Journal jd's Journal: Security is still a low priority 8
https://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/amp/
https://www.theregister.com/2023/11/13/royal_mail_cybersecurity_still_a/
https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023
https://www.securityweek.com/tens-of-thousands-of-cisco-devices-hacked-via-zero-day-vulnerability/
It would appear, on the face of the above links, that developers still take shortcuts and don't program defensively, and that IT departments avoid applying security fixes and are not taking other protective measures (such as encrypting databases).
Cybersecurity, from the looks of things, is something that is simply never taken seriously. An optional extra that poses no consequences if not applied.
The consequences can be severe. The number of people at risk In Maine from identity theft runs into the millions. The loss of privacy from the intensive care ward that was recently hacked may have severe financial and employment consequences.
And yet neither programmers nor IT managers are altering their behaviour, despite the potential for enormous consequences to those they are responsible for.
Libertarians would argue that people can switch providers, but some providers are either de facto monopolies or natural monopolies. In other cases, there's no evidence that any of the alternatives are any better. Market forces don't function when there's no functional market.
But what's the alternative? There's no evidence regulation is helping, where regulations exist and are meaningfully enforced. It's just considered the cost of doing business.
What, then, would actually help?
And another attack is confirmed (Score:2)
https://www.bleepingcomputer.c... [bleepingcomputer.com]
And Samsung (Score:2)
https://www.theregister.com/20... [theregister.com]
Third time in the last two years.
I would like to argue something capitalist (Score:2)
But success, we are now instructed, is the province of the oppressors, and makes us morally proper targets.
Unless I have misunderstood the current equity wisdom.
Re: (Score:2)
I'm not sure success is the province of oppressors. At least, nobody I've ever talked to thinks that way.
There are successful businesses that have become successful and have also used oppressive tactics - SpaceX has no safety culture, but this did not cause them to be successful. Indeed, as OceanGate and the two Space Shuttle tragedies demonstrated, no safety culture pretty much guarantees total failure in the long run whilst offering no real short-term benefit.
There are also successful businesses that have
Re: (Score:2)
Re: (Score:2)
Well, yeah. If conventional wisdom actually worked, then we shouldn't be seeing so many zero-day issues being reported, and certainly wouldn't be seeing them blithely ignored by corporations, governments, and hospitals alike. Even banks have messed up.
(It was in the early days of the Web, but there were banks that allowed you to log into one account but then access anybody else's bank account. The account number was part of the URL and the bank websites weren't validating that against what you were authoris
Re: (Score:2)
When the fertilizer hits the air circulator, the royalty finds itself fungible with the peasants.
The moral of the story being that it takes stratospheric wealth to buy absolute liberty from the internet...but that liberty amounts to pre-internet primitivism.
meaningly? (Score:2)
For them to be meaningly enforced the fine would be so high that you wouldn't buy a new smart phone for $10,000 for 1 small security lapse.
Trillion dollar companies need 100,000,000,000, i.e. 100 billion, dollar fines.
They need to be related to the size of the company.