Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Are So Many Security Vulnerabilities Possible?

Posted by BeauHD on from the behind-the-scenes dept.

dryriver writes: It seems like not a day goes by on Slashdot and elsewhere on the intertubes that you don't read a story headline reading "Company_Name Product_Name Has Critical Vulnerability That Allows Hackers To Description_Of_Bad_Things_Vulnerability_Allows_To_Happen." A lot of it is big brand products as well. How, in the 21st century, is this possible, and with such frequency? Is software running on electronic hardware invariably open to hacking if someone just tries long and hard enough? Or are the product manufacturers simply careless or cutting corners in their product designs? If you create something that communicates with other things electronically, is there no way at all to ensure that the device is practically unhackable?

4 of 354 comments (clear)

  1. Re:10/90 by Narcocide · · Score: 5, Insightful

    Yes, the big issue here is that it's common knowledge consumers by and large refuse to be bothered to get educated and the bulk of the major software development companies out there aren't don't have leadership ethical enough to be able to resist taking maximum possible advantage of their naivety. Unfortunately this knowledge gap is also being turned against our own government even as our own government participates in using the very same knowledge gap on the general population. It's a huge ugly mess, really, and it says a lot about the spiritual deficiencies of humans as a whole, and I still completely in all seriousness blame Microsoft for starting it.

  2. Do you live in a house or apartment? by El+Cubano · · Score: 4, Insightful

    How Are So Many Security Vulnerabilities Possible?

    Do you life in a house or apartment? Go around and look very closely at every aspect of the structure. As you go, make note every flaw you find, however tiny, but paying special attention to things that could be avenues for entering the dwelling from the outside even if everything is locked up. Now imagine 1,000,000 people all working constantly to find ways through those vulnerabilities without you realizing that is going on. Now imagine everybody in your city has an identical dwelling so that when one avenue is compromised, they all are.

    That is how.

  3. Nobody cares by manu0601 · · Score: 4, Insightful

    Companies do not care about security, because they see no value in it. They rush their own developers to release software, and never ask them to focus on security.

    Developers do not care about security. They never face the consequence of their negligence on it

    Consumers do not care about security. They shop for the cheaper or the most hyped product, not for the one that was correctly engineered. How could they know it really was, anyway?

  4. Because it is hard, and sometimes not possible by Harlequin80 · · Score: 4, Insightful

    Security is not free. It is neither free in that it requires lots of man hours of time to develop & code, and that security has no impact on the user experience.

    You can do end to end encryption of all traffic, encrypt at all states, require multi-factor auth, require physical devices, require secure portal software. But all of these have operational costs as well. But in the cost of compute and in the usability of the software.

    If you had to access gmail through a specific secure application, with 3+ factor authentication, and it was really really slow, would you use it?