Monday, September 3, 2007

They just don't learn

Sony is in trouble, once again, for putting virus-like "security" software on its products and not letting anyone know it's there.

What's interesting is that this "vulnerability" is being compared to the XCD fiasco. That "vulnerability" was a botched implementation that weakened security, was impossible to remove, and--coincidence of coincidences--even though it used many of the same techniques as viruses, leading antivirus software ignored it. The AV companies just said they worked with "industry partners." Uh huh....

At one time, Sony defined cool in consumer electronics. Today, they're not only user-hostile, they're incompetent.

Read Schneier's book. Or Schneier's other book. Security by obscurity is inherently insecure. And in this case, once again, using products that relied upon it put users at risk.

Yes, security is hard to get right. But you'd think after getting burned on a fundamentally flawed approach that outraged users, outraged regulators, and cost the company millions, they'd have learned their lesson.

Apparently not.

No comments: