Security is the same 80/20 game as pretty much everything else. The problem is identifying the 80 percent that can be taken care of with 20 percent of the cost.
That's no rumor, that's the reason. Many install scripts (and other programs) didn't bother looking for "Windows 95 || Windows 98" but were just looking for "Windows 9", because whether it's 5 or 8 after the 9 didn't matter. That's all that could have happened after the 9.
All these programs and scripts would break in Windows 9.
Another reason was that MS learned that people wisened up and knew that only every OTHER version of Windows was actually usable, so they tried to trick people into thinking that 10 is the usable one. Didn't work so well, people knew that 9 would have been the usable one (after Win 7 and the tiled atrocity Win 8 was, Win 9 would have been the "good" one).
Then why repeat that mistake with new toys attached to the network?
Yes, the network is insecure. It was never meant to be secure. It was meant to be reliable and resilient against damage. If you want security, secure your endpoint.
Security first and foremost is expensive. It costs money to keep the people who do know a lot about security on this side of the legal fence. Because you can believe me when I tell you, there's WAY more money to be made on the other side. And security costs time. Because your development will be delayed when you finish your product only to have to redo it because in the final test your security crew (that suspiciously isn't involved in the production process... don't ask) finds a few crippling security flaws.
And when you're finally ready to roll, you notice that competitor A already has a product just like yours in the market and has cornered the market. How could he do this? Easy. By not giving a shit about security. And since he's more often than not completely not liable for any damage his insecure crap causes, why should he give half a shit about it?
Why do people buy his shit is the question one should ask. And the answer is simply because they don't know shit about security and they also don't care. And more often than not don't want to know about it either. They care whether it's cheap and whether it does what it promises. They don't even think that someone else could use it for nefarious reasons.
And this is why companies making IoT items don't give a shit about security. They'd probably go bankrupt if they did.
Maybe if more high profile targets get finally hit by the security hole IoT is, we'll finally see some movement in this field.
I mean, FFS, these things have security standards I have not seen since the millennium rolled over! You can go down the OWASP Top 10 (of any year of your choice) and the average IoT crapware is guilty of all of them!
The manufacturer doesn't even have to go out of business. As "always online" software has shown us again and again, all that's required is the manufacturer not wanting you to use it anymore.
People put way to much emphasis on labels. While you might expect to break more compatibility on a major number than on a minor, i.e. I'd probably be more wary to install a 5.0 than a 4.22, it's been shown time and time again that it doesn't really matter. Why the urge to have a major number anyway? I'd be calling it 5.0 if something huge changed.
With most software it's mostly a marketing game. We change major numbers so we can charge you again. But with the transition to SaaS, this practice will even change for CSS, why FOSS felt the urge to play the game in the first place is beyond me.
And most likely we just don't know something yet. Like we did a century ago when we noticed that Mercury doesn't move around the Sun as it should. Back then we thought that some other object must be responsible and were looking for it. Today we know that relativity is the culprit.
I dare say we'll find something similar explaining what we now think is "dark matter/energy".
What he didn't state and probably didn't realize is that they apparently WANT to be ignorant. Never before in the history of mankind it has been easier to acquire information and wisdom. And never before in the history of mankind have people been more willfully ignorant.
Yes, science is obsolete for an increasing number of people. Not because they don't need science anymore, but because science doesn't satisfy them anymore. Science is SO removed from what most people can understand and SO specialized that we have arrived at the point where to more and more people it's no longer something they can understand, but it's something they have to believe.
And if they have to believe anyway, why not believe something that's easier to understand and more comforting?
And this is where religion, conspiracy theories and "alternative" reality models come into play. And why they're getting increasingly popular.
It sure would be any robot maker's wet dream. Buy your robot today! But if it breaks (or breaks you, or something else), you can sue the robot you bought from me, but not me!
But we are also capable of something you apparently cannot do: See beyond our own needs. Which is scary considering that your job is to put yourself into the boots of criminals so you understand how they think which allows you to catch them more easily.
We know that catching terrorists is harder when there is encryption. But flawed encryption means that terrorists will use perfect encryption while your industry, having to obey the law, has to use faulty one which can easily be cracked, not only by you but also by, say, North Korea. Which is certainly interesting in case of, say, a company developing new and more efficient means of enriching nuclear material.
Apparently you can't think this far. It's not that hard, really. In other words, I rarely agree with Trump, but firing you was one of his more sensible moves. We don't need ignorant people who are unfit for their job in critical positions.
Security is the same 80/20 game as pretty much everything else. The problem is identifying the 80 percent that can be taken care of with 20 percent of the cost.
First, a government actually bans its use because they can't spy on you.
Two, no Russian spammers on the network trying to flood it with fake news.
And I honestly don't know what's the better reason...
That's no rumor, that's the reason. Many install scripts (and other programs) didn't bother looking for "Windows 95 || Windows 98" but were just looking for "Windows 9", because whether it's 5 or 8 after the 9 didn't matter. That's all that could have happened after the 9.
All these programs and scripts would break in Windows 9.
Another reason was that MS learned that people wisened up and knew that only every OTHER version of Windows was actually usable, so they tried to trick people into thinking that 10 is the usable one. Didn't work so well, people knew that 9 would have been the usable one (after Win 7 and the tiled atrocity Win 8 was, Win 9 would have been the "good" one).
No, most other internet enabled device I can audit.
Try it with your average IoT crapbox.
Ten duotrigintillion on the short scale, ten thousand sexdecillion on the long scale.
Then why repeat that mistake with new toys attached to the network?
Yes, the network is insecure. It was never meant to be secure. It was meant to be reliable and resilient against damage. If you want security, secure your endpoint.
The gift that keeps on giving.
Whether you want it to or not.
People don't want security. Here's why.
Security first and foremost is expensive. It costs money to keep the people who do know a lot about security on this side of the legal fence. Because you can believe me when I tell you, there's WAY more money to be made on the other side. And security costs time. Because your development will be delayed when you finish your product only to have to redo it because in the final test your security crew (that suspiciously isn't involved in the production process... don't ask) finds a few crippling security flaws.
And when you're finally ready to roll, you notice that competitor A already has a product just like yours in the market and has cornered the market. How could he do this? Easy. By not giving a shit about security. And since he's more often than not completely not liable for any damage his insecure crap causes, why should he give half a shit about it?
Why do people buy his shit is the question one should ask. And the answer is simply because they don't know shit about security and they also don't care. And more often than not don't want to know about it either. They care whether it's cheap and whether it does what it promises. They don't even think that someone else could use it for nefarious reasons.
And this is why companies making IoT items don't give a shit about security. They'd probably go bankrupt if they did.
Revetted? Sorry, I'm not a native speaker, is that a polite way of saying "fired out of a cannon"?
Maybe if more high profile targets get finally hit by the security hole IoT is, we'll finally see some movement in this field.
I mean, FFS, these things have security standards I have not seen since the millennium rolled over! You can go down the OWASP Top 10 (of any year of your choice) and the average IoT crapware is guilty of all of them!
In the online gaming world they call them "whales". So... the thing about the aquarium actually makes it even more funny.
Well, you have to admit, some of the parts you find in IoT devices cost a lot more if bought without the plastic casing...
If I get to look over granny, sure.
If you get to look over her, no.
The manufacturer doesn't even have to go out of business. As "always online" software has shown us again and again, all that's required is the manufacturer not wanting you to use it anymore.
People put way to much emphasis on labels. While you might expect to break more compatibility on a major number than on a minor, i.e. I'd probably be more wary to install a 5.0 than a 4.22, it's been shown time and time again that it doesn't really matter. Why the urge to have a major number anyway? I'd be calling it 5.0 if something huge changed.
With most software it's mostly a marketing game. We change major numbers so we can charge you again. But with the transition to SaaS, this practice will even change for CSS, why FOSS felt the urge to play the game in the first place is beyond me.
And most likely we just don't know something yet. Like we did a century ago when we noticed that Mercury doesn't move around the Sun as it should. Back then we thought that some other object must be responsible and were looking for it. Today we know that relativity is the culprit.
I dare say we'll find something similar explaining what we now think is "dark matter/energy".
What he didn't state and probably didn't realize is that they apparently WANT to be ignorant. Never before in the history of mankind it has been easier to acquire information and wisdom. And never before in the history of mankind have people been more willfully ignorant.
Yes, science is obsolete for an increasing number of people. Not because they don't need science anymore, but because science doesn't satisfy them anymore. Science is SO removed from what most people can understand and SO specialized that we have arrived at the point where to more and more people it's no longer something they can understand, but it's something they have to believe.
And if they have to believe anyway, why not believe something that's easier to understand and more comforting?
And this is where religion, conspiracy theories and "alternative" reality models come into play. And why they're getting increasingly popular.
Really? Wow, so it IS an advanced system that can do things it wasn't even designed for.
Hmm... Is that scheisse porn mandatory?
The moment I can hang a corporation for a crime and it ceases to exist, with all this entails, that's the moment I'll consider it a person.
It sure would be any robot maker's wet dream. Buy your robot today! But if it breaks (or breaks you, or something else), you can sue the robot you bought from me, but not me!
Just because you fucked up and let corporations be "persons" doesn't mean repeating this mistake is a good idea.
But we are also capable of something you apparently cannot do: See beyond our own needs. Which is scary considering that your job is to put yourself into the boots of criminals so you understand how they think which allows you to catch them more easily.
We know that catching terrorists is harder when there is encryption. But flawed encryption means that terrorists will use perfect encryption while your industry, having to obey the law, has to use faulty one which can easily be cracked, not only by you but also by, say, North Korea. Which is certainly interesting in case of, say, a company developing new and more efficient means of enriching nuclear material.
Apparently you can't think this far. It's not that hard, really. In other words, I rarely agree with Trump, but firing you was one of his more sensible moves. We don't need ignorant people who are unfit for their job in critical positions.
Dilute? No. Use it to your advantage. They want all the information about you. Give it to them. Tell them everything ... they should think about you.