You May Die from an Airbag

Yes, it is true. Airbags in cars save a whole bunch more lives than they end of costing, but sometimes, on rare occasions, they may take a life that otherwise would have been saved. Almost anyone, except the airbag instigators of the story, below understand the trade offs.

The, I mean published the following irresponsible headline with an obviously un-researched story.

Researcher: Update and You’re Owned

The premise is that many companies update their products using the http, rather than the https protocol. HTTPS is about encryption AKA privacy, not security.

There are attacks against https as well as http. It doesn’t matter what gets downloaded if it is not executed.

If a program requires a cryptographically strong signature before it executes the file then it is far more secure than a program relying only upon https for a sense of false security.

You are magnitudes more likely to get “owned” for not updating than for using a program that updates via http, rather than https.

Shame on TechnologyReview for such an irresponsible headline.

Randy Abrams
Director of Technical Education

Author , ESET

