BLOG: Those who forget past tech are doomed to be hacked

Robert X. Cringely

Forget about '70s key parties. To the technorati of today, the '91 U2 Zoo TV Tour is a laughable prehistoric legend like druidism or Atari. On with the new and bury the old — even if it's stuff you use every day like ATMs, 95 percent of which happen to run Windows XP. Ye gods!

Windows XP was a great OS in its day, but as far as its technical life goes, most of its developers have died and been entombed on Mercer Island in sarcophagi lined with solid gold 3.5-inch disk drives. After all, one year in real life equals about 10 years in technorelevance. Security hacks keep getting smarter, but we keep using the same old appliances with the same old firmware that's become dangerously feeble and pockmarked with age. We can't stop Scotch-taping RJ-11 ports to that crusty old crap and connecting as much of it as possible to the wingnut-named "Internet of things" and by extension everything else in our lives, then forgetting about it again. No one wants to think about ATMs — they want to think about LTE. For frak's sake, didn't anyone see "Space Cowboys"?

And companies that should be pushing for secure modernization aren't. Tell Wells Fargo's CEO that all his ATMs need an OS swap by XP's end of life this April, and he'll likely morph into a berserk hunchback and murder you. Then again, maybe he won't. Let's face it: He doesn't need to migrate his ATMs since he can report to his shaky shareholders, his ferret-faced compliance auditors, and his clueless federal insurance adjusters that Microsoft suckered him into staying on XP by extending malware updates for another year. The hard line simply costs too much, so put off until tomorrow that which you could lock down today -- until 5 million irate customers get off their butts and file a class-action lawsuit.

Hiding in plain sight
Turns out it's the same situation at Target and likely at Needless Markup -- er, Neiman Marcus. Giant data hacks have all guilt-indicating index fingers pointing at the data center. Meanwhile, even though the villains got in through a port-assaulted Web server, the actual malware was found on Target's teeming legion of dusty, sweat- and tear-stained POS terminals. You know them as the common cash registers you use every day at a dozen different places, from Dunkins in the morning to the falafel street meat vendor at lunch to the adult bookstore never frequented on the way home for dinner.

It makes me wonder what other aging technoplatform is a festering malware menace lying dormant until it pounces on your data like a trapdoor spider, dragging your poor bits and bytes screaming into the blackness of the Chinese hackerweb. Is that OnStar-connected trip computer in your car getting ready to send your pot dealer's location to the DEA (or the Better Business Bureau if you live in Colorado)? That Netware server you migrated to TCP/IP and left chugging in a closet for the last 15 years, quietly churning out your payroll -- is it slowly siphoning off 10 cents from everyone's deposits for the last decade and sending it to a prince in the Nigerian royal family?

Previous Page  1  2  3  Next Page