LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Wireless networking driver vulnerabilities

Wireless networking driver vulnerabilities

Posted Jul 13, 2006 14:08 UTC (Thu) by eskild (subscriber, #1556)
Parent article: Wireless networking driver vulnerabilities

I think some of the reasons why securty lessons don't seem fully applied to new designs are:

* It is really, really hard to do a good, secure design
* It thus takes a lot of time and effort to do
* But customers want "feature X" NOW, NOW, NOW, or that's at least what everybody seems to think

Who wins? Money wins: Provide a product ASAP, even if security is mediocre, and sell tons of units. Sad part is that the customers are the ones to suffer at the end.

Another observation is this: If a product/design with lousy security gets "first-mover" advantage in a market and sales booms, then it may live for years, perhaps decades, before being replaced with something better. That's a huge windows of vulnerability. Think Telnet, FTP, and any clear-text protocol you may care to mention. They're still with us, even though they should have been put to rest years ago. Think wireless WEP security -- "wired equivalent" security, anyone?! OMG! (On a sadistic note, think Fortran, think Cobol! (OK, Only kidding! ;-))

Enough ranting. Thanks for reading.

(Log in to post comments)

Wireless networking driver vulnerabilities

Posted Jul 13, 2006 14:45 UTC (Thu) by mmarsh (subscriber, #17029) [Link] 

> That's a huge windows of vulnerability.
                ^^^^^^^

Freudian slip?

I actually heard an add on the radio recently for a company looking to hire Cobol programmers.

Wireless networking driver vulnerabilities

Posted Jul 14, 2006 8:38 UTC (Fri) by eskild (subscriber, #1556) [Link]

Hahaha, didn't catch that when I wrote it 8-) Thanks, your comment made me laugh.

Re. Cobol: I think someone once said something along the lines of: "The mistakes we make will come back to haunt us, indefinitely." Well, maybe not indefinitely, but for a long while; decades. It's funny how we always underestimate how long our systems remain in production use. Technology is very uneven that way: Some (albeit few) people still run on VAX machines today, but we sometimes worry that we won't be able to read our digital content 10 years from now because of newer formats replacing the old. It's very hard to predict what has longevity and what hasn't.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds