This Forbes post shines a light on how rapidly the threat landscape has evolved. While it once took weeks or even months for attackers to respond and exploit a new vulnerability, the time lag between an announcement of a vulnerability and wide-scale exploitation is now measured in mere hours. In this case, just seven hours.
This vulnerability impacted servers, which are generally better patched and maintained than desktop computers. It’s likely that a major browser vulnerability could be exploited just as quickly, but the response would be much slower.
The containment and recovery approach to security really shines in this scenario. Yes, the browser itself will always be vulnerable, but as the user you basically don’t have to care. Our automated recovery and safe handling of persistent data is also a big win. With the attack described in the article, the solution was to roll back to a known good backup from October 15th or earlier! What about everything that happened in the last few weeks? No such worry with Passages.