Inventor of Proxy Firewall Blames Hackers 742
An anonymous reader writes "SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better:
Truly, the only people who deserve a complete helping of blame are the
hackers. Let's not forget that they're the ones doing this to us. They're the
ones who are annoying an entire planet. They're the ones who are costing us
billions of dollars a year to secure our systems against them. They're the
ones who place their desire for fun ahead of everyone on earth's desire for
peace and the right to privacy."
Someone should patent blame deflection (Score:5, Insightful)
hackers. Let's not forget that they're the ones doing this to
us. They're the ones who are annoying an entire planet. They're the
ones who are costing us billions of dollars a year to secure our
systems against them. They're the ones who place their desire for fun
ahead of everyone on earth's desire for peace and the right to
privacy."
Ok, but swap a hacker's desire for fun with a software companies
desire to make money without properly taking responsiblity for
securing their product and one could also write:
Truly, the only people who deserve a complete helping of blame are the
software companies. Let's not forget that they're the ones
doing this to us. They're the ones who are annoying an entire
planet. They're the ones who are costing us billions of dollars a year
to secure our systems against them. They're the ones who place their
desire for profit ahead of everyone on earth's desire for peace
and the right to privacy."
It is like a credit card company saying that if someone breaks into
their systems and steals my credit card number, that is my
responsibility - or maybe it is the hackers fault. Well sure, it is
my fault for using a stupid bank, and the hackers fault for committing
the crime - BUT SURELY the bank has to take some fault for making this
whole possible - right?
and interestingly enough... (Score:5, Insightful)
"They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them."
He is 100% right (Score:3, Insightful)
But it is also our own responsibility to be sure that we can prevent people from taking advantage of us. This means that we must have those locks and firewalls. To neglect this is to essentially invite attack and intrusion. And if it isn't at the hands of one group, it will be at the hands of another.
We don't live in a perfect world, so it's important that we have adequate locks.
Re:and interestingly enough... (Score:5, Insightful)
It's like saying the vandal who goes around smashing windows is a good guy because he keeps the window repairman employed.
Old and crusty falacy...
Good God... (Score:5, Insightful)
It'd sound fucking ludicrous to read that in a history book, it's no less ludicrous to read that in a modern context.
Dude, grow a pair.
Right.. (Score:0, Insightful)
Let's say there weren't a lot of crackers. Nobody would even bother about the slightest bit of security. Then one guy would learn enough, and since the lack of security he would be able to root the entire planet. One real blackhat, and we'd all be doomed.
We should thank the hackers.
And if software companies would pay a little more attention to security, the internet would be way more secure. So it's THEM to blame.
Re:Someone should patent blame deflection (Score:2, Insightful)
A lot of hackers have "fun" causing other people pain. It's weird, I've never quite understood how that actually works, but I've met plenty of people who just experience joy at doing damage.
Well sure, it is my fault for using a stupid bank, and the hackers fault for committing the crime - BUT SURELY the bank has to take some fault for making this whole possible - right?
Yep, but not as much as people here seem to want to put on them. It's a lot easier to destroy than create;even the best systems will have some security flaws, no matter how good the creator is.
Re:Someone should patent blame deflection (Score:1, Insightful)
Re:and interestingly enough... (Score:1, Insightful)
90% of the people on this planet are employed to clean up problems created by other people. Geeks are no different. It's not a bad thing, it's life.
There's an old Saying.... (Score:2, Insightful)
Could not be more wrong (Score:5, Insightful)
What would you prefer? An Internet full of weak hosts, with a wealth of unexploited security holes and weakly configured security systems, where your security is left up to the good will of others (everybody just play nice now)? Or one where leary vendors and service providers stand in constant vigilance over security issues, because they have to. The wolves are circling the herd.
What would happen if all the 'hackers' just went away? Everyone would get complacent. Security holes would proliferate, until the temptation just became too large and someone takes it all down in one fell swoop.
boo-hoo-hoo (Score:3, Insightful)
If there weren't any burglars around, I wouldn't have to lock the doors of my house.
If everyone would abide traffic rules, the need for airbags etc. would vanish.
This guy is not only complete missing any connection with the outside world, he also forgets that there are thousands of people working in the (IT) security industry, making a living. It may sound silly, but we keep our economy going this way. This is why there are so many economists/therapists/lawyers/communication advisors/etc. around.
I feel like feeding the troll here. Time to knock it off...
Re:Someone should patent blame deflection (Score:5, Insightful)
We're born into this imperfect world and should expect nothing less than we've already been born into. The lock was invented before anyone presently reading this was born. This is a clear indication of the state of things and in my opinion, the nature of humans... or animals for that matter. (Raccoons, monkeys and other creatures are famous for stealing things too!)
The individuals responsible are individually responsible for their own actions and should be held accountable. But the reality that should be mentioned and understood is that we're in a world where people do shit to each other.
In that climate, we look to software makers to make reliable products. We want them to be able to withstand the efforts of the rest of the world doing what it is that's natural for them to do. It is not an impossible task. It has been shown through the virtue of patches that it can be done and since it can be patched it could also have been done right the first time had they only taken the time and effort to write it correctly to begin with.
Re:and interestingly enough... (Score:5, Insightful)
The "window" tech. isn't standing still as the Vandal runs around breaking them.
Re:He means crackers right? (Score:4, Insightful)
criminal hacker == hacker therefore
criminal hacker == hacker
IPv6 (Score:1, Insightful)
No, IPv6 isn't going to solve anything.
I liked this line the best. I'm tired of the people who prattle on about how NAT has broken the internet and how IPv6 will negate the need for NAT and solve all our security problems. That line is a bunch of crap and now we have someone of authority acknowledging that. As for the "out of addresses" excuse, don't even get me started.
"Perfect World" (Score:2, Insightful)
They haven't (Score:1, Insightful)
Re:He is 100% right (Score:5, Insightful)
Just because you park your car in a mall and only protect it with a piece of glass that's easily broken and an alarm that everyone will ignore doesn't make it your fault if someone breaks in and steals your car. It seems like a lot of folks, though, would blame GM for not making steel shields for your windows.
The virus/worm writers are the problem; how can anyone possibly defend them?
Re:Someone should patent blame deflection (Score:5, Insightful)
Cities have legions of building inspectors for just this purpose who's job it is to actually ensure that the tradesmen actually built their part of the house up to the standards set in the local building codes.
They actually have standards in the construction industry.
Re:Here we go again (Score:3, Insightful)
Re:I agree... (Score:5, Insightful)
No, while they were idiots for leaving the door open, you were the only one who broke the law.
The same thing applies here. Because someone or something leaves doors open doesn't mean you can or should enter them. No one has to live with spam merchants - that's why we're taking measures to combat spam on many levels (from the national do not call registry to spam filters on the email system at the office). No one has to live with hackers, either. That's life, but not how you put it; this time, I applied your logic to both sides.
Can you live with that?
Re:Good God... (Score:2, Insightful)
Re:its the hackers alright! (Score:5, Insightful)
At least we've had time to learn and understand and actually build tools to help in the defense of our systems. Now if companies ignored the petty hacker attacks that's their own fault, but at least it started with relatively innocuous stuff rather than more heavy duty attacks...
Re:Someone should patent blame deflection (Score:2, Insightful)
Your original argument completely invalidates this insertion that it's "not an impossible task." Yes it is! Software developers are human too!!!
Re:Here we go (Score:3, Insightful)
Well, I guess they did prepare us for more serious infrastructure threats, e.g. information warfare, organized crime etc.
I'd rather have an army of citizen-lamers spend decades breaking into our computers for fun, prompting us to build up an immune system.
Xcott
Re:He is 100% right (Score:5, Insightful)
He agrees with you. That quote was the last paragraph of the last answer in the interview. Here's the full question/answer:
His point: there is pleny of blame to go around, if you want to spread the blame. The hackers who break in are the reason the rest of the blame matters, but the rest is still there.
Just in case someone thought you disagreed with him. And because now everyone has read the full context of the quote we are discussing, which will be a rarity on /.
Focus on the Process (Score:2, Insightful)
I see every day the results of poor practices, shoddy software, and just plain old stupidity when it comes to security. Fix those first, then worry about the hackers.
Hackers = Canaries in the Coal Mine (Score:5, Insightful)
The *REAL* danger are corporate spies who not only want your secrets, but also plant spyware, or destroy infrastructure to hamper a competitor. There is also the growing instances of state-sponsored computer cracking whereby poorer nations (particularly the axis-of-evil states) seek to leverage the power of attacking information infrastructures instead of the physical infrastructure. Remember, the US didn't take down the Soviet Union by dropping bombs and shooting bullets. We bankrupted their ass in a nice game of 'keeping up with the neighbors'.
Re:Someone should patent blame deflection (Score:5, Insightful)
In a way, hackers are kind of pointing out that the emperor has no clothes.
With that said, I, personally, find nothing wrong with a hacker trying to figure out an application / OS's vulnerabilities and sharing them with the developers. And if they do nothing about it, share it with the rest of the world to force them to. People deserve doors to have doorknobs and doors that have locks. People also deserve software that doesn't leave their anal cavity wide open for nefarious probing.
However, the hackers who run amok trying to fuck things up as much as possible for the sake of fucking it up (more script kiddies than hackers, but to the average person, they're the same); they still need to be blamed. They're still the primary culprits. But software companies can be extremely negligent at times, and thus, they bear some responsibility too. Responsibility isn't finite; just because we have two parties doesn't mean the major culprit receives any less of the blame.
And I'm rambling, again. I'm sorry.
Re:Guns don't kill people (Score:2, Insightful)
The idiot who comes in with a lit cigarette is doing nothing wrong and, supposedly, didn't intend anything evil. You're a moron for spreading kerosene all over the house. The cigarette dude isn't to blame. This is just an unfortunate incident caused by owner neglect and stupidity.
Not so with the hacker. The hacker might know the owner neglected to have decent security on his system but he's still entering the system with malice in mind.
You can call a home-owner ignorant for not locking the doors of the house but the thief who waltzes in the front door and steals the TV is still a prick and is the one who should be punished.
Re:Someone should patent blame deflection (Score:2, Insightful)
Just my 2 cents.
Re:Someone should patent blame deflection (Score:5, Insightful)
Perhaps you should RTFA--no, really. The article was very reasonable and well-written. The synopsis was not. Here's the context from which the quote you refer to came--
Re:Someone should patent blame deflection (Score:3, Insightful)
-Jesse
Re:Article is not particularly insightful, really (Score:5, Insightful)
It never ceases to amaze me how much blame is laid at the feet of the users. I know running an email attachment executable is really stupid, but alot of other exploits are the equivalent of using a crowbar to break your windows. Thieves get serious jailtime and the police work to find them and they are considered the only ones to blame. In the PC realm, hackers go largely uncaught and unpersued by the athorities, and the user gets told its their fault.
Criminal Responsibile for the Crime (Score:5, Insightful)
Yes, insecure code, a lack of a firewall or antivirus software opens you up to potential attacks, or not having the latest security patches. However that doesn't excuse an actual attack.
By the reasoning of most of the posters here, unless your home is as secure as fort knox, anyone who breaks in and steals stuff isn't really to blame... I mean, come on, you could have protected your house better. Put in pressure plates and motion sensors. Try a laser grid on the floor. Armed guards, time sealed doors, attack dogs etc. Anything less and, geeze, you're practically inviting them in to take your stuff!
That's what the Internet is like. You really have to lock up your system like Fort Knox to keep yourself safe. Even then, the burglar could find a spot in the security system that isn't fully covered and get in that way.
The ONLY secure machine is one that is sitting in the corner, surrounded by a lead box, not connected to any network or power supply. A useless machine really.
Those who attempt to maliciously exploit vulnerabilities deserve every once of blame you can possibly assign to them. I personally want to kick the guy in the balls that did the Blaster worm... took weeks to get my old workplace cleared of that thing. Just because it is POSSIBLE to exploit something does not mean you SHOULD exploit it. Too many people online use the reasoning that if it's possible it should be allowed.
Re:Could not be more wrong (Score:4, Insightful)
No, these are the ticks, the mosquitoes, the starlings. They annoy the shit out of the system, occaisionally cause or induce actual harm, but are for the most part really just benign, in the grand scheme of things.
The real wolves are the RIAA/MPAA, corporate agriculture, "Free Trade" advocates, Brazilian soy bean farmers, squeeky wheel Revelationists, neo-Talibanists in the US, etc., a culture that seems to know the price of everything and the value of nothing, and Congresses (US and EU) that values their corporate ties more or less above all else, and has forgotten that its job is not to get itself reelected, but to serve the people of the US and country, not serve the companies that serve the people.
Re:I agree... (Score:3, Insightful)
People NEED to take more responsibility for their actions. If I left my systems with the default passwords, didn't patch them, and had no firewall, it still would not by fault if someone broke in. It would be irresponsible of me, but that's is a different matter.
There needs to be more of a realisation that responsibility lies with the person who CHOOSES to break the law.
The "hackers" debate is beside the point... (Score:2, Insightful)
"Blaming the hackers" won't get you anywhere (Score:2, Insightful)
There are three types of motivation:
1. The excitement and fulfillment that comes from understanding a system and finding the holes in it, and often leaving your mark so others know you were there.
2. Political and ideological motivations -- a desire to educate people, and punish the "enemy".
3. Economic motivations. This includes both advertising, and theft/scams.
The trends started at (1) and are increasingly moving towards (2) and (3). Ironically, the technology generated by (1) is being used by those whose motives are very different than the type (1)s.
The only way to fix this is to reduce the openness and anonymity of the Internet.
I repeat:
The only way to fix this is to reduce the openness and anonymity of the Internet.
Just as we had to find a balance between privacy and security/integrity in every other aspect of society (e.g. telephones, credit cards,
Re:"Desire for fun"? Oh please.. (Score:4, Insightful)
Please name one serious, high-profile hacking case (to include authoring viriii & worms) in which the perpetrator was caught and didn't turn out to be a teenager or a still adolescent 20 something.
Inside jobs don't count.
I'm sure there must be a few but I honestly can't think of any.
Not to say that there aren't real bad guys out there... they just don't seem to get caught despite all the money thrown at computer and network security.
Speaking as a sys admin for almost 20 years, most hacking has been a source of annoyance (and sometimes amusement) rather than serious damage. The oft quoted "billions & billions of damage due to hackers' is a load of crap as far as I can tell. Kind of ike the y2k bug was.
They don't frighten me. The internet was never designed for privacy to begin with. If that's your aim then paying to "hack in" extra security is the price you pay.
And you know what...? sometimes the cure is even worse than the disease.
I read somewhere recently (sorry, can't remember where) where someone (a security "expert"?) criticized a nuculear power plant's network security by saying something along the lines of "they're so backward they aren't even connected to the internet". Sounds like good security to me.
blame everybody (Score:5, Insightful)
Its about protecting information that you otherwise don't want unauthorized people to have access to. its about espionage, its about privacy. Its about making sure you know if somebody is just looking on your system. Honestly a server can be replaced if it gets fried by some hacker trying to hurt it, and there are backups. But you'd never know if somebody went in and just invaded your privacy and looked at all your things and then left it completely clean right?, not without something like a firewall or some sort of logs and security system set up.
So yeah go blame hackers for making us think of the idea
Biting the hand that feeds... (Score:2, Insightful)
Let's look at it another way-- do you really think Batman would be happy if Gotham (or the world) were rid of crime? What would he do?
Or yet another point of view-- hackers are actually helping the economy. They have created a new market in security which creates jobs, revenue and all the other economic benefits. As Gordon Gecko might say "Hacking is good!"
To expand this a bit-- without crime there would be no need for a police force. Without war there would be no need for a military. What would we do with all that excess production capacity?
*tounge firmly planted in cheek*
Inventor of proxy firewall - takes another toke (Score:4, Insightful)
How can someone be clueful and clueless all at once... Desire for fun....that did not steal 40 million credit card numbers. Everyone on Earths desire for peace and right to privacy? Tell that to the Chinese who are told what ports they can or can not secure to allow for "public monitoring" This guy is lost.
Re:its the hackers alright! (Score:5, Insightful)
I have no use for destructive hackers. It's much easier to find a hole in a system then it is to anticipate all possible angles of attack. If some ass-hat script kiddy wants to show what a clever boy he is, he should do something useful and become a security consultant. On the other hand, that would take brains and work...
bullshit (Score:4, Insightful)
Security isn't an accidental byproduct of software, it is one of its primary functions; if software doesn't provide security, then it is defective. That's just like if you buy a padlock, you have an expectation that it actually works as a lock. The padlock manufacturer can't say "oh, well, our padlock doesn't work, but that's really the criminal's fault".
Any vendor that puts out software that contains easily avoidable security holes (like buffer overflows, backdoors,
Re:I agree... (Score:3, Insightful)
arms race (Score:2, Insightful)
For example, if I wanted to, I could easily break into the average person's home. It just isn't that hard. Does that mean they "failed" to secure it? I would think not.
There is no such thing as "perfect" security. It will always be an arms race between malicious people (or misguided non-malicious hackers) and the people trying to protect their systems.
Blame vs responsibility (Score:4, Insightful)
This sounds merely like an argument for altruism and security thru obscurity (which of course doesn't work). Why would a company try to harden against problems, even if caused my a mistake, if there is never any pressure to think there would be a need?
Would a civilization wonder if there is anyone else out in space if they can see no stars? Problem is without external pressure, people get sloppy. Of course people are sloppy to begin with. Imagine the extent of the credit card problems we have seen in the past months if there was no security at all? Its a poor argument really.
Re:straight from Hazlitt (Score:5, Insightful)
The grandparent and parent both touch on something important. The vandal/repairman example comes straight from Hazlitt and is indeed an old fallacy. People see the new improved and rock-resistent glass and they say 'now that's progress'. What they don't see is the resources the shopkeeper had wanted to purchase with the money that had to go to the new window. The shopkeeper could have spent that money to become more efficient or expand. Or as in Hazlitt's example, bought a new suit. Then the tailor would have had more resources to put into play.
The window repairman, much like the parent poster, probably thinks rock-resistant windows and proxy firewalls are an excellent investment. When we look at the long list of technologies that changed the 20th century, many/most were developed at least in part to help wage and defend warfare. One might deduce that warfare is a creator of value. Yet war is always a destroyer of value. It is the allocation of resources that could be more suitably employed.
"Hackers" vs Crackers (Score:2, Insightful)
Let's set the record straight: "Hackers" refer to those of us who do wonderful things with the hardware and software. "Crackers" are those who seek unwarranted entry into other people's systems, usually for malicious intent.
I am a born bonafide *hacker*, and have been so for the past 27 years. I, on the other hand, am NOT a *cracker*, and I would like to see them on the business-end of a (insert your favorite weapon here). Recovering from the damage crackers have caused me and others is no fun, eats valuable time, and forces me to focus on things that are not productive, but necessary to keep them out.
This strikes me as whining... (Score:3, Insightful)
Due Diligence and Criminal Behavior (Score:2, Insightful)
The criminal, on the other hand, is still a criminal in this scenario because he violated the owner's house/car/computer, and no plea of "trying to protect by demonstration of vulnerability" is possible. In other words, breaking and entering is never a "favor" rendered.
When you buy a product, you expect the same due diligence in quality, truth in advertising, and utility of the product. If the producer deliberately produces an inferior product, lies about it, or if it does not live up to its utility, that producer may be subject to at the least, ridicule, and at the most, financial or criminal liability. On the other hand, someone who deliberately breaks a product has a reduced, and probably no, claim against that producer.
A hacker who draws attention to a weakness in a product may actually be a hero; however, one who deliberately breaks things or breaks into places without permission is nothing more than a criminal.
Re:Article is not particularly insightful, really (Score:3, Insightful)
It depends on where you live. In some cities/countries/parts of the world, you are expected to have three deadbolts on the door, or some other security features. Otherwise you end up paying very high insurance fees.
There is one thing that you forgot to mention in your analogy: collateral damage. If a thief breaks into your house and steals stuff, then you may have lost something but your neighbors should still be relatively safe. But with the Internet, if some cracker breaks into your PC and adds it to his botnet, your PC will soon be inflicting significant damage on your neighbors. Although the cracker is the one to blame for starting it, the lack of security on your PC will have contributed to the collateral damage.
Let's take another analogy and replace thieves with fire: let's imagine that because it is cheaper or easier, you decide to build your house using highly flamable materials. You live in a densely populated area and several of your neighbors decide to build their houses from highgly flamable materials for the same reasons (or some company starts selling prefab houses made of flamable materials and even gets a near-monopoly on that). Now comes a pyromaniac who sets your house on fire. Bad luck, in a few hours the whole city is destroyed or damaged. Now do you really think that the only one who will be blamed is the one who started the fire? I expect that some people will also complain about the damage caused indirectly by their neighbors.
You could think about other analogies in the same vein, for example if houses could be built easily without solid foundations and if they could start falling down on each other like dominoes. I expect that some people would not be happy to have their neighbor's house falling on their own house, regardless of who pushed the first domino.
Re:Hackers = Canaries in the Coal Mine (Score:3, Insightful)
Your forgetting that a really significant contributor to the downfall of the Soviet Union was their "Vietnam", the war in Afghanistan. The U.S. did supply the bullets and in particular the Stinger missiles that were used by proxies to kill their draftee soldiers and created a couple generations worth of veterans who were completely scarred in their youth and worked to bring down the government that did it to them, you know tramautized them for life and turned many in to indiscriminate killers. There is, I think, a similar generation being bred in Chechnya today. Its certainly possible a similar American generation is being bred in Iraq though it not as extreme a quagmire as Afghanistan was for Russia.
If you feed large numbers of young people in to a meat grinder for no particularly good reason you run the risk they will eventually be motivated to topple the people that ruined their lives while they played power politics in Washington and Moscow and were indifferent to all the people they were killing.
Oh and most American's forget one of those proxies we armed, supported and help train was Osama Bin Laden and what would eventually become Al Qaeda.
More on topic I really doubt state sponsored crackers are really much of today's problem. I'm pretty sure its more a delightful mix of organized crime, script kiddies, virus writers doing it so show off their skillz, and a whole bunch of people desperate to make money, especially in places where their economies are a smoldering hole in the ground like parts of Russia, Eastern Europe and Africa. If you can steal someones credit card or bank account information and make thousands of dollars in an instant, with little chance of being caught, versus working all day everyday for cents per hour, assuming you can even find a job, and barely survive which choice would you make?
As long as you have people with lots of money and who throw around ridiculously insecure keys to get at that money on the Internet you are going to have people lining up to try to steal it. That is the root of the problem, and a prime motivator, that is not going away anytime soon.
As far as identity theft goes the most basic problem is we are still using simple sequences of numbers and letters, to access credit cards and bank accounts, and that info is sitting ALL OVER THE PLACE in the clear. You want to stop the criminals trying to get rich through hacking, you need to move bank accounts and credit cards public key ento some kind of public key encryption so only the person who knows the key can authorize transactions, 3rd parties never store the key, and great pains are taken to protect the key when its entered.
Re:Good God... (Score:4, Insightful)
He's not deflecting blame, he's pointing out that blaming your neighbor or your vendor is fine, but the lion's share of the blame for intrusions belong's square in the lap of the intruder.
To quote TFA:However, I'd like to point out that I disagree with something fairly fundamental in what he's saying. The people who are "annoying us" make us build better security, and I'm much rather have a numbskull try to poke at my security for bragging rights than have nothing for years and then a series of well-organized, well-hidden attacks that gain long-term access to sensitve data. I don't enjoy having to secure networks against boneheads, but I don't blame them for having to build good security, that should have been done from the day the first machine sent out a set of voltage modulations that could loosely be called "IP".
Re:Someone should patent blame deflection (Score:2, Insightful)
The significant difference between construction and software is that laypeople have some level of understanding of the physical world.
If your builder leaves a hole in the wall, you can see it and get him to do the job properly, or take him to court. There's no thief as yet, so the blame can only land on the builder.
If your software vendor leaves a big hole in your software, most people have no idea it's there until they get screwed through it, at which point there's a criminal for the software company to blame.
It's simple profit over customer safety. They do what they think they can get away with without damaging their reputation too much.
Re:its the hackers alright! (Score:3, Insightful)
Why is the blame always pushed in one direction OR the other and not both?
Re:its the hackers alright! (Score:4, Insightful)
We need to get it through people's heads that everything that's running is a security risk, and if the benefits don't outweigh the risks don't use it, or install it and block it's ports.
Comment removed (Score:3, Insightful)
Re:Hackers = Canaries in the Coal Mine (Score:3, Insightful)
OTOH, if you go back that century, you find the same motivations present in Washington, and around the country. You find Hearst using yellow journalism to create a war. You find Teddy Roseveldt with his "big stick" policy. Etc. The outward facing foreign policy is nearly the same, but it's much larger. (OTOH, the internal policy has become much more totalitarian, and much less libertarian. This is probably because of the disappearance of the frontier. Now if somebody doesn't like it where they are, there's no place for them to take off for. Now if somebody doesn't like their current government policy, there's no place to escape from it.)
Laws aren't any real protection from the corruption which is centralized politics. That the current president is worse than most is only a matter of degree. Pick the one you think most highly of, and if you look closely you will see that he acted to unrighteously steal power from the individual, and give it to the centralized bureaucracy. (OTOH, if you approve of this, then congratulations, and welcome to your Brave New World.)
Re:Someone should patent blame deflection (Score:5, Insightful)
I appreciate my dog who barks when strangers approach the house - hey, it might be a problem, and early warning is useful.
Similarly, I appreciate hackers who find security holes and report them to the companies responsible.
I do NOT appreciate dogs who bite my arm and give me rabies just because I wasn't wearing a kevlar protection suit.
I do NOT appreciate hackers who install spyware on my machine just because I was a day late in applying the latest security patch.
Just because's a guy isn't wearing a cup, doesn't mean you should walk up and kick him in the groin.
Re:its the hackers alright! (Score:1, Insightful)
If you walk onto my property, shimmy up the drainpipe, sneak onto my balcony, pick the locks, and track mud into my house, then leave a note saying: "I just broke into your insecure house! Aren't I amazing? Next time, put a better lock on the third story balcony window!", I'm still going to call the police and have you arrested for tresspassing. They'll probably charge you with breaking and entering, too.
I don't care if you call yourself a "white hat" catburgler (sneaking into other people's houses to educate them) or a "black hat" catburgler(sneaking into people's houses to steal from them). You're still a criminal, and you're still going to jail.
If you damage anything while you're in there, I'm going to sue theft and or vandalism as well. So yes, the law punishes "black hat" catburgler more harshly; but only because he's more guilty. That doesn't exonerate the so-called "white hat" catburgler from tresspass charges.
Hacking is no more justifyable than housebreaking. If you can't learn to leave other people's property alone, you belong in jail.
Just because it takes "brains and work" to figure out how to sneak into my house does not making your brilliant crime any less of a crime; and the same thing applies if you break into my computer.
--
AC
Re:Someone should patent blame deflection (Score:3, Insightful)
Most software makers? This is modded interesting? Interesting! Why not mod it insightful while you are at it? Holy crap.
That is a terrible generalization with absolutely no basis in fact, and no evidence behind such a bold statement. If you really studied this, I seriously doubt you'd find that 51%+ of software makers make no effort to develop secure software. But like you, I have no proof. At least I'm up front about it.
Few houses are impenetrable. You can build a nice lock, and I can come through your window. You can put bars on your windows, and I can break down your door. You can get steel doors, and I can use a chainsaw on your wall. You can build build steel walls, and I can bring a blowtorch.
No security is 100%. Kevin Mitnick often talks about the biggest source of security holes being the social holes. He would call someone at a company, lie about his identity, and often be given a password over the phone. There will always be ways in. At some point, society has to say "We aren't going to allow this crap." At some point, the blame must be on the people perpetrating the crime, the punishment must be sufficiently harsh to deter the occurence, and the likelihood of being caught must be high.
Re:If I may state the bleeding obvious (Score:3, Insightful)
It is thieves and vandals causing all those problems.
Hackers invented the micro/home/personal computer. Hackers invented the diverse protocols that allowed these machines to talk to one another. Hackers invented the operating systems. Hackers invented the Internet. A hacker invented the World Wide Web.
Thieves and vandals merely took advantage of what hackers have invented and shared with the world. Took advantage and turned these tools to an evil purpose. Not hackers, THIEVES & VANDALS!
The language changed some time around the early to mid eighties, when Hackers became synonymous with Crackers.
If you can't handle a 20 year old change to the English language, you shouldn't be allowed near computers. Unless you're only planning on programming in Cobol.
Get over it.
Re:Hackers = Canaries in the Coal Mine (Score:3, Insightful)
When Russia invaded Afghanistan they united the muslim world to throw them out. In a mutual case of the enemy of my enemy is my friend the CIA and Bin Laden formed a partnership of convenience. Bin Laden and company were given big bags of money and arms by the CIA, the stuff they needed to beat the Russian's in Afghanistan, especially the stinger missiles which were used to turn the tide again Soviet helicopter gunships. The CIA got to mortally wounded the Soviet Union using a proxy so no Americans died. Proxy wars were fought throughout the cold war and the U.S. and U.S.S.R destroyed country after country, and killed millions of people, in the process. It wasn't really a cold war, the U.S. and U.S.S.R just never shot directly at each other they mostly killed each others partners in the third world.
Bin Laden didn't really turn on the U.S. until the U.S. put a large army of infidels(Christian and Jew) and liberated women in the heart of the Muslim holy land, Saudi Arabia during the first gulf war and more than a decade following. Putting thousands of culturaly insensitve American teenagers in Saudi Arabi, a VERY conservative culture and home of Islam's holiest sites, for years, was a pretty good way to turn Islamic fundementalist wrathe on the U.S. just as it did when Russia invaded Afghanistan only more so because Saudi Arabia is the home of the holiest places to Muslims. Hindsight being 20/20 the U.S. should have toppled Saddam in the first gulf war and gotten the hell out of Saudia Arabia soon thereafter. Unfortunately the Bush dynasty made a fatal mistake then, just as little George did when he tried to put it right in Iraq only 10 years to late.
Bush administration rhetoric about them hating our freedom doesn't really hit the mark, they hate our culture and religion, they hate the U.S. trying to force its culture on them much of which runs counter to their religion, they hate at least a century of western powers stealing their resources(oil) and treating them as flunky colonies, and they really hate infidel nations occupying Muslim nations. If you have a long view the anitpathy goes back at least as far as the crusades, and American actions in the middle east today do in a lot of ways resemble a modern crusade, though a proxy, the state of Isreal is being used to occupy Jerusalem, the histroical objective of the crusaders.
I can see the flaws in both cultures. Fundementalist islam is oppressive but you can see some sense in their harsh prohibitions on alcohol and drugs, they are really destructive of people and cultures when abused. Islam does really derprive women of a lot of rights but then to they don't debase women as much as Western culture can, for example through pornography. Women have been "liberated" in the West for a very brief period and the current trend by the west to compell the same liberation on ancient and conservative cultures overnight, at the point of a gun, predictably incites a violent backlesh among conservative Muslim men.
Most Importantly... (Score:2, Insightful)
To the hackers:
Though you annoy me... my lifestyle thanks you.
Re:its the hackers alright! (Score:2, Insightful)