It's not often that my job skills and my hobby collide. But this is a lesson in why you need to get anything that connects to the Internet tested, and how to handle a cyber security incident.
So user Ok-rub-449 posted on Reddit today about how they woke up to a strange print that appeared overnight on their printer.
The user in question uses Octoprint and has also enabled The Spaghetti Detective as a plugin to spot whether the prints are failing. Now normally this is only enabled for your particular printer as it requires a special authentication token to allow access. However it would seem that during some updates that occurred on the developers side a serious security flaw was introduced.
Now this leads me on to how you should respond to issues like this. Whenever you get a security incident the best policy is to acknowledge it, inform people, make it public and learn from it. It's no secret that I used to work for BlackBerry for nearly a decade until I was made redundant due to downsizing in 2018. And I certainly had my fair share of Security concerns drummed into me by a Company that puts security first. But even they are not immune to hiding and not publicly acknowledging issues.
But to go back to the TSD issue, the Developer and Founder of TSD found the issue relatively quickly, fixed it and made sure that the affected users were aware of the situation. Moreover they actively responded to the reports and discussions that occurred regarding this. It's not like other companies who just clammed up about issues.
Apologies for the graphics light, link heavy writeup. But it needs to be said. Security by obscurity is no security at all.
No comments:
Post a Comment