Here's a scary report from The Washington Post's Security Fix (http://voices.washingtonpost.com/securityfix/2009/10/ubiquitous_zeus_trojan_targets.html?hpid=sec-tech) column. As a cautionary tale, it just doesn't get much better. We have a former employee leaving an unexpected "gift" in the wake of his departure, and a cybersecurity company facing the inadequacy of many common security tools in the face of newer, more sophisticated attacks.

The message I took from this story is that unless you have your organization's internet acces locked down so tight that your users aren't screaming about every 5 minutes requesting access to the Net, your policies aren't restrictive enough. Also, many employers don't recognize the damage that a former employee can do on his way out the door.

Just reminds me that no matter what as long as you allow for anyone to enter or exit through what you're wanting to secure you're never 100% secure. The moment you leave an opening is the moment the exploit is available. It's one of the reasons I say the airport security our nation has is just a false sense of security. If you want nobody to breach your security you have to block everyone including those who pass your checks from entering the secured area. The reason being is those who are screening are only human, and if it's a machine screening you have to remember it was created by a human.

OK I had a dark humor based solution but in afterthought I removed it since it might disturb those who would miss that it was satire.