fbpx

Tag Archive for hackers

The Internet of Things

August 4, 2015 future, Writing Comments Off on The Internet of Things

https://hacked.com/hackers-find-way-remotely-switch-smart-sniper-rifles-target/

Now, as a rule, I am all for pushing technology forward.  Building new things, breaking sh*t, changing the way that people think about pretty much everything.  Forward is good.

But incautiously forward is becoming the norm.  While there are hundreds of companies pushing forward the idea of IoT (Internet of Things), they are all, almost invariably, following the “MPB” model (minimum playable build).  The idea behind the MPB is to get your product to market first, start establishing your user base, let your consumers become your testers and thereby get them to buy in to your product.  After all, it’s their suggestions and requests that you are taking and implementing, so they now have some skin in the game.

The problem arises when security gets involved.  When you have a user base of ten or a thousand, you’re often not big enough to attract attention from any serious hackers.  So it’s easy to get lax on security for the sake of time to market.  You can fix it after the fact, right?  But as your development teams turn over and new faces replace the old, those security flaws (which you knew about but planned to fix once you were a viable product, really) get layered over.  They get forgotten, or you hope they never get noticed.

The thing about the kinds of people who hack a system, they love to know sh*t. If you get cool enough or big enough, they’re going to take a look.  They’re going to want to pop the hood to see if your programmers really did something really slick in there, or if it’s a train wreck in a shiny plastic housing.  The flaws will be found out, and if you’re lucky, you were hacked by an ethical bunch, who will be happy to take their turn deconstructing you at Black Hat and may (if paid) help you to fix those flaws before someone gets hurt.

 

Too big to parse.

December 3, 2014 Writing Comments Off on Too big to parse.

 

The Sony breach is massive.  Terabytes of data were grabbed in this most recently announced hack.  What’s been released so far isn’t the source code for the new FF game, or a 5 year plan for development of a new line of wearables.  What were’s seeing so far is personal, it’s people-stuff, employee stuff.  Letters from doctors justifying medical leave, email conversations between producers, the mundane data that collects during the operation of a business.

The sheer volume of paperwork and information that a small business generates and keeps on file is impressive.  Scale that up to an international corporation on the scope and scale of Sony, where departments are likely segregated and the entire system is assembled, patchwork, from different vendors and datasets and you are looking at a data storage and retrieval nightmare.  And KNOWING everything that got swiped, that’s beyond the scope of any single human brain.  You might know that “all employee records from the NY sat office from 1987 through 2011” were grabbed, but that’s not going to tell you that the hackers got a copy of the letter written by the doctor confirming the guy who manned the front desk needed medical leave to get a tumor removed from his spleen.  And that right there is the bigger issue.  Controlling, encrypting, purging and retrieving all of that information, determining what needs to be saved and what needs to get dumped is becoming critical.

As server space gets cheaper and processing power continues to rise, we have become horaders of data, of information.  There are some things that should be used, noted and discarded, but we don’t.  We save it all.  We save it in case there’s a lawsuit, we save it because we “might need it” someday, we save it because we are simply to lazy to spend the brain-cycles on deciding whether or not to hit the delete key.

Better regulation (not the governmental kind, just the joe-average controlling kind) of data, better ways to track and retrieve data and above all, better ways of internally encrypting data are going to be key issues in development coming up.