SQL Injection Everywhere

  • djackson 22568 (4/11/2011)


    My vehicle has automatic lights - I never use them. I, imagine this, actually know where the switch is and use it when appropriate.

    It's not quite the same thing, but do you use Intellisense? SQL Prompt? The clipboard to copy and paste code?

    I'm sure you know how to write the code each and every time and all the methods and properties of each and every class, table, view, etc. but you probably use these things to make your coding more eficient.

  • Jeff Moden (4/10/2011)


    I think people have really gotten silly with computers. I mean, c'mon! Why would anyone connect a bloody washing machine to the internet?

    On the surface I agree with you, however there are benefits to a better load balancing of the electrical system by scheduling loads. However you can't necessarily schedule them yourself. If the power company could send a signal to your house to start high energy loads, like your washer, your dishwasher, or even charge up a car (someday), there could be an efficiency value.

    It's not so much that I think this is a great convenience and I wouldn't really like to control my fridge or washer remotely, but on a large scale, I think there's merit here somewhere.

  • blandry (4/11/2011)


    Welcome to the future; a hackers paradise of ill-thought out technological wonders.

    Very true, but I wouldn't think this is the case because someone invented a convenience. Only because they didn't secure it.

  • Joe Johnson-482549 (4/11/2011)


    First, you mention that turning up your refrigerator is not that bad, but what if it was more malicious -- say they turn it up while you're gone during the day, then turn it back down in the evening. You may not be aware that your food is potentially unsafe. Botulism and other types of food poisoning can be life threatening.

    I think it speaks volumes about human nature when one of the biggest selling items is an aluminum wallet.

    Scary. That would be an issue. Really we need "alarms" set here. That could happen now with a faulty power system or even condenser. Be nice to be alerted when something has failed.

  • jay holovacs (4/11/2011)


    There is LOTS of silly fluff in cars, and lots of unnecessary automation. If you can't determine when you need your wipers on, you do not belong behind the wheel. And an unexpected activation of the wipers might be more of a distraction than reaching for the knob.

    We don't need to talk to our cars. We don't need the many additional points of failure that occur when basic functionality becomes dependent on a central computer.

    One side point is that the manufacturers now have a guaranteed source of income: many things are impossible to change on a care without a visit to the dealer to have the computer updated (such as adding trailer lighting, or adding speakers to the radio).

    CRINGE! Limited focus? No offense intended, but anyone who is that limited should not be driving. I have this image of some 90-year old, ready to die any second, barely able to see the windshield, much less the road, person driving a huge Escalade or some other monstrosity because "I have a right to drive and you can't stop me!"

    Two quotes, and I think that we are adding too much to our cars. At least more than I like. I don't like auto lights, and I don't like talking to cars. In some sense, I think this distracts us more. The voice control in my Prius is so annoying and distracting since it rarely works that I never use it.

    I also hate the lock in. I can't go get another key for my Prius because it's some computer chip locked in $300 key. I do like the proximity sensor, but I don't want to be prevented from using a regular key if I need it. I don't like being locked in to certain radios either.

    We have gotten silly in the US with driving. It's a "right" to most people, but it isn't, and as much as I hate the DMV, I do wish that we'd force everyone to take a new, real, hard driving test every 4-5 years. It might just help a few people learn how to drive better.

  • Steve Jones - SSC Editor (4/11/2011)


    blandry (4/11/2011)


    Welcome to the future; a hackers paradise of ill-thought out technological wonders.

    Very true, but I wouldn't think this is the case because someone invented a convenience. Only because they didn't secure it.

    I realize this was an arbitrary example, but there's another point. Really, why do we need remote control on a fridge? Why would we need remote control of our electrical power?

    My point is, yes there are valid reasons for putting some stuff online, but no one needs an internet connected toaster. SQL server has surface area configuration where most stuff is disabled by default; yet our consumer product manufacturers are going headlong in the other direction.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Dennis Wagner-347763 (4/11/2011)


    djackson 22568 (4/11/2011)


    My vehicle has automatic lights - I never use them. I, imagine this, actually know where the switch is and use it when appropriate.

    It's not quite the same thing, but do you use Intellisense? SQL Prompt? The clipboard to copy and paste code?

    I'm sure you know how to write the code each and every time and all the methods and properties of each and every class, table, view, etc. but you probably use these things to make your coding more eficient.

    No, I don't know every time, but even if I did, there is a major difference. Prior to Excel showing me the formula name and parameters, I had to use help for seldom used functions. During that time my car didn't crash. If I depend on automatic wipers and lights, and then drive a car without them, when I need to turn them on I am not focused on the road, I am looking around the interior. That is never a good thing. I have actually seen drivers come to a stop for a few seconds before signaling in some way, because they didn't know where it was!

    Outside of the car, we have to deal with traffic lights that are programmed stupidly because the worker is inept, or the designer is, costing billions in wasted fuel. Tell me why a sensor is good on a rural county road, when it overrides the state highway traffic to the point that the rural road has a green light three times as long as the state highway? The fault of the sensor? No, even though that is what the dept of trans says. It is the fault of idiot who doesn't understand how to use technology wisely, that simply programs it to turn the light green as soon as a car appears. Never mind that the state highway traffic hasn't even cleared their last red.

    There are reports of drivers who really thought their cruise control meant they didn't have to watch the road. Urban legends? Probably, but the fact that we can see someone being that stupid speaks to how overboard our dependence on technology has become, in the wrong areas.

    Intellisense saves me time, on a task I repeat hundreds of times a day. Wipers? Come on.

    Dave

  • Years ago, I read an article about experiments with web scent devices. Just like audio, it would basically be a device that sits on your desktop and contains chemicals for reproducing a variety of smells based on coding from the website one is visiting. The potential for abuse is obvious.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • djackson 22568 (4/11/2011)


    ... If I depend on automatic wipers and lights, and then drive a car without them, when I need to turn them on I am not focused on the road, I am looking around the interior. That is never a good thing. ....

    I was actually involved in a minor accident because the driver of the other car (black car, dark, rainy night) was so accustomed to the headlights coming on automatically that she did not notice they weren't on.

    Boeing has, after much research, made a conscious decision to NOT automate everthing possible. They have found that pilots become much less alert when they have to spend time with little to do.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Steve Jones - SSC Editor (4/11/2011)


    On the surface I agree with you, ... If the power company could send a signal to your house to start high energy loads, like your washer, your dishwasher, or even charge up a car (someday), there could be an efficiency value.

    Hmmm, government is already way out of hand, companies have way too much power, and the individual is quickly being outlawed in this country. While other countries are revolting against their governments, we sit back and grant ours more and more (unconstitutional) power over us. This is encouraged by the media and large corporations. Our current so-called-leader wants to use cap and trade to force even higher unemployment on us, while shifting jobs to countries with little or no polution controls. Should I trust our government or corporations with control over my home? Not a chance.

    Don't get me wrong, I see some advantages just like you do, but it comes down to trust. Which is something most Americans lost some time ago.

    Dave

  • At the risk of planting an idea in somebody's head (mental picture: Beavis and Butthead at a computer keyboard) I'll deliberately generalize. Hospitals use a [lot] of wireless for their remote sensing as well as "connected" devices that control dispensing - not necessarily to a patient but think about things like the pharmacy. What one (or in B&B's case, two people/one brain) might consider a prank could be potentially fatal. I like the idea of everything with a plug having an IP address [as long as there's bulletproof security wrapped around it].

    Having my washing machine email me when I'm low on detergent, my furnace text me when my filter needs to be changed or my watering system let me know it turned itself off because excessive water use was detected and I may need to look for a sprinkler head that blew off are all valid reasons to "connect" household stuff and I applaud that but the risk of having that automation needs to be weighed against the potential harm done by a Butthead.

  • Dave/Jay,

    Connecting a smart appliance to an IP network (not necessarily the Internet) is about efficiency, grid balancing.

    The electrical grid balancing is not necessarily about government, but more about helping power companies deal with load and investment. They might offer discounts for allowing them to balance the demand, or perhaps create penalties if you don't.

    The investment for more power is a large one for the utilities, and often they are trying to cope with peaks that occur in the system. If they can smooth out the demand, they can more efficiently meet demand.

  • Steve Jones - SSC Editor (4/11/2011)


    We have gotten silly in the US with driving. It's a "right" to most people, but it isn't, and as much as I hate the DMV, I do wish that we'd force everyone to take a new, real, hard driving test every 4-5 years. It might just help a few people learn how to drive better.

    Amen to the idea, I just don't have any faith that it would work.

    Dave

  • jay holovacs (4/11/2011)


    djackson 22568 (4/11/2011)


    ... If I depend on automatic wipers and lights, and then drive a car without them, when I need to turn them on I am not focused on the road, I am looking around the interior. That is never a good thing. ....

    I was actually involved in a minor accident because the driver of the other car (black car, dark, rainy night) was so accustomed to the headlights coming on automatically that she did not notice they weren't on.

    Boeing has, after much research, made a conscious decision to NOT automate everthing possible. They have found that pilots become much less alert when they have to spend time with little to do.

    I agree with that. Essentially it comes down to stimulation. If our brains are stimulated bad things happen. On a macro scale, people who read, even fiction, tend to be more alert and maybe even more intelligent than those who don't. Whether we are talking about long term exercise of the brain, or short term when piloting a plane, the results are proven.

    Dave

  • I'm not sure I think it will work that well, but I do think that we do have electrical issues in the grid and at some point we'll have an attack on the grid, or a failure because of peaks/loads.

    Not sure who has to make some changes. I'd like to make it free market, but the short term, what's my profit this quarter, mentality of many companies means they delay investments or won't make them without some prodding.

    Really I'd like to see insurance companies that force some of these companies to have better security and better forward looking plans, and perhaps government being stricter on the risk insurance companies have to deal with to force the free market to get smarter.

Viewing 15 posts - 16 through 30 (of 46 total)

You must be logged in to reply to this topic. Login to reply