Archive for October 27th, 2011

Virtual Counterfeiting

Recently I had an interesting conversation, if you can call it that, on Twitter (hey, kids – follow me @mendacities, kthxbai) about how very few things have security designed in or sometimes even included, at least at the beginning. Essentially, there’s a kind of obvious trend for new technology to be exploitable in all kinds of interesting and sometimes alarming ways. Often you want to smack someone and ask what they were thinking.

My view is that visionaries – inventors, designers, the people who come up with new stuff – are, at heart, optimists. They think the best of people, and the idea that their products can be misused and abused and exploited never enters their minds – or if it does, it gets discounted immediately, because they’re, well, optimists.

I think that security-related fields – law enforcement, cyber-security, and so on – attract a lot of deeply bitter cynics who have no romantic ideas about human nature, and understand that there is almost nothing people will not exploit, just because they can.

I mean, consider phone phreaking. Leave aside the blue boxes and the red boxes and the beige boxes and the spotted mauve polkadot boxes with white racing stripes; in the mid 1990s, you could make free local calls on a lot of cellphones by shorting the mouthpiece element, I think it was, to earth ground of the chassis, with a straightened paperclip. The fix, if I recall correctly, was installation of a $0.01 diode. Why hadn’t it been there to begin with? Nobody on the technical side of things were cynical enough to think anyone would ever discover it…

Anyway, here’s a first-hand story of one of the most bone-headed moves ever made by a large American retailer…
Read the rest of this entry »

Published in: General, History, Security | on October 27th, 2011 | No Comments »