- Security is quality under attack. Hard-won lessons in software security, from someone who built the programs and wrote the standards.
- HOME
- Management
- IEEE should be embarrassed
IEEE should be embarrassed
- Albert Zenkoff
- 2012-09-27
“The world’s largest professional association for the advancement of technology” has been thoroughly embarrassed in an accident where they left their log files containing user names and passwords open for FTP access to all on the Net for more than a month, according to a DarkReading report. Or, at least, I think they should be embarrassed although they do not seem to be very.
The data for at least 100 000 members were exposed and IEEE took care to close the access. However, having access to the log files is not what I think they should be embarrassed about. As the things go, mistakes in configuration happen and files may become exposed. That’s just life.
However, what is really troublesome is that IEEE, the “world’s largest professional association for the advancement of technology” (according to themselves), has logged the usernames together with passwords in plaintext. I mean, we know that’s bad, and that’s been bad for at least a couple of decades. They are definitely at least a couple of decades behind on good security practices. I think that’s really embarrassing.
Comments List
Albert Zenkoff
Security engineer and architect with 30+ years across Alcatel, Sony, Software AG, and Toyota. Started in embedded systems and telecom, moved through R&D, senior management, and back to engineering by choice.
Co-invented Near Field Communication (NFC) and authored 5 international standards for ISO, ECMA, and ETSI. Built enterprise security programs from zero twice, for Sony FeliCa and for Software AG (1500+ engineers, 100+ products). Patent holder in applied security automation, with a second patent pending for hermetic build systems.
I work across the full stack of security: application security, embedded systems, cryptography, supply chain, cloud infrastructure, and vulnerability management. My background in both engineering and management means I operate at the architecture level and at the policy level, whichever the problem requires.
advice attack authentication breach cloud cost costs Cryptography Development disk encryption economics embedded encryption general Google guidance hash hashing inevitability internet management mobile network news NSA Password password database password management passwords philosophy Physical security privacy protection quality rules security social society software software design software security technology user information vulnerability workshop
What happened to the IEEE? | ISSST2013 - Sustainable Systems & Technologies2012-11-12 20:52 /
[...] IEEE should be embarrassed (holyhash.wordpress.com) [...]