c nerd
horizon

<< zero day c nerd luxembourgish >>
image: luxembourg

A few years ago, I worked in Dublin for a software security company. They specialised in identity security.

This was around the time that the computer press was reporting that car manufacturers were introducing computer networks into vehicles to allow components to communicate with each other. It was obvious to me that these networks could become the target of malicious hackers. An obvious purpose might be to steal a car, or take control of it, or simpy clock it. It didn’t occur to be hacking could be used to harm the car’s occupants.

I felt that car manufacturers, not being familiar with computer security, were likely to underestimate the prospective problems and consequences of not building in basic security to their equipment.

Recent press stories have shown that my foresight, not exactly a hard–to–conceive foresight, was right. Stories this week include Tampering with a car’s brakes and speed by hacking its computers: A new how-to (arstechnica), Car key immobiliser hack revelations blocked by UK court (BBC), and Car hackers use laptop to control standard car (BBC).

A lot of these hacks work because the various computers in the car don’t know other computers from jack. They presume the message they receive is from a genuine source. They have no concept of identity, neither their own nor other components. My employers of the time specialised in computer identity.

But you’ll notice I no longer work at that company. I moved on. One of the reasons I moved on was this specifically.

I was exploring this subject, which I felt would make a good target market for the company, and on which I have now been proven right, when I was told off for looking at web pages of cars. I was publicly told off. In front of everyone.

What really annoyed me was two things:

— The person who told me off did not have the intelligent to ask why I was looking at vehicle web pages, he just presumed, and had a go at me;
— He just presumed, and had a go at me;
— He never had the intelligence to ask why I was doing what I was doing;
— He never apologised for being stupid at my expense;
— He never took responsibility for his mistake;
— Most of my colleagues didn’t understand my anger.

The real problem was, of course, that this company could permit that style of management. That’s why I left the place. Poor management is an infection, and that company was infected. This infection can only be fixed from the top, not from where I was.

The products of their software should be in cars, preventing a lot of today’s security problems. They’re not. Now you know one reason why.

Hah: I’m glad I got that out. It should have been a poem. I’ve got to work out how to write now I’m no longer alone.

29.7.13

arts & ego

poem
photo
music
blog

content
product


blog

list
sea nerd

c nerd

2013
2012
index

2013

part 7
part 6
part 5
part 4
part 3
part 2
part 1





this archive is hosted by arts & ego
© 1978–2024 dylan harris