and if nothing else, what can you do about it?
Keep everything up to date. Your software, drivers, operating system, your mobile operating systems, and all related firmware. While using the absolute latest operating system may or may not be a good idea, malicious hackers have had little time to analyze holes in it, older operating systems have more holes patched, but eventually become unsupported. Using an unsupported operating system, like Windows XP is about to be, means you will no longer have any updates or patches, which means everything is a Zero Day vulnerability because either the company doesn't know about the vulnerabilities, or has no intention of plugging the hole. The same issue may occur with software, or even mobile devices where the original manufacture may release multiple versions or iterations of the same product, and stop supporting older iterations of the very same product, example legacy iPhones.
Other ways of avoiding becoming the victim of Zero Day attacks and vulnerabilities is not to go to untrustworthy web-sites. Not to open file attachments in emails, even from trusted senders. Use web-sites with SSL. Disable java script on web-sites you need to visit, but have no prior relationship to. Avoid using old software, and if the need be, run them on private intranets, or offline computers. Always use the latest drivers for everything you purchase. And, nothing beats being aware of their existence. By voluntarily seeking out the latest news on Zero Day vulnerabilities, you will be able to take a more proactive stance against them, and therefore protect yourself better. And, when updates are available, install them immediately, any delay may be your undoing, since malicious hackers will target computers and devices that don't use the latest patches for publicly acknowledged vulnerabilities.
Remember to like this episode if you were interested in today's topic, share if you think someone else could benefit from the topic, and subscribe if you want to learn more. For the show notes of this episode and others, for more information on other ways to subscribe to our show, to subscribe to our weekly newsletter, and how to participate by submitting your questions, comments, suggestions, and stories, head over to TQAWeekly.com.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions