Those who forget past tech are doomed to be hacked

You can have your smartphone, tablet, wearable PC -- hackers are targeting the legacy systems that power our daily lives

Page 2 of 2

And companies that should be pushing for secure modernization aren't. Tell Wells Fargo's CEO that all his ATMs need an OS swap by XP's end of life this April, and he'll likely morph into a berserk hunchback and murder you. Then again, maybe he won't. Let's face it: He doesn't need to migrate his ATMs since he can report to his shaky shareholders, his ferret-faced compliance auditors, and his clueless federal insurance adjusters that Microsoft suckered him into staying on XP by extending malware updates for another year. The hard line simply costs too much, so put off until tomorrow that which you could lock down today -- until 5 million irate customers get off their butts and file a class-action lawsuit.

Hiding in plain sight

Turns out it's the same situation at Target and likely at Needless Markup -- er, Neiman Marcus. Giant data hacks have all guilt-indicating index fingers pointing at the data center. Meanwhile, even though the villains got in through a port-assaulted Web server, the actual malware was found on Target's teeming legion of dusty, sweat- and tear-stained POS terminals. You know them as the common cash registers you use every day at a dozen different places, from Dunkins in the morning to the falafel street meat vendor at lunch to the adult bookstore never frequented on the way home for dinner.

It makes me wonder what other aging technoplatform is a festering malware menace lying dormant until it pounces on your data like a trapdoor spider, dragging your poor bits and bytes screaming into the blackness of the Chinese hackerweb. Is that OnStar-connected trip computer in your car getting ready to send your pot dealer's location to the DEA (or the Better Business Bureau if you live in Colorado)? That Netware server you migrated to TCP/IP and left chugging in a closet for the last 15 years, quietly churning out your payroll -- is it slowly siphoning off 10 cents from everyone's deposits for the last decade and sending it to a prince in the Nigerian royal family?

Hacker breaches and NSA digi-rectal probing have gotten us frightened of today's connected extravagances like Facebook, smart fridges, or the Justin Bieber Twitter feed. It's become bad enough that off-grid-friendly geeks are distributing freedom aids like this guide on erasing your digital footprint. But how do you do that if your online life now extends to the gas pump?

Release the kraken

The Internet of things is fringed by an ever-spinning web of connected pharaoh-cursed artifacts, all innocuous and unconscious parts of your life but created in the '80s and '90s when brute-force modem hacking was the state of the art. Touch one the wrong way and it'll shed its yellowed mummy wrappings and expose a hidden next-gen Cylon that bites your hand off, snatches your credit information, then beams itself back to a cloaked, cross-over-episode Klingon warbird.

We condemn those who've been breached, quietly chiding them for not locking down their Windows Server 2012 Web servers, their Amazon Web Services cloud infrastructure, or the 64GB federal government thumb drives they leave in taxicabs near bars and bathhouses the world over. But we need to be demanding, not condemning.

Apparently we can't stop governments or corporations from data-digging the privacy from all our orifices, but these conveniently oblivious info hogs need to start locking down their stuff -- at least enough to keep out a 13-year-old Ukrainian kid that got bored with bullying his sister on Google+. And not just the brand-new, 80-core ProLiant Xeon E7 behemoths they bought last month, but the AS/400s they bought in 1995, the credit card readers they've had in their stores since 2002, and the computer chip firmware they haven't flashed on 5-, 10-, and 15-year-old machinery that they keep wiring to the Web because it's easier than trekking to the basement once a day. Mail sorters, check processors, bar code readers -- oh god, the list is making me nauseous. Pass the flask!

You can lock down all the curved-screen, 6G, 4K reality-enhanced smart nostrils you want, but if you ignore that 10-year-old SonicWall sitting between your invasively mined customer data and a swirling cyclone of Web malevolence, you're still as vulnerable as a high school weakling wandering around a Hells Angels biker rally.

What security skeletons are hiding in your server closet? Speak up in the comments section or through email:

This article, "Those who forget past tech are doomed to be hacked," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, follow Cringely on Twitter, and subscribe to Cringely's Notes from the Underground newsletter.

| 1 2 Page 2