from the nerd-harder,-nerds dept
Late August, TorrentFreak was contacted by security researcher Chris Vickery of MacKeeper.com who told us that while conducting tests, he’d discovered an exposed MongoDB database that appeared to be an integral part of Awards-Screeners.com.While some will just look at this and mock Hollywood for bad security practices, it does raise more serious questions: if Hollywood can't figure out its own (basic) technology issues, why does it think that the tech industry should solve all its problems for it? If it doesn't even understand the basics, how can it insist that those in Silicon Valley can fix the things that it doesn't understand itself?
“The database was running with no authentication required for access. No username. No password. Just entirely exposed to the open internet,” Vickery told TF.
The researcher’s discovery was significant as the database contained more than 1,200 user logins. Vickery did not share the full database with TF but he did provide details of a handful of the accounts it contained. Embarrassingly, many belong to senior executives
We're already seeing this with the MPAA's ridiculous and misguided freakout over the FCC's plan to have cable companies offer up app versions so that authorized subscribers can access authorized, licensed content. The MPAA and its think tank friends keep falsely insisting that the FCC's recommendation requires the cable companies to ship the actual content to third parties. But the plan has never said that. It only required that third-party devices be able to access the content -- such as by passing through credentials so that the content could flow from the (licensed) cable service to the end user.
The fact that these guys don't seem to understand the basics of how the technology works comes through not just in the fact that they failed to secure their screener system, but also in the policy proposals that they keep making. It's becoming increasingly difficult to take those policies seriously when they seem to be based on a fundamental ignorance of how technology actually works.