In a Perfect World…

Recent trouble at the Sky News message board shows that a little common sense goes a long way in security development.

It seems Sky’s system had a simple defense mechanism against spam or DOS attacks. If it received a handful of invalid login attempts on an account within a short space of time, it suspended the account. Which was fine, until someone discovered this, and started using it to disable the accounts of active posters on the board. After someone posted how to do it on the board, others seem to have joined in the ‘fun’, and the social fabric of the board collapsed.

Sky News failed to inform their users as to why their accounts were suspended, and users began to wonder about the security of their account information. When a statement was finally released, Sky attempted to wash their hands of the mess.

But let’s be clear: it’s the troublemakers who are actually responsible for messing things up.

Sure, if there were no “troublemakers,” there would be no need for passwords, but there is a sort of Murphy’s Law of security. If you allow something to be misused, someone will misuse it.