Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Inventor of Proxy Firewall Blames Hackers 742

An anonymous reader writes "SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better: Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."
This discussion has been archived. No new comments can be posted.

Inventor of Proxy Firewall Blames Hackers

Comments Filter:
  • by Prophetic_Truth ( 822032 ) on Wednesday June 22, 2005 @08:59AM (#12880373)
    with their hair and thier clothes, and thier music! I can't stand 'em!
    • Problem is, just like the phreakers, while the hackers showed the way, organized crime (and yeah, I think I'll lump CoolWebSearch in that group) has pushed them out. The number of attacks related to real hackers is minimal these days, though there's enough idiots writing the tools thats the equivalent to giving uzis to schoolkids.

      Suddenly we're all little piggiesliving in the big bad wolf's neighborhood and we're living in software houses built of twigs.

      • by pixelpusher220 ( 529617 ) on Wednesday June 22, 2005 @09:19AM (#12880569)
        Actually I'd say the Hackers probably did us a favor in the long run. How bad would it be if everything were nice and rosy and then organized crime started playing hard ball?

        At least we've had time to learn and understand and actually build tools to help in the defense of our systems. Now if companies ignored the petty hacker attacks that's their own fault, but at least it started with relatively innocuous stuff rather than more heavy duty attacks...


        • by Thangodin ( 177516 ) <elentarNO@SPAMsympatico.ca> on Wednesday June 22, 2005 @10:04AM (#12881001) Homepage
          Yeah, but there's black hat and white hat. There are people who would hack into a system and leave a note saying "I was here, this is how I got in...fix this!" Then there were the ones who would hack in, delete everything or otherwise fuck it up, and then erase all signs that they were ever there. There are virus writers who write proof of concept worms and viruses to alert people to flaws in their systems, and then there are the script kiddies who have nothing better to do with their time but tweak existing viruses to beat the anti-virus signatures.

          I have no use for destructive hackers. It's much easier to find a hole in a system then it is to anticipate all possible angles of attack. If some ass-hat script kiddy wants to show what a clever boy he is, he should do something useful and become a security consultant. On the other hand, that would take brains and work...

        • Hacker Justification (Score:4, Interesting)

          by Mulletproof ( 513805 ) on Wednesday June 22, 2005 @10:09AM (#12881051) Homepage Journal
          Now this is just a sad justification and can easily be turned the other way-- If it had been organized crime that started hacking, the governement would probably take it more seriously than it is now, with laws and penalties to match. The tools would have been developed anyway, so it's really a non-issue.

          Besides. Hackers have been doing serious damage from day one. Besides just breaking into networks for "curiosity sake" they've been planting worms, trojans, trolling entire credit card data bases, commiting DDoS attacts, etc etc. No, not all of them, but enough to make the OPs point a ridiculous one to even attempt to justify.
        • As has been said by many much wiser than myself, all computer problems are fundamentally a people problem. Exploitable applications are the fault of developers, exploited applications are the fault of intruders.

          Why is the blame always pushed in one direction OR the other and not both?
  • by _am99_ ( 445916 ) * on Wednesday June 22, 2005 @09:00AM (#12880382)
    Truly, the only people who deserve a complete helping of blame are the
    hackers. Let's not forget that they're the ones doing this to
    us. They're the ones who are annoying an entire planet. They're the
    ones who are costing us billions of dollars a year to secure our
    systems against them. They're the ones who place their desire for fun
    ahead of everyone on earth's desire for peace and the right to
    privacy."


    Ok, but swap a hacker's desire for fun with a software companies
    desire to make money without properly taking responsiblity for
    securing their product and one could also write:

    Truly, the only people who deserve a complete helping of blame are the
    software companies. Let's not forget that they're the ones
    doing this to us. They're the ones who are annoying an entire
    planet. They're the ones who are costing us billions of dollars a year
    to secure our systems against them. They're the ones who place their
    desire for profit ahead of everyone on earth's desire for peace
    and the right to privacy."


    It is like a credit card company saying that if someone breaks into
    their systems and steals my credit card number, that is my
    responsibility - or maybe it is the hackers fault. Well sure, it is
    my fault for using a stupid bank, and the hackers fault for committing
    the crime - BUT SURELY the bank has to take some fault for making this
    whole possible - right?
    • Ok, but swap a hacker's desire for fun with a software companies desire to make money without properly taking responsiblity for securing their product

      A lot of hackers have "fun" causing other people pain. It's weird, I've never quite understood how that actually works, but I've met plenty of people who just experience joy at doing damage.

      Well sure, it is my fault for using a stupid bank, and the hackers fault for committing the crime - BUT SURELY the bank has to take some fault for making this whole
      • Closer to home (inasmuch as /. is "home"), I really hate people who come onto this site or any site, for that matter, for the express purpose of disrupting discussion. We call them trolls, but in the same way we try to differentiate between "hackers" and "crackers", maybe it would be good to try to differentiate between "trolls" and these despicable "troll jihadists".

        A logged in user may occasionally troll (who knows what kind of warped mind finds this "fun"?), but someone who logs in to drop bombs in a d
    • by erroneus ( 253617 ) on Wednesday June 22, 2005 @09:10AM (#12880471) Homepage
      At first I was going to mod this +interesting or something like that but I think I'd rather just add to it.

      We're born into this imperfect world and should expect nothing less than we've already been born into. The lock was invented before anyone presently reading this was born. This is a clear indication of the state of things and in my opinion, the nature of humans... or animals for that matter. (Raccoons, monkeys and other creatures are famous for stealing things too!)

      The individuals responsible are individually responsible for their own actions and should be held accountable. But the reality that should be mentioned and understood is that we're in a world where people do shit to each other.

      In that climate, we look to software makers to make reliable products. We want them to be able to withstand the efforts of the rest of the world doing what it is that's natural for them to do. It is not an impossible task. It has been shown through the virtue of patches that it can be done and since it can be patched it could also have been done right the first time had they only taken the time and effort to write it correctly to begin with.
      • In that climate, we look to software makers to make reliable products. We want them to be able to withstand the efforts of the rest of the world doing what it is that's natural for them to do. It is not an impossible task. It has been shown through the virtue of patches that it can be done and since it can be patched it could also have been done right the first time had they only taken the time and effort to write it correctly to begin with.

        Your original argument completely invalidates this insertion that

    • Ok, but swap a hacker's desire for fun with a software companies desire to make money without properly taking responsiblity for securing their product and one could also write:

      I think that's kind of implicit, but as he says, there would be no need for security without hackers. Of course, his comments are no more insightful than saying it's only because of thieves that we have to spend money on locks. Well, duh.

      It's not insightful, but it is true. Hackers are to blame for our current security needs.

      • by JWW ( 79176 ) on Wednesday June 22, 2005 @09:42AM (#12880791)
        What I really find interesting about this Thievs/Hackers analogy is that you never hear people telling the victims of Theives that they should have had three deadbolts on the door, or saying "shame on you you don't have bars on your windows, of course you'll get broken into."

        It never ceases to amaze me how much blame is laid at the feet of the users. I know running an email attachment executable is really stupid, but alot of other exploits are the equivalent of using a crowbar to break your windows. Thieves get serious jailtime and the police work to find them and they are considered the only ones to blame. In the PC realm, hackers go largely uncaught and unpersued by the athorities, and the user gets told its their fault.
        • [...] you never hear people telling the victims of Theives that they should have had three deadbolts on the door [...]

          It depends on where you live. In some cities/countries/parts of the world, you are expected to have three deadbolts on the door, or some other security features. Otherwise you end up paying very high insurance fees.

          Thieves get serious jailtime and the police work to find them and they are considered the only ones to blame. In the PC realm, hackers go largely uncaught and unpersue

    • by tyler_larson ( 558763 ) on Wednesday June 22, 2005 @09:37AM (#12880740) Homepage
      Ok, but swap a hacker's desire for fun with a software companies desire to make money without properly taking responsiblity for securing their product and one could also write:

      Perhaps you should RTFA--no, really. The article was very reasonable and well-written. The synopsis was not. Here's the context from which the quote you refer to came--

      If we consider the Internet as a big local network, we will see that some of our neighbours keep getting exploited by spyware, virus, and so on. Who should we blame? OS producers? Or our neighbours that chose that particular software and then run it without an appropriate secure setup?

      There's enough blame for everyone.

      Blame the users who don't secure their systems and applications.

      Blame the vendors who write and distribute insecure shovel-ware.

      Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.

      Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.

      Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.

      Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and [the] right to privacy.

  • by Anonymous Coward on Wednesday June 22, 2005 @09:00AM (#12880383)
    Blame Canada
    • I hold the Northwest Territories personally responsible for this terrible situation. Also, I believe that we ought to disconnect many third-world countries from the Internet. Places like Zimbabwe, Cambodia, Mauritania and New Jersey don't need to have Internet access.
  • by g0bshiTe ( 596213 ) on Wednesday June 22, 2005 @09:00AM (#12880387)
    bieng the inventor of said firewall they have most asuredly paid your bills for sometime.
  • I agree... (Score:3, Interesting)

    by cheezemonkhai ( 638797 ) on Wednesday June 22, 2005 @09:00AM (#12880388) Homepage
    How dare a large american mega-corperation that wants to keep our private data on their systems and make money off selling it have to spend any money protecting it.

    Yes hackers are a pain in the arse, so are spam merchants. Thats life, live with it.

    In other news the inventor of the Yale lock blames thieves for the invention of the lock, which irritates us daily.
    • Actually, wasn't the first Yale lock fairly unpickable for quite some time? IIRC something about it being on display with a reward for successful picking...OK just googled, it wasn't a Yale but rather Mr. Chubb's...
    • Re:I agree... (Score:5, Insightful)

      by Southpaw018 ( 793465 ) * on Wednesday June 22, 2005 @09:17AM (#12880546) Journal
      If I'm reading that right, you have it backwards - like a lot of people, I think. If, let's say, someone left their front door open and you saw some nice lookin shiny thing while walking down the street, and you went in and took it, then got caught...what would the police say? "Oh, it's not your fault. After all, they left their door open."

      No, while they were idiots for leaving the door open, you were the only one who broke the law.

      The same thing applies here. Because someone or something leaves doors open doesn't mean you can or should enter them. No one has to live with spam merchants - that's why we're taking measures to combat spam on many levels (from the national do not call registry to spam filters on the email system at the office). No one has to live with hackers, either. That's life, but not how you put it; this time, I applied your logic to both sides.

      Can you live with that?
      • Re:I agree... (Score:3, Insightful)

        by Xugumad ( 39311 )
        I agree entirely. In particular, I think there's a lot of people who think something is okay, unless it's specifically made hard.

        People NEED to take more responsibility for their actions. If I left my systems with the default passwords, didn't patch them, and had no firewall, it still would not by fault if someone broke in. It would be irresponsible of me, but that's is a different matter.

        There needs to be more of a realisation that responsibility lies with the person who CHOOSES to break the law.
        • Re:I agree... (Score:3, Informative)

          by swv3752 ( 187722 )
          Actually it would be your responsibility. In the the there is this thing called inticement. If you leave your keys in plain sight in your car, and someone steals your car; you will be held liable. If a cop sees that you left you key in plain sight in your car you can get a ticket.
      • Re:I agree... (Score:3, Insightful)

        by arose ( 644256 )
        What if you would pay someone to lock your door and he forgot?
    • If Proxy Firewalls offer a comparable level of security to a Yale lock, then we are seriously in trouble!

      From my own forum: How to defeat a Yale lock using nothing but a plastic bottle [bowlie.com]

  • by Mz6 ( 741941 ) * on Wednesday June 22, 2005 @09:01AM (#12880394) Journal
    they're also the ones that keep you and I employed.

    "They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them."

    • by Anonymous Coward on Wednesday June 22, 2005 @09:04AM (#12880414)
      But if they weren't keeping you and I employed we could both be employed doing more productive things.

      It's like saying the vandal who goes around smashing windows is a good guy because he keeps the window repairman employed.

      Old and crusty falacy...
      • by WhatAmIDoingHere ( 742870 ) * <sexwithanimals@gmail.com> on Wednesday June 22, 2005 @09:10AM (#12880472) Homepage
        No, it's not quite like that. It would be more like: If the window repairman developed newer windows that were harder to break. If the vandal never broke the original windows, they would still be as easy to break as they originally were. But now, thanks to the Vandal, they're improved and rock-resistant.

        The "window" tech. isn't standing still as the Vandal runs around breaking them.
        • by Zwets ( 645911 ) <jan,niestadt&gmail,com> on Wednesday June 22, 2005 @09:29AM (#12880668) Homepage
          This new kind of window would provide eXtreme Protection. I guess would be called 'Window XP'.
        • by eventDriven ( 817686 ) on Wednesday June 22, 2005 @10:36AM (#12881288)

          The grandparent and parent both touch on something important. The vandal/repairman example comes straight from Hazlitt and is indeed an old fallacy. People see the new improved and rock-resistent glass and they say 'now that's progress'. What they don't see is the resources the shopkeeper had wanted to purchase with the money that had to go to the new window. The shopkeeper could have spent that money to become more efficient or expand. Or as in Hazlitt's example, bought a new suit. Then the tailor would have had more resources to put into play.

          The window repairman, much like the parent poster, probably thinks rock-resistant windows and proxy firewalls are an excellent investment. When we look at the long list of technologies that changed the 20th century, many/most were developed at least in part to help wage and defend warfare. One might deduce that warfare is a creator of value. Yet war is always a destroyer of value. It is the allocation of resources that could be more suitably employed.

          • In a perfect world, maybe. But everything in the world we live in is driven by conflict and competition, not the betterment of our fellow man, not the betterment of our world, not even the betterment of ourselves.

            Until that changes, war is indeed a creator of value, because it's unlikely that many of those advances would have been made otherwise. All we know of space exploration is founded on advances that were originally made to kill people. Nuclear power came after nuclear weapons.

            It's nice to imagine a
  • He is 100% right (Score:3, Insightful)

    by Dancin_Santa ( 265275 ) <DancinSanta@gmail.com> on Wednesday June 22, 2005 @09:02AM (#12880401) Journal
    He is also 100% wrong. No one wants to live in a world where we have to lock our doors. Everyone wants to live freely without worry of being taken advantage of. It is absolutely the fault of the "evildoers" that we must put locks on our windows and worry about the footsteps following us down the dark, reeking alleyway.

    But it is also our own responsibility to be sure that we can prevent people from taking advantage of us. This means that we must have those locks and firewalls. To neglect this is to essentially invite attack and intrusion. And if it isn't at the hands of one group, it will be at the hands of another.

    We don't live in a perfect world, so it's important that we have adequate locks.
    • by clontzman ( 325677 ) on Wednesday June 22, 2005 @09:13AM (#12880505) Homepage
      I don't think he's arguing that. He's just saying that the people who are making this trouble are the problem, not the people who are making the software that tries to protect people.

      Just because you park your car in a mall and only protect it with a piece of glass that's easily broken and an alarm that everyone will ignore doesn't make it your fault if someone breaks in and steals your car. It seems like a lot of folks, though, would blame GM for not making steel shields for your windows.

      The virus/worm writers are the problem; how can anyone possibly defend them?
    • You know... In Canada, most people don't lock their doors. Most people don't live every day in fear of being taken advantage of because they're too busy being considerate of others, and we don't follow people down a dark alley unless they look like they need help.
      The Internet however is and will remain "International Waters" where a lifestyle change is required to survive. If only everyone just tried to be a little nicer...
      • Which idyllic part of Canada do you live in?

        The house we bought in the nicest part of Vancouver last year came with security bars on the 1st floor windows, an alarm system and triple locks on the doors. Maybe the previous owner was a bit paranoid, but a private security firm has just started patrolling the area near us due to a rash of break-ins.

        Vancouver has the highest rate of car theft in North America hence the arguably successful bait car program [baitcar.com].

        You might argue that we don't lock our doors in the d
    • That doesn't mean it's not someone's fault!

      I've heard of apologists before but this is bordering on ridiculous.

      Here's an analogous idea: the world is going to be full of tyrannical despots, we have to be on our guard against them. So it's not right to blame them, someone was going to murder all those Kurds if Saddam didn't do it. In fact these people are doing us a favor by keeping us on our toes! (and sometimes chopping them off)
    • You don't need to live in a perfect world to do without locks. You do need to live in a community with a strong sense of cohesion and a definite perimeter (not the same as a fence). it also helps to lead lifestyles that do not involve owning property that you leave unattended for the majority of the day.

      locks allow you to avoid all these burdens: you can have an anonymous, uncohesive community in which you are free to leave your stuff unattended. the question is: does the value you gain from this abilit

    • by Daniel_Staal ( 609844 ) <DStaal@usa.net> on Wednesday June 22, 2005 @09:20AM (#12880580)

      He agrees with you. That quote was the last paragraph of the last answer in the interview. Here's the full question/answer:

      If we consider the Internet as a big local network, we will see that some of our neighbours keep getting exploited by spyware, virus, and so on. Who should we blame? OS producers? Or our neighbours that chose that particular software and then run it without an appropriate secure setup?

      There's enough blame for everyone.

      Blame the users who don't secure their systems and applications.

      Blame the vendors who write and distribute insecure shovel-ware.

      Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.

      Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.

      Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.

      Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and [the] right to privacy.

      His point: there is pleny of blame to go around, if you want to spread the blame. The hackers who break in are the reason the rest of the blame matters, but the rest is still there.

      Just in case someone thought you disagreed with him. And because now everyone has read the full context of the quote we are discussing, which will be a rarity on /.

  • Good God... (Score:5, Insightful)

    by aendeuryu ( 844048 ) on Wednesday June 22, 2005 @09:04AM (#12880418)
    Rome builds shitty wall, Emperor blames failure on existence of barbarian hordes.

    It'd sound fucking ludicrous to read that in a history book, it's no less ludicrous to read that in a modern context.

    Dude, grow a pair.
    • Re:Good God... (Score:2, Insightful)

      by Foolomon ( 855512 )
      You are correct, but he is as well. It's the malicious intents of others that cause the headache in the first place. Granted, you could choose to ignore the headache, take some placebo (i.e. use a crappy OS with little protection) or take something effective (Oxycontin LOLOLOLOL), but the fact still remains that the headache is the cause of the problem. Just because you are ineffectively dealing with it doesn't mean the headache doesn't exist.
    • Re:Good God... (Score:4, Insightful)

      by ajs ( 35943 ) <ajs@a[ ]com ['js.' in gap]> on Wednesday June 22, 2005 @11:23AM (#12881719) Homepage Journal
      Slashdot hordes react without reading TFA, film at 11....

      He's not deflecting blame, he's pointing out that blaming your neighbor or your vendor is fine, but the lion's share of the blame for intrusions belong's square in the lap of the intruder.

      To quote TFA:
      [...]some of our neighbours keep getting exploited by spyware, virus, and so on. Who should we blame? OS producers? Or our neighbours that [...] run it without an appropriate secure setup?

      There's enough blame for everyone.

      Blame the users who don't secure their systems and applications.

      Blame the vendors who write and distribute insecure shovel-ware.

      Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.

      Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.

      Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.

      Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us.
      However, I'd like to point out that I disagree with something fairly fundamental in what he's saying. The people who are "annoying us" make us build better security, and I'm much rather have a numbskull try to poke at my security for bragging rights than have nothing for years and then a series of well-organized, well-hidden attacks that gain long-term access to sensitve data. I don't enjoy having to secure networks against boneheads, but I don't blame them for having to build good security, that should have been done from the day the first machine sent out a set of voltage modulations that could loosely be called "IP".
  • by Entrope ( 68843 ) on Wednesday June 22, 2005 @09:06AM (#12880436) Homepage
    Perhaps five or ten years ago it would have been plausible to say that computer criminals were largely breaking into others' machines for fun -- but even then, as Clifford Stoll discovered, there were exceptions. Then it turned into more of an organized enterprise. People controlling most of the infected machines on the Internet are NOT doing it out of curiosity or fun: They are doing it for power, and exploiting that for criminal enterprise.

    In the past years, we have seen profit-seeking criminals discover how useful insecure systems are to them. The major disruptions now are not caused by simple thrill-seekers.
    • by Simulant ( 528590 ) on Wednesday June 22, 2005 @10:00AM (#12880971) Journal
      "The major disruptions now are not caused by simple thrill-seekers."

      Please name one serious, high-profile hacking case (to include authoring viriii & worms) in which the perpetrator was caught and didn't turn out to be a teenager or a still adolescent 20 something.

      Inside jobs don't count.

      I'm sure there must be a few but I honestly can't think of any.

      Not to say that there aren't real bad guys out there... they just don't seem to get caught despite all the money thrown at computer and network security.

      Speaking as a sys admin for almost 20 years, most hacking has been a source of annoyance (and sometimes amusement) rather than serious damage. The oft quoted "billions & billions of damage due to hackers' is a load of crap as far as I can tell. Kind of ike the y2k bug was.

      They don't frighten me. The internet was never designed for privacy to begin with. If that's your aim then paying to "hack in" extra security is the price you pay.

      And you know what...? sometimes the cure is even worse than the disease.

      I read somewhere recently (sorry, can't remember where) where someone (a security "expert"?) criticized a nuculear power plant's network security by saying something along the lines of "they're so backward they aren't even connected to the internet". Sounds like good security to me.

  • programmer => hacker
    criminal hacker => cracker
    criminal non-hacker => script kiddie
  • by wubboy ( 96276 ) on Wednesday June 22, 2005 @09:06AM (#12880438)
    "Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."

    Is it just me or does this sound like a Onion story?
  • the firewall or the hacker?
  • "Locks only keep honest people honest." Such is the same with all security measures. Anything that is created by man can be defeated by man.
    • Untrue.

      Locks discourage the lazy. Since criminals by their very nature tend to be lazy, security measures do have some deterrent effect against those that don't personally have it in for you.
  • They just find the holes and make the tools.

    The people doing the damage are low life scum who buy Spam packages from other low life scum, and set up their own little mom and pop operations. Or script kiddies who create zombie farms from tips and tricks learned in IRC rooms.

    They probably barely know how computers work, and not a lick of programming. But they can surely run a spamming or DOS script.

    We should no more blame the hackers for spam and DOS attacks than we should blame Napster for music piracy,
  • by joshv ( 13017 ) on Wednesday June 22, 2005 @09:09AM (#12880465)
    Virus writers, crackers and their ilk are the predators and pathogens of the Internet ecosystem. They kill off the weak and make the rest stronger.

    What would you prefer? An Internet full of weak hosts, with a wealth of unexploited security holes and weakly configured security systems, where your security is left up to the good will of others (everybody just play nice now)? Or one where leary vendors and service providers stand in constant vigilance over security issues, because they have to. The wolves are circling the herd.

    What would happen if all the 'hackers' just went away? Everyone would get complacent. Security holes would proliferate, until the temptation just became too large and someone takes it all down in one fell swoop.
    • I'll take the logic behind the previous post and apply it to another popular security topic...
      ---
      Jihadists, whacko environmentalists, right-wing extremists and their ilk are the predators and pathogens of the modern global ecosystem. They kill off the weak and make the rest stronger.

      What would you prefer? A world full of weak hosts, with a wealth of unexploited security holes and weakly organized government systems, where your security is left up to the good will of others (everybody just play nice now)? O
      • by Forbman ( 794277 ) on Wednesday June 22, 2005 @09:47AM (#12880845)
        Jihadists, whacko environmentalists, right-wing extremists and their ilk are the predators and pathogens of the modern global ecosystem.

        No, these are the ticks, the mosquitoes, the starlings. They annoy the shit out of the system, occaisionally cause or induce actual harm, but are for the most part really just benign, in the grand scheme of things.

        The real wolves are the RIAA/MPAA, corporate agriculture, "Free Trade" advocates, Brazilian soy bean farmers, squeeky wheel Revelationists, neo-Talibanists in the US, etc., a culture that seems to know the price of everything and the value of nothing, and Congresses (US and EU) that values their corporate ties more or less above all else, and has forgotten that its job is not to get itself reelected, but to serve the people of the US and country, not serve the companies that serve the people.

  • boo-hoo-hoo (Score:3, Insightful)

    by lennart78 ( 515598 ) on Wednesday June 22, 2005 @09:09AM (#12880466)
    I don't know where to begin on this one.
    If there weren't any burglars around, I wouldn't have to lock the doors of my house.
    If everyone would abide traffic rules, the need for airbags etc. would vanish.

    This guy is not only complete missing any connection with the outside world, he also forgets that there are thousands of people working in the (IT) security industry, making a living. It may sound silly, but we keep our economy going this way. This is why there are so many economists/therapists/lawyers/communication advisors/etc. around.

    I feel like feeding the troll here. Time to knock it off...
  • by Alarash ( 746254 ) on Wednesday June 22, 2005 @09:10AM (#12880469)
    We only wants our precious proxyses! Trixie, nasty hackeeses! We wont let them behind our precious!

    *gollum, gollum*

  • "Perfect World" (Score:2, Insightful)

    by myrick ( 893932 ) *
    As nice as it is to think that the world would be in perfect harmony without hackers, it is little more than a pipe dream. Throughout history, humanity has been plagued by the selfish nature of its constituents ('human nature' just does not jive with the 'common good'), and that is a fact I would argue is on par with Death and Taxes. We as a society have to be realistic here, and we as the geek community, the developers of software, have to take the responsibility to make high quality, secure software, be
  • Having insecurity is a plus to the world as it raises peoples awareness of issues and in the long term security should hopefully improve. "hackers" will get better and better to keep one step in front but at the end of the day if the user is well protected then they will be at a lower risk than those that use windows 2000 or redhat 5.2 with no patches.

  • Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy.

    If we got rid of all the hackers, wouldn't we still need to secure our networks from governments, crimi

  • by halbert ( 714394 )
    Marcus had the right idea, but then he went for the media spin about hackers. His best quote was actually :

    There's enough blame for everyone.

    Blame the users who don't secure their systems and applications.

    Blame the vendors who write and distribute insecure shovel-ware.

    Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.

    Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configuration

  • by thelizman ( 304517 ) <(moc.oohay) (ta) (kcattaremmah)> on Wednesday June 22, 2005 @09:23AM (#12880599) Homepage
    Obviously this guy has never heard of espionage. *Most* (not all) hackers/crackers get in, poke around, and leave. I've known a few that actually fix shit on the way out, and leave friendly notes (though I think more highly of the do no harm crowd).

    The *REAL* danger are corporate spies who not only want your secrets, but also plant spyware, or destroy infrastructure to hamper a competitor. There is also the growing instances of state-sponsored computer cracking whereby poorer nations (particularly the axis-of-evil states) seek to leverage the power of attacking information infrastructures instead of the physical infrastructure. Remember, the US didn't take down the Soviet Union by dropping bombs and shooting bullets. We bankrupted their ass in a nice game of 'keeping up with the neighbors'.
    • "Remember, the US didn't take down the Soviet Union by dropping bombs and shooting bullets. We bankrupted their ass in a nice game of 'keeping up with the neighbors'."

      Your forgetting that a really significant contributor to the downfall of the Soviet Union was their "Vietnam", the war in Afghanistan. The U.S. did supply the bullets and in particular the Stinger missiles that were used by proxies to kill their draftee soldiers and created a couple generations worth of veterans who were completely scarred i
  • While I don't think *cracking* is right ( nevermind arguing the semantics of it ), I don't think it's relevant to complain about them. It's like getting annoyed with bacteria, and blaming it for the invention and need of anti-bios.

    Yes, if it weren't for x we wouldn't need y. However, much like bacteria strengthens the body, crackers strengthen our software. Albeit in a round about way.
  • by AtariAmarok ( 451306 ) on Wednesday June 22, 2005 @09:30AM (#12880680)
    In a related story, the designer of the Great Wall of China blames Mongols.
  • by zoomba ( 227393 ) <mfc131@gmailLION.com minus cat> on Wednesday June 22, 2005 @09:46AM (#12880837) Homepage
    He's correct in his assessment of blame. The people who hack systems, break stuff, spread viruses and bot networks etc are 100% responsible for their actions. They are violating laws left and right with no regard for others.

    Yes, insecure code, a lack of a firewall or antivirus software opens you up to potential attacks, or not having the latest security patches. However that doesn't excuse an actual attack.

    By the reasoning of most of the posters here, unless your home is as secure as fort knox, anyone who breaks in and steals stuff isn't really to blame... I mean, come on, you could have protected your house better. Put in pressure plates and motion sensors. Try a laser grid on the floor. Armed guards, time sealed doors, attack dogs etc. Anything less and, geeze, you're practically inviting them in to take your stuff!

    That's what the Internet is like. You really have to lock up your system like Fort Knox to keep yourself safe. Even then, the burglar could find a spot in the security system that isn't fully covered and get in that way.

    The ONLY secure machine is one that is sitting in the corner, surrounded by a lead box, not connected to any network or power supply. A useless machine really.

    Those who attempt to maliciously exploit vulnerabilities deserve every once of blame you can possibly assign to them. I personally want to kick the guy in the balls that did the Blaster worm... took weeks to get my old workplace cleared of that thing. Just because it is POSSIBLE to exploit something does not mean you SHOULD exploit it. Too many people online use the reasoning that if it's possible it should be allowed.
  • by maraist ( 68387 ) * <michael.maraistN ... gmail.n0spam.com> on Wednesday June 22, 2005 @09:51AM (#12880878) Homepage
    To say hackers are evil is like saying germs, viruses, and carnivores in general are evil. By merely acting out Adam Smith's society being benifited best by each acting in his own best interests (adapted by John Nash to include societal interests for best outcome), we are keeping in step with mere nature.. A dog will forage for food, defend it's food, and kill it's food, so that it can stay alive. A rabbit will defend against other rabbits if need be (though they'll generally run away from anything else).

    A patron is looking for a good deal, and will expend effort to maximize their deal, so sloopy wording on a sign on your store-front are invites to a natural onslaught of fiscal frustration. By natural, I mean there is no evil intent in people trying to keep you for your word in maintaining a good bargain (that you didn't intend).

    If there is money on the street, it is conceivable that:
    a) the original owner will never find it again
    b) someone else will take the money

    So you justify taking the money yourself.

    If you are hungry, you might be inclined to take two samples at a free food-sample kiosk. It's unfair as it goes beyond the intent of "sampling" and takes away from other's (since there is usually a set amount of sample provided for the day).

    In reality, those that are sheltered from such harsh survival of the fittest environments will EVENTUALLY meet with that environment.. It is impossible (short of death) to avoid it. Thus the question is not IF we will meet our challenges, but when, and how quickly will the difficulty level rise.

    For those with assets we fear to loose (time,money,posessions,intellectual property, etc), it is natural for them to be saught by others. Having a public wiki is valueable advertising real-estate (or a personal repository for globally accessible content). So grafiti, being merely a primitive form of marketing, is bound to happen. Bank accounts are an obvious point of content.. If you happened to come across money on the street, you are more than likely to take it. If your ATM machine started allowing you to withdraw cash w/o deducting from your bank account, there is a better than likely chance that you'll take advantage (anonymous theft when it is considered to not overwhelmingly harm someone else - proportionate loss/gain - is often self justified). There isn't much difference from taking from that ATM machine and taking from an online bank account that you've happened by. Yes there is a greater issue of proportionality (you might be stealing from someone poorer than you), but you might think to yourself (I'm teaching them a lesson).. What-ever the cause, an otherwise moral man may find themselves tempted.. To say nothing of the mafia.

    And ultimately organized crime is the tyrannasauras of our internet age. The mafia being only one form of it (unfriendly governments being an even more serious threat). The age of mafia and internet "WAR" (literally between nation-states) is only a matter of time.

    So if our "evolution" through natural selection and adverse environment does not "toughen" us enough to sustain such natural phenomena, then we will die (or at least the medium will die).

    So lets look again at these "evil" hackers. Many of the hackers were self-professed white-hackers, or anonymous exposers. If you are inclined to see if a WEB-INF directory or IIS-specific file-set are visible on a public site, you can either email their sys-admin who might sue you for hacking, or simply ignore you (like MS tries to do with serious security alerts so long as the general public is oblivious), or you can make it a priority for them... Deface their web site, delete lots of their database records.. Make it too expensive for them NOT to resolve the issue.

    These are altruistic people. Slightly less altruistic are those that advertise themselves 3l33t hacker-names advertised here and there. As they have the fun and recognition-factor of it all (especially if they get CNN coverage).

    Embrace th
  • blame everybody (Score:5, Insightful)

    by Monofilament ( 512421 ) on Wednesday June 22, 2005 @10:00AM (#12880973) Homepage Journal
    Security isn't about stopping somebody who wants to be malicious to a system and have fun with that.

    Its about protecting information that you otherwise don't want unauthorized people to have access to. its about espionage, its about privacy. Its about making sure you know if somebody is just looking on your system. Honestly a server can be replaced if it gets fried by some hacker trying to hurt it, and there are backups. But you'd never know if somebody went in and just invaded your privacy and looked at all your things and then left it completely clean right?, not without something like a firewall or some sort of logs and security system set up.

    So yeah go blame hackers for making us think of the idea .. but don't say we wouldn't want it otherwise. Firewalls are a good thing...
  • by mr_z_beeblebrox ( 591077 ) on Wednesday June 22, 2005 @10:04AM (#12880998) Journal
    They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy

    How can someone be clueful and clueless all at once... Desire for fun....that did not steal 40 million credit card numbers. Everyone on Earths desire for peace and right to privacy? Tell that to the Chinese who are told what ports they can or can not secure to allow for "public monitoring" This guy is lost.
  • bullshit (Score:4, Insightful)

    by cahiha ( 873942 ) on Wednesday June 22, 2005 @10:05AM (#12881013)
    Computer criminals and black-hat-hackers are as much a fact of life as rain showers in Seattle, earthquakes in California, flus in winter, and accidents on highways.

    Security isn't an accidental byproduct of software, it is one of its primary functions; if software doesn't provide security, then it is defective. That's just like if you buy a padlock, you have an expectation that it actually works as a lock. The padlock manufacturer can't say "oh, well, our padlock doesn't work, but that's really the criminal's fault".

    Any vendor that puts out software that contains easily avoidable security holes (like buffer overflows, backdoors, ...) is very much to blame. In fact, it should be possible to hold liable for negligence.
  • by MrLint ( 519792 ) on Wednesday June 22, 2005 @10:35AM (#12881280) Journal
    Technically his statement is correct, however prima facia, its a foolish one. As its been said elsewhere in the comments it implies that if it were not for 'hackers' systems would be 'safe'. However as is the case with companies looking to cut every conceivable cent, there would be no security otherwise. "Why bother locking the doors there are no criminals to steal my possessions!"

    This sounds merely like an argument for altruism and security thru obscurity (which of course doesn't work). Why would a company try to harden against problems, even if caused my a mistake, if there is never any pressure to think there would be a need?

    Would a civilization wonder if there is anyone else out in space if they can see no stars? Problem is without external pressure, people get sloppy. Of course people are sloppy to begin with. Imagine the extent of the credit card problems we have seen in the past months if there was no security at all? Its a poor argument really.
    • No, you're wrong. It doesn't imply that things would be safe, it implies that if people didn't do bad stuff, then that subset of bad stuff wouldn't happen. The fact is that we're dealing with social issues, which don't have technical solutions. Social solutions fix social problems, and part of the solution is to make criminal activity socially unacceptable.

      The fact is that people have been kidding themselves that they have some level of security for a long time, and if there was no security at all, then
  • UberMUD & UnterMUD (Score:3, Interesting)

    by Macka ( 9388 ) on Wednesday June 22, 2005 @10:49AM (#12881413)

    Thought I'd mention a bit of history (long since forgotten) that Marcus Ranum was also the author of the UberMUD and UnterMUD, mud engines. Two very nice mud cores, written in K&R C that ran on Ultrix. Both had their own strengths and weaknesses. UberMUD was my favourite, as it had its own scripting language called "U". UnterMUD didn't so it was harder to develop on, but its filestore backend was much smarter than Uber's. A union of the two would have been the perfect MUD engine IMO.

  • by rpdillon ( 715137 ) on Wednesday June 22, 2005 @10:49AM (#12881417) Homepage
    I mean sure...the crackers DO cause all the problems, but you have to develop a system that allows for the existance of the inevitable. Yeah, communism is a great idea, but unless it can be modified to account for the fact that there will be people trying to leech off the system, it won't go very far. Similarly with computers: it's a bit foolish to complain that we wouldn't have to have information security if we didn't have all those darn criminals cracking our computers. There will always be people who want to leech because they're selfish, and there will always be criminal crackers. Part of running a society, or a computer system, is making it resilient to those that don't follow the rules.
  • by Master of Transhuman ( 597628 ) on Wednesday June 22, 2005 @11:16AM (#12881670) Homepage

    Get over the last paragraph, morons, and RTFA!

    It's FAR more insightful than any of the comments I've seen bitching about the "blame hackers" paragraph - which was preceded by "blame everybody else" sentences anyway.

    You guys sound like the big media press whenever somebody gets caught faking or running false stories - "Oh, woe is us! Somebody is blaming us for being idiots! We're such a poor, put-upon industry!"

    Deal with it!

If what they've been doing hasn't solved the problem, tell them to do something else. -- Gerald Weinberg, "The Secrets of Consulting"

Working...