Security Ripcord

Although we have seen some recent activity concerning a hacked road-side construction sign, you should be aware that this situation was documented on Jun 23, 2006 at 11:49 a.m. on the Rotten Eggs website in an article titled (amazingly enough): Hacking electronic road signs.  Of course the newest article is a little more in-depth, but this type of activity and vulnerability should not have been a surprise to anyone.  Those of you who subscribe here are very familiar with this type of situation.

Now that the situation is back in the public eye, how do we leverage it with our friends, family, co-workers, customers, and management?

What this situation does is emphasize the fact that default passwords and devices with built in reset capabilities should be controlled in a much better manner.  The changing of a road sign will not last very long or adversely affect (generally) anything beyond inconvenience.  The real problem is the mentality of companies creating devices that operate in this manner.  Things are still getting built this way and we have to make the logical leap that developers of hardware, programs, operating systems, network devices, mobile devices, and applications are making the same mistakes even today.

We can use this opportunity to remind our our friends, family, co-workers, customers, and managers to evaluate their deployed technologies for default passwords.  We should also remind them that they need to take these things into consideration during the initial purchasing process where they are evaluating new technologies. That is the only way to find these types of problems and mitigate the risk properly before purchasing and deployment.  Should they find devices or applications with these limited or hamstrung security capabilities they should do a risk assessment to determine the best method to increase the security surrounding the technology or what can effectively and securely replace it.

Your mission is to determine a way to put the preceding paragraph into words and terms that your audience will understand.  Most of you reading this know exactly what I talked about.  You cannot assume that your audience will be able to understand it in the same manner.  If they don’t understand it they cannot proceed effectively.  Think about your audience before approaching them with your recommendations.  Determine the proper terminology, references, and examples to help them make an informed assessment and conclusion.  Be prepared with solutions for situations that you know exist and methods to move forward and locating those situations that have not identified.  And be sure to stress the importance of taking security into consideration during the initial evaluation and purchasing process.

Go forth and do good things,

Don C. Weber

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.