Facebook's security is like a "college campus," but they face threats like a "defense contractor"


#1

Originally published at: https://boingboing.net/2017/10/20/equifax-in-waiting.html


#2

I wish I could say I was surprised, but Facebook celebrates a mindset of “go fast and break things” in development, so I am not. The DNA is programmed to reward recklessness and poo-poo security as an afterthought.

My opinion is not based on intimate knowledge of the developers, but on the API’s that I have had to deal with, the way they make radical changes to things like the Marketing API on the drop of a hat, and through their partners into a scramble to keep their apps up to date. Much worse than Google.


#3

#4

This is pretty typical. Just wait until all their user data is publicly breached and then they will start claiming they are “taking it seriously”.


#5

I’ve said it before and I will say it again. This data that FB, Google, Apple etc. have is important to the people who it BELONGS to but we should be using it to show information about areas. For example: want to know if the town you are moving to has high rates of death from diseases, cancer, addiction etc.? FB et. al. know, but the gov’t doesn’t, neither do regular people and I will bet that the executives of these corps. have homes where rates are low. This information is way too important to leave to the corps.


#6

Bleah. Our employment choices are:

  • working at a kindergarten where none of the children nor supervisors give a shit about the consequences of their mistakes and oversights, or

  • working, blindfolded and wearing oven mitts, in a locked down swamp filled with molasses and motor oil, with the Sisyphean task of pushing the IA and OPSEC boulders out of said swamp.

Yay, technology. I should have stayed in the family ranching business.


#7

Just when I finished a several paragraph’s long rant about the suckitude of Equifax… on my Facebook profile.


#8

Do you mean to tell me that yet another technology company has sacrificed security for expediency? Well, bowl me over with a feather, why don’t you?


#9

And with those two changes, I could describe much of my career in infosec.


#10

This topic was automatically closed after 5 days. New replies are no longer allowed.