Book review: Zero day – A brilliant novel

Zero Day by Mark Russinovich is a brilliant novel about why we should fear an online attack by a rogue non-state-sponsored terrorist before any other forms of spectacular attacks.

I didn’t know that Boing 787 was fully fly by wire, and that medication in hospitals were controlled by networked computers. While attacking that type of software would require specialized knowledge on internals of those systems, it may not be as far fetched as most of us assume it to be.

The fact that zero day exploits are available for sale is also not a secret anymore. There are organizations out there who are willing to pay big bucks for those who prefer money than fame. Why do you think pwn2own doesn’t require exploits to be fully documented anymore ? The proliferation of networked computers is good idea, but our inability to patch them on time is a recipe for disaster.

I’ve worked long enough in IT to know that not all patches are applied immediately to all systems as soon as they are released. There is a long, expensive process to make sure that patches don’t bring down the entire network. And because of this, a lot of organizations patch the most critical systems at the very end (after everything else is patched).  And thats for the holes for which patches are available from the software vendor. There are tons of other holes which are still being researched by the vendor, and even more which are not reported to the vendor yet.

Though it may be hard to believe that an attack as big as the one described in this book would go unnoticed by all of the security vendors, its definitely plausible and shouldn’t be ignored.

I highly recommend you to read this book if you are even remotely concerned about how fragile our infrastructure can be. The least you could do is patch your own systems.