This morning Bruce Schneier posted a fascinating article on the psychology and economics of buying bad products. The example that he uses is a “secure” USB keychain drive called Secustick that was, supposedly, commissioned by the French government, tested and approved by a French intelligence service, and is apparently in use all over the world by governments and major corporations in the financial services industries.

A week ago a review of the Secustick was posted on Tweakers.net. They loaded the software on the stick into a debugger and learned that all someone had to do was place a breakpoint after a function called VerifyPassWord(), alter the return code from a 0 to a 1, and voilà! (Pun intended.) Anybody could get access to the contents of the drive.

It’s generally my belief that the free market is efficient. However, Bruce’s essay brings up a good point. Shoddy products like the Secustick have an advantage in the marketplace. Namely, they cost less to produce. Normally this isn’t an issue because the consumer has the skillset and the ability to evaluate that the clothing they are buying from Walmart isn’t as high a quality as what they would buy from JC Penney’s. How are you supposed to know when it comes to something like the Secustick? Or a firewall? Or a virus scanner? Or a <insert any suitably complicated technology>?

This entry was posted on Thursday, April 19th, 2007 at 9:36 pm and is filed under Computers. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.