Little Pig, Little Pig! Let Me Admin! (Security Thread)
- Mongrel
- Posts: 18041
- Joined: Mon Jan 20, 2014 6:28 pm
- Location: There's winners and there's losers // And I'm south of that line
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Shit, I already don't trust security updates.

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Yeah, it's probably actually good for people to not blindly accept that everything a corporation pushes onto their system is going to be for their protection and benefit. I like the idea of the general public becoming more skeptical about everything being connected and modifiable by a remote party. That's probably a better move for WAN security than "Let's definitely assume every printer, refrigerator and air filter manufacturer is going to reliably secure its firmware."

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
It would be if the result was going to be "learn more about security and make sure you handle it personally, or get somebody who knows how to help you."
You know that's not going to be the result. The result is going to be that end users refuse any updates they're given a chance to refuse, and publishers respond by making it increasingly difficult to refuse updates.
That is not a good result. In the absolute best-case scenario, it takes us back to where we were before automatic updates, except back then most households only had one or two unsecure computers.
You know that's not going to be the result. The result is going to be that end users refuse any updates they're given a chance to refuse, and publishers respond by making it increasingly difficult to refuse updates.
That is not a good result. In the absolute best-case scenario, it takes us back to where we were before automatic updates, except back then most households only had one or two unsecure computers.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Well no I was hoping it would result in "End users become skeptical of unnecessary connectivity." The best way to secure your printer is don't put a separate client on your printer.
So yes, I guess I'm pushing for that exact best-case.
So yes, I guess I'm pushing for that exact best-case.

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
OK, yeah, I'll buy that. I think networked printers are here to stay, but a lot of consumers DO seem to be getting more wary about the IoT, and that's a win.
That said, MS's update tactics over the past few years are similarly dangerous.
That said, MS's update tactics over the past few years are similarly dangerous.
- beatbandito
- Posts: 3740
- Joined: Tue Jan 21, 2014 8:04 am
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
I fell into a Microsoft "security update" trap a couple months back, myself.
I kept getting notifications to connect my work laptop to a windows live account or otherwise an accident may happen to all my poor data, and no one wants that. I couldn't put the time into making it go away permanently, since it's not like closing it and disabling notifications should do that or anything, and finally just logged in to my existing account to link them.
It then proceeded to completely fuck all the network connections to my laptop, because I wasn't actually just linking to a WL account, I was replacing my user account with it.
I kept getting notifications to connect my work laptop to a windows live account or otherwise an accident may happen to all my poor data, and no one wants that. I couldn't put the time into making it go away permanently, since it's not like closing it and disabling notifications should do that or anything, and finally just logged in to my existing account to link them.
It then proceeded to completely fuck all the network connections to my laptop, because I wasn't actually just linking to a WL account, I was replacing my user account with it.

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
beatbandito wrote:I kept getting notifications to connect my work laptop to a windows live account or otherwise an accident may happen to all my poor data, and no one wants that.
That's not a security update. That's a protection racket.

- beatbandito
- Posts: 3740
- Joined: Tue Jan 21, 2014 8:04 am
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
I use a... 'network of doctors' I guess is the terrible name for only ever having to go to one building for specialists, and they have their own app to coordinate scheduling, patient information, payment information, and the like.
The other day I got the account disabled by trying too many incorrect passwords. Today it still wont let me in and gives a number to call to restore access. I give that number, give my name and birthday, and he reset the password.
This isn't to say he started the password recovery process or sent me an email with how to restore the information. The operator said "okay, your password is 1234 now, so use that to sign in and then change it back to whatever you want."
Which is... frightening.
The other day I got the account disabled by trying too many incorrect passwords. Today it still wont let me in and gives a number to call to restore access. I give that number, give my name and birthday, and he reset the password.
This isn't to say he started the password recovery process or sent me an email with how to restore the information. The operator said "okay, your password is 1234 now, so use that to sign in and then change it back to whatever you want."
Which is... frightening.

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
Bush league shit. You view a document, it has a URL ending in a number; if you manually enter other numbers, you can see other documents.
Say, you guys remember that temp job I had where I was working in a warehouse, and my bosses tried to get me promoted to desktop architecture, but management in Santa Ana declined and laid me off at Christmas? Yeah, these fucking guys.
I'm not saying "you know, if they'd given me that promotion, this wouldn't have happened," because who knows where I'd be right now if I'd gotten that desktop architecture gig; there's certainly no guarantee I would have wound up in web development, or even a job where I'd ever look at that website.
But I am saying that FATco had at least one worker who was a competent web developer who would have spotted this if he'd ever been given the opportunity, and with a staff of 18,000, I bet I wasn't the only one.
Bush league shit. You view a document, it has a URL ending in a number; if you manually enter other numbers, you can see other documents.
Say, you guys remember that temp job I had where I was working in a warehouse, and my bosses tried to get me promoted to desktop architecture, but management in Santa Ana declined and laid me off at Christmas? Yeah, these fucking guys.
I'm not saying "you know, if they'd given me that promotion, this wouldn't have happened," because who knows where I'd be right now if I'd gotten that desktop architecture gig; there's certainly no guarantee I would have wound up in web development, or even a job where I'd ever look at that website.
But I am saying that FATco had at least one worker who was a competent web developer who would have spotted this if he'd ever been given the opportunity, and with a staff of 18,000, I bet I wasn't the only one.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Lovely. I'd be in those records.
I look forward to nothing happening, or receiving a form letter about how customer privacy is always their top priority, and then nothing happening.
I look forward to nothing happening, or receiving a form letter about how customer privacy is always their top priority, and then nothing happening.
- Mongrel
- Posts: 18041
- Joined: Mon Jan 20, 2014 6:28 pm
- Location: There's winners and there's losers // And I'm south of that line
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
I will say that the only thing that really makes this all that notable is that not doing shit like this is ostensibly their primary purpose.

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
They're also one of those entities that's allowed access to deeply sensitive information even if you have no business relationship with them.
