I love this Google Play store review of the NissanConnect app which had such terrible security issues recently:
I may print and frame this: pic.twitter.com/P0hu7E08GQ— Troy Hunt (@troyhunt) March 17, 2016
I join a long line of stupid security folks who’ve messed things up for other people. Sometimes people have been unable to purchase things just because a stupid researcher found that credit cards may be stolen. Or unable to use government services because another stupid researcher found personal info may be exposed. How inconvenient!
It’s like that stupid doctor I saw that time who told me I had pneumonia and made me rest up. What a dick.
Or the stupid local government that makes us put a fence around the pool. They’re my kids running around the place, dammit!
Whilst there is stupid security, we need more stupid security researchers. Not everyone will always agree with you, but we need you to help make the web a safer place. As a permanent reminder that sometimes you need to upset the minority in order to better protect the majority, I did indeed print and frame that app store review:
People will get angry. They’ll blame you for the ills created by others. They’ll accuse you of all sorts of things with reckless, irrational abandon. If you’re cranky about negligence such as this being called out then just be patient, there’s much more for you to be mad about yet.
Don’t be Melvyn. Be bold and stupid and whatever else it takes to approach security like this ethically, yet effectively. The world needs more stupid security researchers!