Just finished the final exam in my Unix Security class — three classes down, a fistful to go to complete my cert. Once again, learned a ton but feel like I just scratched the surface — security is a bottomless topic. In addition to the nuts and bolts stuff, great tangential discussions. One day, discussing the behavior of viruses and the significance of “laying low,” an analogy to the ebola virus:
The disease is often transmitted during funeral preparations in Congo which traditionally require relatives and friends to wash and kiss the dead body.
… and so entire villages are wiped out quickly — the local culture inadvertenly helps the virus to more efficiently kill its own host. If AIDS killed its host immediately, it would virtually be over — its long dormancy is what enables it to spread. Which helps explain why so few computer viruses are immediately destructive — if a virus formatted your hard drive the minute you contracted it, it wouldn’t have the chance to propagate. It wouldn’t become a “popular” virus.
Powerful: A theoretical virus that sits around on a corporate LAN and changes one digit in one randomly selected cell in one randomly selected Excel document per month. And nothing else. How long could such a virus evade detection? How much hair pulling would this cause? How soon before people stopped trusting Excel?