Hollywood Keeps Insisting Tech Is Easy, Yet Can't Secure Its Own Screeners
from the nerd-harder,-nerds dept
We keep getting back to the whole “nerd harder” aspect of those who don’t understand technology insisting that technology can accomplish just about anything, if those darn techies would just put their minds to it. We’ve seen it a lot in the encryption fight, but it’s also been a big part of the copyright fights as well — with Hollywood in particular repeatedly insisting that if these darn techies are so bright, why can’t they just create technology that stops infringement. Of course, it doesn’t work that way, but the industry still never seems to get it. A good reminder that technology isn’t easy should come from this TorrentFreak story, noting that the “secure” system that Hollywood now uses to send out “screener” copies of movies had some pretty serious vulnerabilities, as found by Chris Vickery.
Late August, TorrentFreak was contacted by security researcher Chris Vickery of MacKeeper.com who told us that while conducting tests, he?d discovered an exposed MongoDB database that appeared to be an integral part of Awards-Screeners.com.
?The database was running with no authentication required for access. No username. No password. Just entirely exposed to the open internet,? Vickery told TF.
The researcher?s discovery was significant as the database contained more than 1,200 user logins. Vickery did not share the full database with TF but he did provide details of a handful of the accounts it contained. Embarrassingly, many belong to senior executives
While some will just look at this and mock Hollywood for bad security practices, it does raise more serious questions: if Hollywood can’t figure out its own (basic) technology issues, why does it think that the tech industry should solve all its problems for it? If it doesn’t even understand the basics, how can it insist that those in Silicon Valley can fix the things that it doesn’t understand itself?
We’re already seeing this with the MPAA’s ridiculous and misguided freakout over the FCC’s plan to have cable companies offer up app versions so that authorized subscribers can access authorized, licensed content. The MPAA and its think tank friends keep falsely insisting that the FCC’s recommendation requires the cable companies to ship the actual content to third parties. But the plan has never said that. It only required that third-party devices be able to access the content — such as by passing through credentials so that the content could flow from the (licensed) cable service to the end user.
The fact that these guys don’t seem to understand the basics of how the technology works comes through not just in the fact that they failed to secure their screener system, but also in the policy proposals that they keep making. It’s becoming increasingly difficult to take those policies seriously when they seem to be based on a fundamental ignorance of how technology actually works.