Consider the Downside

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715064

    Comments posted to this topic are about the item Consider the Downside

  • Stefan LG

    SSCommitted

    Points: 1875

    So true. Just type your name into a browser and see how much information is available for anyone to see (and use).

    The problem with usernames and passwords are that people still write them down on 'sticky notes' or store them in clear text files.
    Just 2 days ago I came across a SQL Server installation with a 'sa' password which is basically 'sa' followed by a digit...

  • jasona.work

    SSC-Forever

    Points: 49863

    Security is all too often an afterthought, a "we'll bolt-on security features after we're done," and that tends to leave rather large, gaping security flaws in the products.  Toss in now cloud-services / cloud-backups (that you have to configure your security on,) hosted repositories, etc, and you get what you saw (I can't go to Twitter at work and have not read the linked article / comment)

    Or you get US Top Secret-level data put into an unsecured Amazon AWS bucket (http://www.theregister.co.uk/2017/06/01/us_national_geospatial_intelligence_agency_leak/ )

    As the saying goes, security is hard, but I would add, GOOD security is harder (because you need it to happen right at the start of a project.)

  • Eric M Russell

    SSC Guru

    Points: 124989

    jasona.work - Thursday, June 1, 2017 10:09 AM

    Security is all too often an afterthought, a "we'll bolt-on security features after we're done," and that tends to leave rather large, gaping security flaws in the products.  Toss in now cloud-services / cloud-backups (that you have to configure your security on,) hosted repositories, etc, and you get what you saw (I can't go to Twitter at work and have not read the linked article / comment)

    Or you get US Top Secret-level data put into an unsecured Amazon AWS bucket (http://www.theregister.co.uk/2017/06/01/us_national_geospatial_intelligence_agency_leak/ )

    As the saying goes, security is hard, but I would add, GOOD security is harder (because you need it to happen right at the start of a project.)

    The post says “domain registrations and credentials within the data set point to private-sector defense firm Booz Allen Hamilton (BAH), as well as industry peer Metronome †as the likely renters of the bucket.

    If our US president really wanted to make America Great Again, he should start by draining the swamp of incompetent and over-payed federal contractors. Unfortunately, neither of the two major political parties want to go there.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Elke.Bielecki

    SSC Enthusiast

    Points: 165

    I'd like to see us transcend passwords.  Everyone has to memorize or store these strings of text we call passwords somewhere and we all invariably forget or lose them. It feels antiquated. I just want my computer to scan my eyeball and be done!  I'm sure then we'll end up in Philip K Dick scenario where there will be a thriving black market for precious eyeballs.

  • Doctor Who 2

    SSCertifiable

    Points: 7740

    Steve,

    You started your article with

    Technologists are often seen as cynical and disappointed by how poorly much code is written or maybe because an application architecture isn't well designed. I hear no shortage of complaints over other people's code, one of the reasons I think we have so many new projects started on Github (or other pubilc repos). Everyone thinks they can build better software than others.

    Hey, watch it! I resemble that comment. (As I slink guiltily away.)

    Rod

  • Ed Wagner

    SSC Guru

    Points: 286957

    Elke.Bielecki - Friday, June 2, 2017 12:10 PM

    I'd like to see us transcend passwords.  Everyone has to memorize or store these strings of text we call passwords somewhere and we all invariably forget or lose them. It feels antiquated. I just want my computer to scan my eyeball and be done!  I'm sure then we'll end up in Philip K Dick scenario where there will be a thriving black market for precious eyeballs.

    Or, in the shorter term, we'll see a black market for the equation that makes the match for eyeballs.

    The thing Jason said about good security being hard is true.  Then again, given the quantity of bad misunderstood and inefficient code out there, maybe good code is hard, too.  Given the number of companies that have been hacked in the past 12 months, writing secure applications is only slightly less hard than hacking them.  It's a real shame, too.  We have the ability to accomplish some really amazing things that weren't possible just 50 years ago.  There is, as the article put it, a downside to it.  The "inside job" is a rough one.

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715064

    I doubt anyone will steal your eyeballs. What they'll do, however, is replace the hash of your eyeballs with something else, then we'll really be in trouble.

    Or, they'll get more malware installed, so that when you do something on the secure system, they'll be able to do something as well.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply