?

Log in

No account? Create an account
entries friends calendar profile my webpage Previous Previous Next Next
From wired today:… - Tina Marie's Ramblings
Red hair and black leather, my favorite colour scheme...
skywhisperer
skywhisperer
From wired today: http://blog.wired.com/27bstroke6/2007/07/atm-reprogrammi.html

The store owner summarized up exactly the reason we have security holes in software:
"I'm not a technical person," he says. " I cut meat and I sell groceries. That's my job. I don't know anything about an ATM. I put money into it, people take it out, and I get a reading at the end of the day."
Why should he need to know to change not one but two passwords? How does is help him do his job, which is to put money into the ATM, let people get it out, and get a reading at the end of the day? We have technology to solve this problem, but we don't use it.

Maybe the problem was a lazy developer who didn't want to put thought into security. Maybe the developer came up with a wonderful security proposal, and his manager said, 'We don't have time for that! Stick a default password on it and call it good!'. Either way, the user got hurt, and the everyone turned around and blamed him.

We sell software as a commodity. We market it as being simple and easy to use. But there are all these hidden loopholes, carefully hidden in the UI, and just one of them can cause major problems. Either we say "The connected world is dangerous, and the software to manage that danger isn't always easy to use. You need a bit of knowledge and training to put a computer on the Internet", or we write software where developers have taken responsibility for writing secure code and managers have taken responsibility for funding secure code. There are no other choices.

Or we could just keep blaming the user.

Tags:
Current Mood: annoyed annoyed

2 comments or Leave a comment
Comments
grahamwest From: grahamwest Date: July 13th, 2007 10:31 pm (UTC) (Link)
When I read the article I wondered why any of the admin functionality should be accessible through the front panel at all? I would've put all that on a separate set of buttons inside the machine and had a keylock as well. If you can't get to the money, you've no reason to be reconfiguring the machine.

That's the way it is for pinball machines (well, they don't have the keylock, but they do have a coin door interlock that write protects part of the NVRAM).
alioth1 From: alioth1 Date: July 14th, 2007 07:35 pm (UTC) (Link)
I wondered that, too. But convenience wins out over security every time: software companies all believe simple sells, so do whatever is simplest and most convenient at the expense of security. Of course, another keypad might cost the manufacturer a couple of bucks too.

The other thing is the size of the software components that people are plugging together to make single purpose machines like this. So you end up with power-sucking PeeCee motherboards in these things running Windows, when the functionality itself wouldn't cause an 8-bit AVR microcontroller to work up a sweat (on 1% of the power draw) without dragging in all the complexity (some of which could be exploited) along with whatever gigantic OS they install on the thing.

2 comments or Leave a comment