Comment by SamInTheShell
2 days ago
It's 2025. The ISP gateway I got comes with more default security than these cameras. The barrier to entry on security is lower than it ever has been in history. Whoever let this past the QC phase is an idiot.
2 days ago
It's 2025. The ISP gateway I got comes with more default security than these cameras. The barrier to entry on security is lower than it ever has been in history. Whoever let this past the QC phase is an idiot.
> Whoever let this past the QC phase is an idiot.
It's all a matter of perspective. I'm sure to some executive somewhere, the person/s who approved all of this is seen as heroes, as they shaved of 0.7% or whatever from the costs of the development, and therefore made shareholders more money.
Until there are laws in place that makes people actually responsible for creating these situations, it'll continue, as for a company, profits goes above all.
It probably makes close to no difference in development or production, but it does significantly cut down on the number of tech support calls from people who can't figure out how to set the password, or immediately forget the password they set. If it has no password then you can just plug it in an have it work. Sure it's totally insecure, but its also trivial to install.
Generating a password that is unique to the device and print it with a sticky label on the underside of the device isn't exactly rocket-science, and ISPs somehow figured this out at least two decades ago, which was the first time I came across that myself. Surely whoever developed this IP-camera has an engineering department who've also seen something like this in the wild before?
5 replies →
Yep. Until we start holding decision makers responsible for the consequences of their decisions, they will always choose the selfish option.
So you're trying to justify this type of rampant negligence in tech? Do you think justifying such malfeasance makes up for fact we literally have surveillance networks that bad actors can tap to do really awful things?
Anyone that cares about their perspective has missed the point.
I don't think the person you're replying to is justifying it, but saying there's no laws to prevent the abuse.
Personally I think tech CEOs should be put in stocks in the town square on the regular but they're protected from any form of repercussions besides extreme cases of fraud. Even then, they're only held accountable when the money people have their money effected, not when normal people are bulldozed by the abuse.
4 replies →
> So you're trying to justify this type of rampant negligence in tech?
Don't know how you reached that conclusion, I obviously isn't trying to justify anything. But maybe something I said was unclear? What exactly gave you the idea I'm trying to justify anything of this?
1 reply →
An explanation is not a justification.
Why stick your neck out, swim upstream to do a good job that will not be recognised as such?
Fix the corporate incentives and engineers will be able to do the right thing without suffering. Not everyone gets the luxury of a secure career doing morally ok things.
Counterpoint: whoever let this past the QC phase got paid very generously, and everyone involved is ignoring the laws that already exist to combat this, because law enforcement, too, gets paid generously. And the laws that forbid that aren't getting enforced because the police doesn't police the police, and dad has made it perfectly clear that flagrantly ignoring the law is fine if you're in power.
What makes you think QA/QC is paid handsomely? It's a bloody cost center mate, and you can't measure "damage prevented" consistently, or at least in a way most high-risk tolerating exec types won't immediately undermine.
t. Former QA veteran