59 points

So much technology these days seems to be just rolled out without any real world testing done.

permalink
report
reply
43 points

I’m in my third decade in IT, and I can assure you such testing was never a priority. We just have capable computers everywhere nowadays .

permalink
report
parent
reply
18 points

I mean, there is the field of critical systems engineering. The problem is that every schmuck with a computer and some venture capital is off to “disrupt” something, regardless of how much was already learned in that field by the previous generations.

permalink
report
parent
reply
3 points

Critical Systems Engineering? Sounds expensive. Nah fuck that, let’s write the code in VB6 and stick it on an unsecured Windows NT box.

permalink
report
parent
reply
21 points
*

Lol, I wrote contractor code for DoD. Obviously, DoD wants really good security on their code. One particularly bad project I ended up as a subcontractor on, management kept insisting that what we were coding was a prototype, and we could add in the security in the actual project. And all us coders were like, “No, you’re having us write the actual project and the security has to be designed into it from the base up, ‘adding it in later’ like you won’t admit you’re planning on doing will leave way too many places for security holes to occur. Let us stop programming this shit and design some actual security and then get back to work.” We were told “lol, no, you don’t know what you’re talking about, this is just a prototype, get back to work.”

We had little buttons printed up saying, “Don’t worry: this is just the prototype, we’ll do the real programming later.”

Of course, two years later, the “prototype phase” ends, and management comes to us and says, “Hey, okay, so we’ve decided that what you’ve been working on is what we’re actually going to ship. You need to go back and make it fit all these really-high-level-security requirements.” Which of course would mean going through all this code and essentially redesigning and rewriting over half of it from scratch. Over half the coders were gone in six weeks.

I still have my nifty little button, though.

permalink
report
parent
reply
18 points

The problem isn’t with testing (which is an issue), but standardization on specific solutions. When everyone needs to use the same thing, it’s a lot more valuable to attack it.

So what we need is more alternatives that work together.

I don’t know anything about the trucking industry, so I’ll use IT instead. A lot of companies standardize on Cisco equipment, so when there’s a breach, everyone is screwed. The problem isn’t that Cisco is insecure, it’s that Cisco is ubiquitous, so one breach screws over everyone. If networking equipment was more a la carte, it’s unlikely a breach would impact all of the equipment used (e.g. a Mikrotik Router, Mikrotik Switch, Ubiquiti Access Points, etc). But bundling solutions is the name of the game for these large operations, which increases the fallout from a breach.

That’s why Windows gets so many viruses, it’s not because Windows sucks (it does), it’s because it’s such a huge target and you’ll get so much more value from attacking it than attacking a potentially easier target.

permalink
report
parent
reply
36 points

Wait… you’re telling me that these devices are connected directly to the CAN bus and also have default root passwords? Did nobody involved in this ever stop and think it might possibly be a bad idea??

This brings a new meaning to the old phrase “war driving”

permalink
report
reply
35 points

IOT: the S stands for security.

permalink
report
reply
4 points

😂

permalink
report
parent
reply

Wait, I’ve seen this one before:

permalink
report
reply
10 points

The kids have no idea what you’re going on about…

permalink
report
parent
reply
2 points

That movie terrified me as a child, then I rewatched it as an adult and laughed and laughed.

permalink
report
parent
reply

I actually hate myself for rewatching it, it totally ruined my memory of it. In fact it didn’t even seem like I was watching the same movie.

permalink
report
parent
reply
2 points

That happened to me with the movie House (1986)

permalink
report
parent
reply
1 point

It’s so bad, but fun

permalink
report
parent
reply
11 points

I got worms in my truck

permalink
report
reply
3 points
*

I’ve had it with these motherfucking worms on this motherfucking truck!

permalink
report
parent
reply

Cybersecurity

!cybersecurity@sh.itjust.works

Create post

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

  • Be respectful. Everyone should feel welcome here.
  • No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
  • No Ads / Spamming.
  • No pornography.

Community Rules

  • Idk, keep it semi-professional?
  • Nothing illegal. We’re all ethical here.
  • Rules will be added/redefined as necessary.

If you ask someone to hack your “friends” socials you’re just going to get banned so don’t do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

Community stats

  • 1.7K

    Monthly active users

  • 1.5K

    Posts

  • 3.1K

    Comments