Silly IT Security Stories for the Soul

August is media-silly season. Nothing really happens during August–well, except for the beginnings and ends of World Wars and a few other minor things.

August is when the media, those who aren’t on vacation, make up for the lull by covering stupid stories. (That’s not 100 percent correct but it is August, after all. Maybe that explains what happened to Niall Ferguson and Newsweek.) Which is why this is the time of year when the news is filled with reports of shark attacks, baked goods bearing the likenesses of deities and political conventions. 

So why should we here at IT Security Hack HQ be less lazy than anyone else?

In honor of media-silly season here are some truly silly IT security stories:

First, the most upsetting news about Disney and the Internet since I found out that iCarly is actually on Nickleodeon: Shake it Up, a sitcom running on The Mouse Channel, claims that open-source software is insecure. Yep, it’s time for the cage match you always wanted to see: Mickey Mouse vs The Linux Penguin!

Shake is ostensibly about young dancers pursuing their dreams of becoming kid stars who will soon go on to the lucrative field of rehabbing from drugs. Or something like that. Anyway, as The Register so aptly put it, in one “episode a squeaky-voiced, glasses-and-argyle-sweater-wearing kid who is clearly meant to be a nerd, is asked to fix another character’s stricken computer.”

He asks: “Did you use open-source code to save time, and the virus was hidden in it?”

Having determined the cause of the problem our stereotype then says using open source in this way was a “rookie mistake.” That’s Garfield-level comedy gold. (I do not understand how the network responsible for this gem can also bring us Phineas & Ferb.)

And speaking of lame-ass excuses for something, Onity, the company that provides locks for roughly four million hotel rooms around the world, wants the hotels to pay to fix a security flaw that could allow hackers to insert a homemade device into Onity keycard locks and open them in seconds. Such a fix would require hardware changes to every affected lock.

The flaw was revealed at the Black Hat security conference by Cody Brocious, a Mozilla developer. Brocious was able to insert a device he built for less than $50 into the data port on the underside of Onity’s locks. The device read the lock’s memory to find a decryption key, which it then used to access the lock’s firmware and trigger an open command in a matter of seconds.

Oooops.

As Forbes’ Andy Greenberg writes:

“Onity is asking owners of some models of its locks of some to pay a ‘nominal fee’ for the fix, while offering others ‘special pricing programs’ to cover the cost of replacing components. It’s also asking its customers to cover the shipping and labor costs of making hardware changes to the millions of locks worldwide.”

Now that’s chutzpah–but not quite as much as it takes to pass this entry off as a blog post on IT security.