
Another example of why you shouldn't roll-your-own crypto - cybergibbons
http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/
======
CM30
Wow, that's kind of shocking. I mean, I know pretty much nothing about
security, and even I could tell that coding your own 'crypto' based on a
formula cracked about 200 years ago is a bad idea. Let alone the whole 'no way
to update the software except by manually upgrading it with an installer'
thing.

But honestly, I'd say this the least of anyone's concerns with this company.
The linked article also mentions some other security issues in their work when
discussing a lack of security 'culture', and one of the most terrifying ones
is this:

[http://cybergibbons.com/security-2/terrible-website-
security...](http://cybergibbons.com/security-2/terrible-website-security-on-
www-apprentices4fs-com/)

They don't seem to hash passwords, they send them across the internet in plain
text, ban people with the equivalent of setting a cookie on the PC and then
sell software as 'secure'. That's kind of terrifying.

