Keith C. Perry on 17 May 2018 20:06:07 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW


Brent, you're explaining THE problem with technology going back to... well... the beginning.

Security has always been an after thought and no matter how many times we all jump up and down about it, people are going to continue to put this aside because to be honest, they would get it wrong anyway.  Most people do not think of security actively or consciously and that carries over to their professional mannerisms. 

In addition to that, product developers are simply not going to include or pay security professionals to fix their offerings because that bit of reality might derail or delay the product.  Nevermind, the increased cost.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "brent saner" <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Sent: Thursday, May 17, 2018 10:41:43 PM
Subject: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW

On 05/17/2018 09:54 PM, Thomas Delrue wrote:
> (SNIP)
> I find the mentality of blindly following "that's what people want and
> we should therefore give it to them" increasingly annoying and, frankly,
> ignorant and unproductive; especially if we (as an industry or craft)
> then continue to get hammered and blamed for doing exactly that,
> delivering them the insecure products or processes/methods they asked
> for and for which we now get blamed in return.
> (SNIP)

i'd just like to point out this is exactly what's gotten our industry in
trouble with IoT devices, leading to the largest DDoS to date.

companies need to make money, i'll grant that just fine. so-called
"smart" devices sell big and are demanded by the consumers. security is
generally a hindrance to users (look at windows' forced updates and the
amount of heat as a result). thus, insecure devices are pushed to market
to stay competitive and then they get comped. hype from tech rags only
exacerbates this.

woe is our industry, for we are our own demise.


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug