Shevek (shevek) wrote,

The BBC reports a major security vulnerability about once a week in its mainstream technology column, and I notice that my prevailing attitude is not "Oh, wow." but more "Oh. Somebody else has noticed." I suspect a lot more people would notice, and these attacks would be a lot less newsworthy if only people were more security-minded.

Were you mischievous in school? Did you look at each item in the classroom and wonder, "How can I make that backfire on teacher?" Then your industry needs YOU! If you've ever caused a denial of (classroom) service by applying vaseline to a doorknob, swapped the signs on the gents and ladies loos, or filled in a classmate's name on a blank detention slip, then you can also sniff your local network for unauthenticated protocols, exploit IDN for fun and profit, and reverse engineer your (friend's) bank card. If you can send an SMS which says "Hello" to a mobile phone, what ELSE can you send? Can you really play tetris on the next towerblock along by ... persuading their power control systems? The engineers never believed THAT would be connected to the internet, so why does it need a password. Go and google for "default password" right now. If you're really brave, or living in a jurisdiction where it's legal, go and google for "default atm password".

So yes, perhaps it's better to stick to playing with devices you own and "control" - another debate which those of us with a security mindset have been following fairly closely, and a topic for another post. Neither of us is a lawyer, but a basic grounding in what is legal in your jurisdiction is essential. And if you think any of the above suggestions is a joke, ask me privately. Naturally, I do not, nor have I ever done anything suggested above. Except the vaseline on the doorknob, that was funny.
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.