Security by default takes one step forward, two back

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

The out-of-the-box security settings for Apple's new iPhone 5s are just the latest example of security innovations becoming security liabilities

It seems that every time we take a step toward better security by default, we end up taking one or two back just a short while later. Take the iPhone 5s. It's got that fingerprint scanner, betokening renewed attention being paid to security. But it also has what I'd have to call reckless out-of-the-box security configurations.

Let me give you a bit of context. My first encounter with the security-by-default wars was way back in the early 1990s, when Sun Microsystems famously and consistently delivered its systems with a "+" in its /etc/hosts.equiv files.

What's the big deal? Well, that little "+" resulted in every default-configured Sun machine trusting (for remote logins and file system mounts) the entire network to which it was connected. To exacerbate the problem, in those largely firewall-free days of the Internet, it meant that a default-configured Sun ended up "trusting" the entire Internet.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies