Why the little things Matter

Published Thu, Jan 25 2007 23:51 | William

I've ranted over and over again about pieces of shameful incompetence I've come across over time.  If you've been in the business more than a few months, you'll see things that make you say "I'm glad I don't do business with them."  For instance, I was recently looking at some code that a friend of mine was debugging. This code is going to run on a public web server and is going to cater to state and local governments.  I look at the ConnectionString - which was running sa, with the companies initials backward for a password, and it was totally unencrypted. On one page, the connection string was actually output.  If the connection string wasn't encrypted do you really think the credit card or demographic was (hint: Not YES).  When this person talked to the developer about it, they just blew it off, "No one is ever going to try to look for that..."

Another similar issue I saw was a password protected document management site. The only problem is that while the authentication scheme did issue an authentication ticket, you could browse to any document and totally bypass authentication. In short, the authentication did nothing useful other than take up bandwidth. 

So what?  We all work at places like this right?  Well, that's the problem.  When you point stuff like this out, people all say "Yah, that's really awful, a guy at my company does..."  We've become complacent.  No one thinks their little oversight is going to blow up. No one thinks their db is going to get pwned.  No one thinks they are going to be on the front page of the paper or the talk of the blogosphere. No one thinks they're going to get sued.

The guys at Diebold sure didn't.

.But my point isn't to bash Diebold as such. But read the article and follow along. Imagine you were the guy that said "We can just use one key, to do anything with it they'd need the key and access to the machine, who's going to ever get that?"  You roll into work, everything's looking good. Hell, you might even be staring down a promotion soon.  Stuff's going so good you have a few minutes to paruse some of your favorite blogs at lunch.  You hit Gizmodo and see that article.  In a few seconds, your world just changed.  Your career just got hit by a stinger missile.  Then your buddy Bill calls up. "Dude, nice going.  I was reading the Gizmodo article and just for giggles I made one of those keys, sure enough, they work."  And you just know every one of your smart a55 friends is going to call or IM.  Head home, talk to the kids "So what did you learn at school today?" "We learned that progressive taxes are the only way to go, and that the NEA loves children, and that President Bush eats puppies, and that some moron at Diebold really screwed up."

If you work with anything of worth, it's worth remembering that the longest distance between two points is a shortcut.  Given enough time, you're luck will run out.

Filed under: , ,

Comments

# Windows Mobile, WPF, and more… « IS Department said on January 26, 2007 3:03 PM:

PingBack from http://isdepartment.wordpress.com/2007/01/26/windows-mobile-wpf-and-more/

Search

This Blog

Tags

Community

Archives

News

My other sites

Cool Stuff

Book Stuff

Security

ORM

Data Access

Funny Stuff

Compact Framework Stuff

Web Casts

My KnowledgeBase Articles

My MVP Profile

Design Patterns

Performance

Debugging

Remoting

My Fellow Authors

My Books

LINQ

Misc

Speech

Syndication

Email Notifications