Keeping up Appearances
I like knowing stuff. I don’t really care what stuff it is, but as they say, knowledge is king, and I like crowns. So every day I scan headlines on various tech sites (and news sites, but we’ll stick to tech for now because the VP selection really has no significance to my daily working life at the moment). Normally I don’t have much to mull over, but recently I have. I don’t know if it’s because of Defcon announcements and stories starting to go mainstream, or if the exploding iPod nano isn’t a big enough story, so journalists are having to start digging for things, but interesting things are happening.
At Defcon, hackers unite to discuss relevant internet security related topics, with a lot of technique and contests to prove prowess thrown in. Basically, it’s over-my-head stuff, I don’t have the drive to be that serious, but it does point out to the rest of us in the IT world that for each of these people who are actually concerned about safety, there’s someone just as bright willing to take advantage. One of the items of discussion at the conference was a tool written to steal the ID of non-encrypted Gmail sessions. Since the tool itself has not been released, and Google was given enough notice, they provided us, the end user, with the ability to permanently use SSL encryption. Problem solved. In another instance, a presentation by some MIT students was gagged because it showed how anyone could use a chipped card to get through the Boston area local transit station without paying. The MBTA (Massachusetts Bay Transit Authority) was notified, and told to fix the issue prior to the lecture date. The ban eventually was lifted by the courts. In both of these instances, the ‘hack’ was done because it could be, and they did the right thing by prior notification. What companies need to do at this point is accept the flaws and find fixes, and be glad there are some people out there not looking to be malicious or make some cash off an exploit. A reward would be nice though, no?
Next time on Amy’s blog: if you encrypt your hard drive, a judge ruled that you cannot be forced to give up your password!