A backdoor, in reality
" Use of hard-coded credentials"
That's technically a backdoor for the company: They'll always have an access, client can't do anything about that.
It would be relatively easy for miscreants to break into critical datacenter power management gear, shut off electricity supplies to multiple connected devices, and disrupt all kinds of services — from critical infrastructure to business applications — all at the press of a button. This claim was made by Trellix security …
It is 2023, and yes, we are still talking about hardcoded credentials. And that's before we even think about all the network attached stuff in the average data centre that's been there years, and is still in use, barely touched (let alone updated) because it just works, so it gets forgotten about.
> It would be relatively easy for miscreants to break into critical datacenter power management gear, shut off electricity supplies to multiple connected devices, and disrupt all kinds of services — from critical infrastructure to business applications — all at the press of a button.
Put your critical infrastructure behind a VPN running on embedded hardware.
Simon? Is that you?
Soical engineering users into powercycling their company equipment, and blowing up said company equipment is always a good one.
Now, if somebody can do that to a datacenter... imagine what will happen should you need to get spares for a couple of servers all at once...
---> on my way to a datacenter to experience a datacenter getting bounced in real life
In the beginning Security was created. This had made many people very angry and has been widely regarded as a bad move.
There is a theory which states that if ever anyone discovers exactly how to find and how to patch every Security hole, computing as we know it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened.
It is known that there are an infinite number of programs, simply because there is an infinite amount of code for them to be in. However, not every one of them contains security flaws. Therefore, there must be a finite number of security flaws. Any finite number divided by infinity is as near to nothing as makes no odds, so the average security flaw density of all the programs in the Universe can be said to be zero. From this it follows that the number of security flaws of the whole Universe is also zero, and that any security flaws you may meet from time to time are merely the products of a deranged imagination.
30+ years in IT trying to convince people that yes, it is possible for someone to get in the 'back door' and wreck havoc. So I proved it one day to the sysadmin by hacking onto his machine and saying 'Hi Ray' after he was going on and on about everything was locked down and secure (I worked remotely, of course). So at least after that, they listened to me.