As always, these thoughts and opinions are mine alone and not official pronouncements, policies, or statements from Intel.For a long time, we geeks who built the internet (and I can't take any significant credit for that) have lived in a fairy tale sandcastle in the sky. We believed in the essential goodness of people and thereby developed our hardware and software with our main focus on what what convenient and not what was secure. We also made that worse by concentrating on features rather than stability and lack of bugs.
In the security field, the bugs have gotten a fair amount of attention. People are very aware of the buffer overruns and other ways of breaking software like browsers to introduce malware into your computer or your network.
However, the convenience factor needs equal attention. Some of those lessons have been learned. When I administered my own linux server back in 1995, I learned the hard way (i.e. by being cracked and having a rootkit installed) about the importance of closing up and securing ports. Having an open telnet port was convenient for logging into my server not only for me, but for all the miscreants who thought access and using my computer might be fun or profitable.
Still, this lesson needs to be repeated over-and-over again. The sites the are open to the attacks in this video have not properly secured their assets. If you leave your property open and unlocked, someone will eventually "borrow" it or play a prank on you through it or do something else you don't want and hadn't intended. Especially, if the info on how to do so is on popular sites like bitrebels.
So, when you buy that new webcam or baby-monitor think before you expose it to the internet. The out-of-the-box configuration was probably designed by geeks who wanted to make it convenient for you to use, not to keep your private information private. That doesn't mean you can't make the device secure, just that you will need to do extra work to do so. Work that might not be detailed in the instruction book that comes with the device.
Although we geeks who design and build such devices emphasize convenience and features as that's what we've trained ourselves to do and what the market has traditionally rewarded, if consumers want safer more secure devices, we will make them. Companies are already realizing the need for that. The culture is ripe to grow and spread. Consumers just have to make informed choices that demonstrate that preference.
If you are an implementer and want to ponder some of the ways, we have helped users trade security for convenience, try reading this.
No comments:
Post a Comment