nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Deutsche Telekom hack suspect arrested at London airport

Silver badge

It's like rattling on a door to break in...

... and have the whole house collapse.

Of course nobody blames Deutsche Telekom for having their TR-069 open to all the world instead of limiting it to the IP-range of their ACS servers.

3
0
Anonymous Coward

Re: It's like rattling on a door to break in...

Of course nobody blames Deutsche Telekom for having their TR-069 open to all the world instead of limiting it to the IP-range of their ACS servers.

If you find a weakness, you inform the owner or operator. If you use it to cause harm, you are committing a criminal act. If you're smart enough to find such a weakness, it can be safely assumed that you also know right from wrong so if the evidence is solid I have zero problems with people like being locked up.

5
0

Re: It's like rattling on a door to break in...

IIRC wasn't this the same attack that affected Talk Talk & KCOM routers?

(Allegedly, he quickly adds).

0
0

Re: It's like rattling on a door to break in...

@Anonymous Coward

My reading of Mr (my assumption) Berger's original post does not reveal, to my limited wit, any view that the perpetrator, if the suspect did indeed perpetrate the penetration, should not suffer consequences.

What I did read was a prediction/ opinion that the company penetrated will suffer _non_ consequences (legally or financially at least) for not bolting the stable door properly in the first place.

While no infrastructure or application can ever be declared 'impenetrable', bean counters and people who's bonuses depend on short term cost cuts and shorter term apparent profits will never decide to spend money on stable door bolts until and unless there is a penalty (and a painful one) for not doing so.

At least, that's my view. Of course, I'm an Idiot... (blush).

3
0
Silver badge

Re: It's like rattling on a door to break in...

While no infrastructure or application can ever be declared 'impenetrable', bean counters and people who's bonuses depend on short term cost cuts and shorter term apparent profits will never decide to spend money on stable door bolts until and unless there is a penalty (and a painful one) for not doing so.

You have highlighted a genuine problem. How long should elapse between market release and hack before any decision is made about the security of a device? At one end of the scale anything that gets hacked within a day or two of going into service clearly has inadequate security. If, however, the product survives (say) three years before succumbing to an attack would you come to the same conclusion? If you would, at what point would you come to a different conclusion? As you yourself said "no infrastructure or application can ever be declared 'impenetrable" so how long between release and hack can be described as "adequate" or better?

I'm all for punishment of the C Suite for a multitude of reasons but there has to be a degree of fairness to it, even if only a teensy weensy little bit.

2
0
Happy

Re: It's like rattling on a door to break in...

How long should elapse between market release and hack before any decision is made about the security of a device?

Industry standard is 6 months.

If the manufacturer doesn't make any responses, then you can either publish the exploit/vulnerability (minus the codes or procedures) or "take it to the next level".

0
0
Silver badge
Paris Hilton

So, not Putin?

If this goes on, he will have to sell his hollowed-out, democracy-destroying volcano inhabited by leather-clad goons and slavic ballbuster dames who are also good in bed.

What a loss in standing.

0
0

LONDON !!?? airport

--Other Sources-- have specified Luton airport. Luton airport is NOT:-) a London airport unless you're a Luton Airport marketing drone.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing