Little Pig, Little Pig! Let Me Admin! (Security Thread)

User avatar
Mongrel
Posts: 12552
Joined: Mon Jan 20, 2014 6:28 pm
Location: Canadumb

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Tue Oct 16, 2018 1:20 am

Shit, I already don't trust security updates.
Image

User avatar
Brentai
Woah Dangsaurus
Posts: 2464
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Tue Oct 16, 2018 11:00 am

Yeah, it's probably actually good for people to not blindly accept that everything a corporation pushes onto their system is going to be for their protection and benefit. I like the idea of the general public becoming more skeptical about everything being connected and modifiable by a remote party. That's probably a better move for WAN security than "Let's definitely assume every printer, refrigerator and air filter manufacturer is going to reliably secure its firmware."
Image

User avatar
Thad
Posts: 6767
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Tue Oct 16, 2018 11:24 am

It would be if the result was going to be "learn more about security and make sure you handle it personally, or get somebody who knows how to help you."

You know that's not going to be the result. The result is going to be that end users refuse any updates they're given a chance to refuse, and publishers respond by making it increasingly difficult to refuse updates.

That is not a good result. In the absolute best-case scenario, it takes us back to where we were before automatic updates, except back then most households only had one or two unsecure computers.

User avatar
Brentai
Woah Dangsaurus
Posts: 2464
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Tue Oct 16, 2018 12:01 pm

Well no I was hoping it would result in "End users become skeptical of unnecessary connectivity." The best way to secure your printer is don't put a separate client on your printer.

So yes, I guess I'm pushing for that exact best-case.
Image

User avatar
Thad
Posts: 6767
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Tue Oct 16, 2018 2:46 pm

OK, yeah, I'll buy that. I think networked printers are here to stay, but a lot of consumers DO seem to be getting more wary about the IoT, and that's a win.

That said, MS's update tactics over the past few years are similarly dangerous.

User avatar
beatbandito
Posts: 2492
Joined: Tue Jan 21, 2014 8:04 am

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby beatbandito » Tue Oct 16, 2018 2:55 pm

I fell into a Microsoft "security update" trap a couple months back, myself.

I kept getting notifications to connect my work laptop to a windows live account or otherwise an accident may happen to all my poor data, and no one wants that. I couldn't put the time into making it go away permanently, since it's not like closing it and disabling notifications should do that or anything, and finally just logged in to my existing account to link them.

It then proceeded to completely fuck all the network connections to my laptop, because I wasn't actually just linking to a WL account, I was replacing my user account with it.
Image

User avatar
Büge
Posts: 3117
Joined: Mon Jan 20, 2014 6:56 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Büge » Tue Oct 16, 2018 10:54 pm

beatbandito wrote:I kept getting notifications to connect my work laptop to a windows live account or otherwise an accident may happen to all my poor data, and no one wants that.


That's not a security update. That's a protection racket.
Image

User avatar
Büge
Posts: 3117
Joined: Mon Jan 20, 2014 6:56 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Büge » Tue Dec 18, 2018 9:19 am

Image

User avatar
beatbandito
Posts: 2492
Joined: Tue Jan 21, 2014 8:04 am

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby beatbandito » Wed Feb 20, 2019 12:05 pm

I use a... 'network of doctors' I guess is the terrible name for only ever having to go to one building for specialists, and they have their own app to coordinate scheduling, patient information, payment information, and the like.

The other day I got the account disabled by trying too many incorrect passwords. Today it still wont let me in and gives a number to call to restore access. I give that number, give my name and birthday, and he reset the password.

This isn't to say he started the password recovery process or sent me an email with how to restore the information. The operator said "okay, your password is 1234 now, so use that to sign in and then change it back to whatever you want."

Which is... frightening.
Image

User avatar
Thad
Posts: 6767
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Sat May 25, 2019 11:45 am

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Bush league shit. You view a document, it has a URL ending in a number; if you manually enter other numbers, you can see other documents.

Say, you guys remember that temp job I had where I was working in a warehouse, and my bosses tried to get me promoted to desktop architecture, but management in Santa Ana declined and laid me off at Christmas? Yeah, these fucking guys.

I'm not saying "you know, if they'd given me that promotion, this wouldn't have happened," because who knows where I'd be right now if I'd gotten that desktop architecture gig; there's certainly no guarantee I would have wound up in web development, or even a job where I'd ever look at that website.

But I am saying that FATco had at least one worker who was a competent web developer who would have spotted this if he'd ever been given the opportunity, and with a staff of 18,000, I bet I wasn't the only one.

User avatar
Mazian
Posts: 289
Joined: Sat Jan 25, 2014 3:47 pm
Location: Lullaby Supermarket

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mazian » Sat May 25, 2019 12:52 pm

Lovely. I'd be in those records.

I look forward to nothing happening, or receiving a form letter about how customer privacy is always their top priority, and then nothing happening.

Who is online

Users browsing this forum: No registered users and 8 guests