How Secure Are Our Software Systems

[optomist1]

Full disclosure...I have some coding and software QA experience...learning more each day. However below is a quote from (circa 1986?) Magnum PI, episode "Computer Date", for discussion purposes after reading the quote how secure are our software based systems? Certainly they are much more capable, and complex, yet the question remains

..."your entire computer coding system is vulnerable to outside interdiction,...Yes I know but my investigation indicates that it is technically possible for someone to enter their own program into the accounting computer and rip the company off..." Magnum PI CBS

 

[Marc]

You haven't kept up with reality. There are many intrusions, even on phones, regularly. Tiny companies and huge corporations.

Yes, it is still true. Even worse these days.

 

[yodon]

As @Marc says, it's true. A number of institutions (including hospitals) have been held hostage by cryptolocker ransomware schemes, many medical devices have been shown to be hackable (which could, for example, turn off a pacemaker or change the delivery by an infusion pump), and on and on. It's far more complex than just putting something in the accounting software to siphon off funds.

 

[Ninja]

It makes me wonder sometimes how hard to try when major Cybersecurity firms get hacked too.
Makes me wonder if my tiny little self is served best by security through obscurity...

 

[Marc]

There are ways to simply send someone a SMS. The person doesn't even have to look at it and they are 'hacked'. E.g.: Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones NOTE: Apple has closed this vulnerability, but there is also an Android version.

Also: Major Data Leaks and How to Prevent Them

I forget the name, but a recent biggie was a sys admin hack that affected thousands of companies.

Also: 2020 had its share of memorable hacks and breaches. Here are the top 10

 

[Tagin]

I forget the name, but a recent biggie was a sys admin hack that affected thousands of companies.

That was the SolarWinds supply chain attack. Its in the top 20 link you provided.

Another big supply chain attack was NotPetya in 2018, that took down shipping giant A.P. Møller-Maersk. This was a good story about it:
The Untold Story of NotPetya, the Most Devastating Cyberattack in History

 

[optomist1]

Hi Marc...that breech/hack is in part what precipirated the post, shortly thereafter I watched the above episode...it produced a profound & perverse chuckle of sorts out of a firm and persistent need to be vigilent of all things software...as you well know running the Cove, which is excellent!!

 

[Jen Kirley]

Full disclosure...I have some coding and software QA experience...learning more each day. However below is a quote from (circa 1986?) Magnum PI, episode "Computer Date", for discussion purposes after reading the quote how secure are our software based systems? Certainly they are much more capable, and complex, yet the question remains

..."your entire computer coding system is vulnerable to outside interdiction,...Yes I know but my investigation indicates that it is technically possible for someone to enter their own program into the accounting computer and rip the company off..." Magnum PI CBS

I think just about all software has some kind of vulnerability. Penetration relies on people getting past the "firewall" so they can probe the software an organization operates. People are the weak link which is why so many astute IT organizations have put in place phishing drills, password requirements, and limits to admin controls that can introduce malware into networks. Then there is the risk of relying on someone else's product. On the day upon arriving at work after the SolarWinds debacle, my husband shut down his server running off that service and rebuilt the functions using Linux, which he took an interest in years ago.

All of this is old stuff of course, just made fresh by the most recent slap in the IT face.