[ackalker]

From what I gather from the article, the systems which RAM scrapers attack were running on general purpose computers, with very similar vulnerabilities.

Why isn't sensitive software like this built and audited with the same concern for reliability and security as avionics, medical equipment, SCADA, etc.? Certainly the cost in financial losses caused by these attacks makes this a pertinent question.

[valarauca1]

>Why isn't [..] software like this built and audited [...] for reliability and security as avionics, medical equipment, SCADA, etc.?

Imply that it is. It very very often isn't at all.

[Sami_Lehtinen]

Well, but these are: https://news.ycombinator.com/item?id=8409305 Yet, of course it doesn't mean that modifications would be impossible. Smart guys can breach it, it's nothing different from mod chipping a playstation or other custom embedded hardware. There are multiple protection layers, but those are just slowing the process down. Smart guys with skills, labs, test hardware and proper budget, can always work around those.

[bsder]

Because the penalty is backloaded but the expense is frontloaded--and the beancounters are only concerned about the frontloaded expenses.

How much did it cost the guy who made this decision? Zero. All the cost and blame falls on the person who came after who has to clean it up.

[dfc]

BH2014 -- SCADA: Why Control System Cyber Security Sucks https://www.youtube.com/watch?v=km8FZaBqpgg&list=UUbbgnifxfH...

[forgottenpass]

"Why?" Because money; of course. Did you think "lean" companies shipping "MVPs" were the only guys around shoveling shit out the door as long as it sells? Also, the medical and SCADA fields are notoriously bad at security (but have been catching up, SCADA more than medical).