• FigMcLargeHuge
    link
    fedilink
    English
    arrow-up
    59
    ·
    8 months ago

    So much technology these days seems to be just rolled out without any real world testing done.

    • Nightwatch Admin@feddit.nl
      link
      fedilink
      English
      arrow-up
      43
      ·
      8 months ago

      I’m in my third decade in IT, and I can assure you such testing was never a priority. We just have capable computers everywhere nowadays .

      • jol@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        18
        ·
        8 months ago

        I mean, there is the field of critical systems engineering. The problem is that every schmuck with a computer and some venture capital is off to “disrupt” something, regardless of how much was already learned in that field by the previous generations.

        • GombeenSysadmin@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          Critical Systems Engineering? Sounds expensive. Nah fuck that, let’s write the code in VB6 and stick it on an unsecured Windows NT box.

    • athos77@kbin.social
      link
      fedilink
      arrow-up
      21
      ·
      edit-2
      8 months ago

      Lol, I wrote contractor code for DoD. Obviously, DoD wants really good security on their code. One particularly bad project I ended up as a subcontractor on, management kept insisting that what we were coding was a prototype, and we could add in the security in the actual project. And all us coders were like, “No, you’re having us write the actual project and the security has to be designed into it from the base up, ‘adding it in later’ like you won’t admit you’re planning on doing will leave way too many places for security holes to occur. Let us stop programming this shit and design some actual security and then get back to work.” We were told “lol, no, you don’t know what you’re talking about, this is just a prototype, get back to work.”

      We had little buttons printed up saying, “Don’t worry: this is just the prototype, we’ll do the real programming later.”

      Of course, two years later, the “prototype phase” ends, and management comes to us and says, “Hey, okay, so we’ve decided that what you’ve been working on is what we’re actually going to ship. You need to go back and make it fit all these really-high-level-security requirements.” Which of course would mean going through all this code and essentially redesigning and rewriting over half of it from scratch. Over half the coders were gone in six weeks.

      I still have my nifty little button, though.

    • sugar_in_your_tea
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      8 months ago

      The problem isn’t with testing (which is an issue), but standardization on specific solutions. When everyone needs to use the same thing, it’s a lot more valuable to attack it.

      So what we need is more alternatives that work together.

      I don’t know anything about the trucking industry, so I’ll use IT instead. A lot of companies standardize on Cisco equipment, so when there’s a breach, everyone is screwed. The problem isn’t that Cisco is insecure, it’s that Cisco is ubiquitous, so one breach screws over everyone. If networking equipment was more a la carte, it’s unlikely a breach would impact all of the equipment used (e.g. a Mikrotik Router, Mikrotik Switch, Ubiquiti Access Points, etc). But bundling solutions is the name of the game for these large operations, which increases the fallout from a breach.

      That’s why Windows gets so many viruses, it’s not because Windows sucks (it does), it’s because it’s such a huge target and you’ll get so much more value from attacking it than attacking a potentially easier target.

  • nbailey@lemmy.ca
    link
    fedilink
    English
    arrow-up
    36
    ·
    8 months ago

    Wait… you’re telling me that these devices are connected directly to the CAN bus and also have default root passwords? Did nobody involved in this ever stop and think it might possibly be a bad idea??

    This brings a new meaning to the old phrase “war driving”

  • spyd3r
    link
    fedilink
    English
    arrow-up
    31
    ·
    8 months ago

    Wait, I’ve seen this one before:

    • Tony N@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      8 months ago

      That movie terrified me as a child, then I rewatched it as an adult and laughed and laughed.

      • spyd3r
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        I actually hate myself for rewatching it, it totally ruined my memory of it. In fact it didn’t even seem like I was watching the same movie.

  • tygerprints@kbin.social
    link
    fedilink
    arrow-up
    9
    arrow-down
    4
    ·
    8 months ago

    What a world we live in. No wonder we can’t ever have nice things. We can’t have computers that aren’t subject to the sick fucks that invent viruses to infect them. We can’t trust our online information thanks to the sick fucks that need to steal information because of their asshole criminal smallness.

    No matter what we always get screwed over by the assholery of the small and sick perverts out there.

    • s7ryph@kbin.social
      link
      fedilink
      arrow-up
      23
      ·
      8 months ago

      This is absolutely on the manufacturer. Default credential attacks should not exist in the day and age.

    • KidOPM
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      Sad, but some of us make a living out of this. But still sad (and true).

      Of course if that was not the case we could employ our sorry minds to something more constructive.

      • tygerprints@kbin.social
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        8 months ago

        I hope not because bringing misery and hurt into people’s lives to make a buck is about the most inexcusable and sick thing a person can do. It’s akin to selling people into slavery, only with even less morality. Holding people hostage to hacking is absolutely the worst filth a person can engage in.

        • KidOPM
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          Not following… Since this is a cybersecurity com, I assume that many of us work in this area, literally defending people and organizations from attackers and scammers. That’s why I said some of us make a living out of this in a sad way.

          • tygerprints@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            I’m not saying that cybersecurity folk are the bad ones but that they even have to exist is a sad statement about the corrupted world we live in. Why anyone would deliberately create computer viruses is beyond my understanding at all.

            Isn’t life hard enough for most of us? With our daily grind and frustrations, and then having to deal with computer hackers and people tyrying to steal our personal info and bring down our national systems – the sickness of hackers is beyond my understanding.