Have you ever found an acorn under your pillow? My folks have a cabin in the north woods of Wisconsin that we've been going to forever. It's far enough away from the cities that you really feel like you're in another world. No phone, no TV, only the tech is what you bring with you. Its a nice place to get away, safe from the intrusion of the outside world...I really looked forward to going "Up North". That is, until the incident.
It occurred the last time we were there. Like most cabins that were built in th 70's it isn't exactly the most "tight" place in the sense that when we're not occupying it, something certainly is. Generally, the other occupants will abandon ship - so to say - when we arrive, so that we get the run of the place.
During the day you know that you own the realm. But at night, after you go to bed, things can change. My wife & I were in the bedroom, and about 2 in the morning she sits up and SCREAMS "What IS that???". You see we had found some gifts under the pillow, and it didn't seem to me that we had left anything under the pillow the last time we were there. Now the owner was coming to claim his cache. Granted, he wasn't much more than a couple inches big, but tell that to a woman who has already reached her own conclusions...
By the time we found the light switch the intruder was gone, out through a gaping hole in the wall that contained an outlet but was missing the cover. The rest of the story is pretty bland, I bought an outlet cover the next day at the hardware store and it seemed to close the breach in the wall, and for now we're safe. But what else can we and should we do to make sure this doesn't happen again?
It's important to know what's out there, the vulnerabilities that can reach out and get you when you're not looking. But how do you know what to look for? Someone said that the only thing more painful than learning from experience, is not learning from experience. Fortunately you don't have to rely on experience. Sometimes you can learn from others, and that's what we're doing on the MSDN team with regards to Software and Security. It's called the Digital Black Belt Security Webcast Series, where we share common threats and tricks that leave your applications vulnerable to exploits. Joe Stagner is driving a lot of these, but I will be doing a webcast this Friday on Practical Security for Intranet Applications.
Join me and we'll will show you how to find the acorns under the pillow.