Wednesday, July 15, 2009

Hacking and security

When people think about security and hacking, they often think that hackers have to do incredible things to get access to systems and data. The truth is typically much more mundane. Many people and organisations do use software that is not secure. Many systems do not have all the latest patches. for all the "industry standard software" there are exploits. Typically hacking is using an exploit.

When software makes it hard to gain access to something, some people would call this a "security feature". But to make something truly secure, the software has to be written in such a way that it is designed to make it hard to get at the something.

The producer of "zoomify" explicitly says that their software should not be considered a security feature. That may make sense on several levels
  • the software was not designed with security in mind
  • the producer does not want to be liable for any exploits of the software
This does however not mean that exploiting this weakness is not as much a hack as abusing known exploits in "industry standard software".

1 comment:

brady said...

yeah, right Gerard.