Date: Thu, 02 May 2013 11:48:32 -0400
From: "Mike B." <yahoo at omniphile.com>
To: WSFA members <WSFAlist at KeithLynch.net>
CC: Michael Walsh <walshmichaelj at gmail.com>
Subject: [WSFA] Re: "Some things just shouldn't be connected to the Internet."
Reply-To: WSFA members <WSFAlist at KeithLynch.net>

On 5/2/2013 9:55 AM, Michael Walsh wrote:
> So ... there's this search engine: Shodan ...
> "When people don't see stuff on Google, they think no one can find it.
> That's not true."
> http://money.cnn.com/2013/04/08/technology/security/shodan/index.html
>
> And here are some search results:
> http://money.cnn.com/gallery/technology/security/2013/05/01/shodan-most-dangerous-internet-searches/index.html
>
> Perhaps the best quote from the above:
> "3M spokeswoman Jacqueline Berry noted that Autoplate's systems
> feature robust security protocols, including password protection and
> encryption. They just have to be used."

Anyone who thinks that password protection is "security" shouldn't be in
charge of computer security.  Passwords haven't been adequate protection
for anything vital for many years now...especially for systems that let
you have as many attempts as you like (and "social engineering" works
for most of the rest).

Anyone who would put infrastructure controls like traffic lights, power
stations, or other vital systems on the internet should be removed from
their position.  Anyone who would do it without *serious* multi-factor
authentication should be shot in order to advance evolution.

Of course, since the "people in charge" are computer illiterates, that
won't happen.  They will think, "Well *I'd* have thought that would be
ok, so how can I blame Idiot Q. Numbskull over in engineering for doing
it?"  They, of course, think that they are competent to decide such
things...when they aren't even competent enough to recognize that they
aren't.

-- Mike B.

-- Mike B.