An unchanged credential allows anyone to virtually control door locks and elevators at dozens of apartment buildings across North America, a security researcher found.
… Did… did you expect landlords, or building managers… to be competent at anything other than figuring out how to withhold your security deposit, and overcharge you for utilities?
I realize I am coming off a bit more aggressive than I mean to… very, very angry after watching the fascist goon squad in Idaho…
Bleck.
… Anyway.
I would not expect basically anyone at this point to be any kind of competent whatsoever with any kind of cybersecurity.
I worked in tech for a decade, database admin, backend stuff, handling PII, often having to teach front end web designers how to do anything more complex that building a CSS stylesheet or using Wix or something like that how to actually interface with an API… and my experience is that literally no one outside of a computer security minded role knows anything, at all, about cyber security.
Non tech managers and team leads are usually even worse. You have to basically baby talk them through everything, and they usually don’t learn anything anyway, and will then just use all the terms and concepts completely incorrectly and conclude they said or agreed to or told you to do almost the exact opposite of the meaning of the sentence they actually used.
The entire problem is that everyone just assumes that because they paid for something, it actually works as advertised.
Buzzword? Other Buzzword? Authoritative salespitch? Sold!
The vast, vast majority of people never do proactive due dilligence, only reactive finger pointing.
Leaving default passwords in critical hardware systems that are made by somebody else and sold to people or businesses is widespread and has been widespread for decades.
Here is basically a chatroullete of internet connected, public facing cameras that are basically all accessible, live, in realtime, because nobody bothered to change the default login/pws.
The whole point is to illustrate how common this is.
They used to have a lot, loooot more, but they had to start automatically delisting the absurd amount of cameras that were inside peoples houses, watching people fuck and have domestic disputes and such, and adopt a policy of ‘please email us if you see your own camera and we’ll take it off the site and also tell you how to fix the problem on your end.’
Just going through the US, the first one that’s popping up for me is an amalgamated view of what looks to be the entire security feed of an apartment complex in San Diego.
… Did… did you expect landlords, or building managers… to be competent at anything other than figuring out how to withhold your security deposit, and overcharge you for utilities?
No, but if I were a building manager I would expect the company I hire to install the system to at least change the fucking password.
I realize I am coming off a bit more aggressive than I mean to… very, very angry after watching the fascist goon squad in Idaho…
Bleck.
… Anyway.
I would not expect basically anyone at this point to be any kind of competent whatsoever with any kind of cybersecurity.
I worked in tech for a decade, database admin, backend stuff, handling PII, often having to teach front end web designers how to do anything more complex that building a CSS stylesheet or using Wix or something like that how to actually interface with an API… and my experience is that literally no one outside of a computer security minded role knows anything, at all, about cyber security.
Non tech managers and team leads are usually even worse. You have to basically baby talk them through everything, and they usually don’t learn anything anyway, and will then just use all the terms and concepts completely incorrectly and conclude they said or agreed to or told you to do almost the exact opposite of the meaning of the sentence they actually used.
The entire problem is that everyone just assumes that because they paid for something, it actually works as advertised.
Buzzword? Other Buzzword? Authoritative salespitch? Sold!
The vast, vast majority of people never do proactive due dilligence, only reactive finger pointing.
Leaving default passwords in critical hardware systems that are made by somebody else and sold to people or businesses is widespread and has been widespread for decades.
Here is basically a chatroullete of internet connected, public facing cameras that are basically all accessible, live, in realtime, because nobody bothered to change the default login/pws.
The whole point is to illustrate how common this is.
http://insecam.org/
They used to have a lot, loooot more, but they had to start automatically delisting the absurd amount of cameras that were inside peoples houses, watching people fuck and have domestic disputes and such, and adopt a policy of ‘please email us if you see your own camera and we’ll take it off the site and also tell you how to fix the problem on your end.’
Just going through the US, the first one that’s popping up for me is an amalgamated view of what looks to be the entire security feed of an apartment complex in San Diego.
The vendor is also to blame, being able to use a default accounts after Initial provisioning is pretty bad.
Agreed, they’re part of the problem too.
Its a shit sandwich of incompetence and laziness, and everyone is chowing down, yum fucking yum.