Tuesday, July 28, 2015

So much security fail

Maybe it's just me, but if I were to design a safe, I wouldn't make it electronic.  Safes have been around for years and years, and any software you might add almost certainly would make it less safe.  Case in point:
"One of the main vulnerabilities we are focusing on comes by way of a USB port that is on the exterior of the safe," Salazar told eWEEK. "We have created a little tool that we can just plug into the safe, wait 60 seconds for the tool to do its work, and then the safe doors will open and you can take all the cash out."
Other than that, it's totally safe.  Right?  Oh, wait:
It might raise eyebrows that the operating system that powers CompuSafe Galileo is Windows XP, which Microsoft no longer supports.
[blink] [blink]

This is why we can't have nice things - they all have software.

5 comments:

  1. Why on earth use a full blown OS like windows for a device that only does 2 things? (open/close, and reset combination)? Seems like a purpose-built program would be tighter, faster and more secure.

    And the USB port should be INSIDE the safe.

    ReplyDelete
  2. Heck, a small MSP430 running OpenRTOS - or something even smaller - could do the job quite nicely. Simpler hardware requirements, too.

    ReplyDelete
  3. Good Lord, what kind of idiot designed this?

    or maybe he was a genius, who was planning on robbing theses safes?

    ReplyDelete
  4. Spike, the idiot who designed this read http://www.jokeindex.com/joke.asp?Joke=159 and didn't realize it was a warning, not a guide.

    ReplyDelete
  5. They used Windows XP because programmers are used to it, and it's fairly easy (cheep) vs using an embedded OS, which requires hiring somebody that knows what they're doing.

    I agree about the USB port, though.

    Put the damn thing inside the safe, and then you could use an Arduino, Raspberry Pi, or even a PIC to handle the job!

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.