How computer security is handled bothers me greatly. – Long posts

How computer security is handled bothers me greatly.

Ryan B

3 days ago

I eat databases, networks, and Web sites.

@ryb on Pnut

Look. I understand just fine that software needs to be kept updated to be secure. But let's not pretend this isn't a failure of software design and implementation.

Look at this. A LastPass employee was hacked because of a Plex vulnerability. Their response?

"Unfortunately, the LastPass employee never upgraded their software to activate the patch," Plex said in a statement. "For reference, the version that addressed this exploit was roughly 75 versions ago."

I truly abhor this framing, and especially the snarky jab at the end. It's not, "This vulnerability shouldn't have happened, and we're revising our process to make sure something like this never happens again." It's, "Should have updated, dumbfuck."

And let me be clear: this vulnerability should not have happened.

This is the vulnerability. To make matters worse, scroll down to the disclosure timeline. Plex didn't even think it was an RCE!

If even open source projects are pushing out features without caring about the consequences (not to mention how much worse it must be for commercial projects), software is truly cooked.

I'm starting to think programmers really don't care about what they put out into the world.

Share Link

8 approximate views

Activity: 3 Replies, 1 Repost, 0 Bookmarks

Discussion

View on Beta

@33MHz
@ryb the old guard is still around, in some circles of development, maintaining things the Old Way. But I think as that guard changes, a lot of software we all expect to keep ticking will get interesting.
@33MHz
@ryb I can imagine a headline about some software dev not updating his car's OS, leaving him vulnerable and causing a data breach.
@ryb
@33MHz He will miss a car payment and be unable to get the security update, but it will still be his fault.
@33MHz
@ryb it'll be hilarious!
@33MHz
@ryb

Log in to comment.