The implications of security in today's wireless world

Russell Beattie posts a response to the Paris Hilton hack.

He raises key points that there are much larger issues in any security break than just the person it has happened to. It has an effect on all of those in the data which the device contains. He also notes that with current technology it even provides the potential for stalking behavior (although he also says that was not likely the case in the Paris Hilton hack).

Russell raises the excellent point that there are many companies which are currently trying to provide services for you which involve holding a lot (if not all) of our personal data which can change our lives - both for good bad. These companies are doing this with the intention of helping us and also clearly they want to make money by providing this service.
Sadly, those two things aren't especially synergistic and frequently things will be done half-assed in order to get them out faster and making money sooner. The result shows in things such as T-Mobile's massive bad publicity (and let's not forget Danger too) on this hack through very basic security issues that should have been accounted for in a well tested end product.

Having worked at several companies which provide services to support this sort of thing, I am aware of what needs to be done and what frequently isn't done. It isn't that the engineers are incompetent - frequently they raise the issue of what needs to be done. But someone higher-up will override the decision to make it perfect and be fine with "good enough" in order to get the product out the door.
This might be just fine in the cases of some products - but in the case of something which contains such vital information of your clients - it is not something to try to rush out.
If a project manager or his/her superior has experience making product XYZ and knows that they can cut corners to get it out faster and beat their competition, that doesn't necessarily make them an expert on product/service ABC.

Russell raises great points and it is something that frustrates many a developer out there on projects such as these.

But then near his closing he craps on it all by sneaking in (with hinted FUD too) that his employer is Yahoo and they are the ones to trust to do all of this correctly. While I may even agree with him that Yahoo certainly does do many of these things right (as do Google, A9/Amazon, and probably plenty of others) - that article is not the place to go on saying that they are the cure to what ails this problem.
Any company can fall prey to this - certainly T-Mobile and Danger never sat around and decided that they were going to be weak on it. So the fact that Yahoo feels they are going to do things perfectly means nothing as well.

A good blog entry, but let's leave the ads and FUD out.

Posted by Eric at February 22, 2005 02:09 PM | TrackBack