Inventor of Proxy Firewall Blames Hackers 742
An anonymous reader writes "SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better:
Truly, the only people who deserve a complete helping of blame are the
hackers. Let's not forget that they're the ones doing this to us. They're the
ones who are annoying an entire planet. They're the ones who are costing us
billions of dollars a year to secure our systems against them. They're the
ones who place their desire for fun ahead of everyone on earth's desire for
peace and the right to privacy."
Here we go (Score:1, Interesting)
I agree... (Score:3, Interesting)
Yes hackers are a pain in the arse, so are spam merchants. Thats life, live with it.
In other news the inventor of the Yale lock blames thieves for the invention of the lock, which irritates us daily.
Re:its the hackers alright! (Score:3, Interesting)
Suddenly we're all little piggiesliving in the big bad wolf's neighborhood and we're living in software houses built of twigs.
Re:Someone should patent blame deflection (Score:2, Interesting)
A logged in user may occasionally troll (who knows what kind of warped mind finds this "fun"?), but someone who logs in to drop bombs in a discussion with the express aim of causing confusion and conflagration is a "discussion terrorist".
Such terrorism can only be combatted, but never squelched.
Re:Someone should patent blame deflection (Score:5, Interesting)
At least a door is an effort at security. Most software makers make no effort. I can prove this by the large list of programs that require me to make hours of phone calls to find all the stupid places they put stuff so my users do not have to run in admin mode in windows.
And the ones that ensure we can feel safer... (Score:2, Interesting)
If they didn't exist, I would really have felt much more unsafe from espionage and the prying eyes of national and international bodies.
From my stance, confidential information must be very well protected, and if you put available on the internet, you better have secured it or face the consequences.
By knowing that crackers exist, you might hessitate to put important and confidential information online, imagine how it would be if everybody only talked about cracking as teoretically possible!!! Spies would never tell what they do, they would be everywhere! Knowing your accounting, your secret papers, everything, for nobody would care to improve the security of their products from something that was only teoretical... All the good guys would have no privacy whereas only the black hats would be able to move around as they liked.
Face it - the world have all kinds of people - angles, devils, and all sort of people in between. To be hit by someone who expose you is many times better than to be hit by those who simply abuse the information without any words.
Say hello to evolution (Score:3, Interesting)
A patron is looking for a good deal, and will expend effort to maximize their deal, so sloopy wording on a sign on your store-front are invites to a natural onslaught of fiscal frustration. By natural, I mean there is no evil intent in people trying to keep you for your word in maintaining a good bargain (that you didn't intend).
If there is money on the street, it is conceivable that:
a) the original owner will never find it again
b) someone else will take the money
So you justify taking the money yourself.
If you are hungry, you might be inclined to take two samples at a free food-sample kiosk. It's unfair as it goes beyond the intent of "sampling" and takes away from other's (since there is usually a set amount of sample provided for the day).
In reality, those that are sheltered from such harsh survival of the fittest environments will EVENTUALLY meet with that environment.. It is impossible (short of death) to avoid it. Thus the question is not IF we will meet our challenges, but when, and how quickly will the difficulty level rise.
For those with assets we fear to loose (time,money,posessions,intellectual property, etc), it is natural for them to be saught by others. Having a public wiki is valueable advertising real-estate (or a personal repository for globally accessible content). So grafiti, being merely a primitive form of marketing, is bound to happen. Bank accounts are an obvious point of content.. If you happened to come across money on the street, you are more than likely to take it. If your ATM machine started allowing you to withdraw cash w/o deducting from your bank account, there is a better than likely chance that you'll take advantage (anonymous theft when it is considered to not overwhelmingly harm someone else - proportionate loss/gain - is often self justified). There isn't much difference from taking from that ATM machine and taking from an online bank account that you've happened by. Yes there is a greater issue of proportionality (you might be stealing from someone poorer than you), but you might think to yourself (I'm teaching them a lesson).. What-ever the cause, an otherwise moral man may find themselves tempted.. To say nothing of the mafia.
And ultimately organized crime is the tyrannasauras of our internet age. The mafia being only one form of it (unfriendly governments being an even more serious threat). The age of mafia and internet "WAR" (literally between nation-states) is only a matter of time.
So if our "evolution" through natural selection and adverse environment does not "toughen" us enough to sustain such natural phenomena, then we will die (or at least the medium will die).
So lets look again at these "evil" hackers. Many of the hackers were self-professed white-hackers, or anonymous exposers. If you are inclined to see if a WEB-INF directory or IIS-specific file-set are visible on a public site, you can either email their sys-admin who might sue you for hacking, or simply ignore you (like MS tries to do with serious security alerts so long as the general public is oblivious), or you can make it a priority for them... Deface their web site, delete lots of their database records.. Make it too expensive for them NOT to resolve the issue.
These are altruistic people. Slightly less altruistic are those that advertise themselves 3l33t hacker-names advertised here and there. As they have the fun and recognition-factor of it all (especially if they get CNN coverage).
Embrace th
Re:Someone should patent blame deflection (Score:2, Interesting)
Blaming "the hackers" for finding and exploiting insecurities in your software is like blaming barking dogs for your insomnia. The dog is just being a dog. Hackers or dogs may or may not be providing you with a service, by alerting you to real trouble coming your way.
Hacker Justification (Score:4, Interesting)
Besides. Hackers have been doing serious damage from day one. Besides just breaking into networks for "curiosity sake" they've been planting worms, trojans, trolling entire credit card data bases, commiting DDoS attacts, etc etc. No, not all of them, but enough to make the OPs point a ridiculous one to even attempt to justify.
Re:Someone should patent blame deflection (Score:3, Interesting)
All corporations exist to make money for shareholders.
Secondly, Banks exist to link people with money to people who wish to borrow money. You put your money in the bank. The bank pays you interest (pretty low interest today, but still). Then the bank lends it out at a higher rate of interest. The difference is the bank's profits. Its role is to act as an intermediary. Lending money yourself is risky. You put your money in the bank and the bank assumes all costs, and all risk. Your money is guaranteed by the bank, and (in Canada) it's insured by CDIC for up to $75k
I think the OP meant that no one gets YOUR money without your permission. You are always entitled to the money in your demand deposit account.
Let's face it though, where will you withdraw it to? If you make a $1 million cash withdrawal, the bank will look at you funny, and there isn't much reason for it. Try depositing it again and see the flack you'll get. You have to prove the origin. Not cool...
Nay, most of the times you transfer the money to another bank - if you pay by check, it's still just a transfer to another bank. It's just an accounting entry, nothing more. The cash never movies, and the money probably doesn't really either.
Re:its the hackers alright! (Score:1, Interesting)
UberMUD & UnterMUD (Score:3, Interesting)
Thought I'd mention a bit of history (long since forgotten) that Marcus Ranum was also the author of the UberMUD and UnterMUD, mud engines. Two very nice mud cores, written in K&R C that ran on Ultrix. Both had their own strengths and weaknesses. UberMUD was my favourite, as it had its own scripting language called "U". UnterMUD didn't so it was harder to develop on, but its filestore backend was much smarter than Uber's. A union of the two would have been the perfect MUD engine IMO.
Re:Article is not particularly insightful, really (Score:3, Interesting)
To follow along with this analogy. But with my house when I install a new deadbolt I'm done. With a PC users need to install a new "lock" every month.
I just find the amount of crap users are expected to do just to keep their machine usable is amazing. Everyone is expected to be an expert and they're not. In the real world Brinks will outfit your house with a security system, install it, manage it , the whole nine yards. With PCs the user has to do all the maintenance, all the management.
It suprises me that there aren't more ISPs offering a fully blocked and monitored service to customers (wait I should patent that idea
Re:its the hackers alright! (Score:2, Interesting)
You've got it 100% right. My family is all about outdoor activities: camping, hiking, fishing, and hunting. Every summer, my entire family would take a week-long camping trip, and my dad would bring a few guns and go hunting at least twice. They were always locked up, never loaded, and stored separately from the ammunition.
We'd sit around the campfire at night and my dad would clean his guns from that day's use. As a child is naturally curious, I wanted to know what that thing dad had was. He didn't pull it away and say, "No! Bad!" He showed me what it was, described how it worked, and let me hold it (obviously unloaded and extremely supervised).
For as long as I can remember, gun safety has been ground into me, so I have no problem with anyone owning a gun, as long as they're responsible with it (locked up, unloaded, and stored separately from the ammunition). It's the ass-hat that leaves a loaded pistol in his unlocked nightstand drawer that everyone needs to worry about.
Guns don't decide how they're used. Guns don't choose to be stored in a drawer where a child can get to them. Dumbass people do. "Guns! Bad!" is the cry of the ignorant.
Moral of the story: Guns don't kill people, idiots and assholes do.
Re:its the hackers alright! (Score:1, Interesting)
Re:Blame vs responsibility (Score:3, Interesting)
The fact is that people have been kidding themselves that they have some level of security for a long time, and if there was no security at all, then the base problem would have likely had a lot more attention paid to it, especially the transitive trust part that Marcus talks about. But because people think "We have a firewall, so we're safe!" the real base problem doesn't get addressed.
Paul
Re:its the hackers alright! (Score:3, Interesting)
Have sex with a woman in a parked car on some random street. Anyone can stop and watch and they are doing nothing wrong.
Re:"Desire for fun"? Oh please.. (Score:5, Interesting)
sPh
Re:straight from Hazlitt (Score:3, Interesting)
Until that changes, war is indeed a creator of value, because it's unlikely that many of those advances would have been made otherwise. All we know of space exploration is founded on advances that were originally made to kill people. Nuclear power came after nuclear weapons.
It's nice to imagine a world where there is o conflict and there is no competition. That world is probably also without technology, however.
Re:its the hackers alright! (Score:2, Interesting)
If I may state the bleeding obvious (Score:1, Interesting)
It is thieves and vandals causing all those problems.
Hackers invented the micro/home/personal computer. Hackers invented the diverse protocols that allowed these machines to talk to one another. Hackers invented the operating systems. Hackers invented the Internet. A hacker invented the World Wide Web.
Thieves and vandals merely took advantage of what hackers have invented and shared with the world. Took advantage and turned these tools to an evil purpose. Not hackers, THIEVES & VANDALS!
So fuck you, Ranum! Fuck you with Bill Gates dick! Fuck you with Monkeyboy Ballmer's dick! Fuck you with the collective dicks of SCO!
Just fuck you in general for your stupid, blinkered, stereotypical "oh, it's those damned hackers causing all my problems!" bullshit.
Strongly worded comment to follow!
Please lose the Switzerland Canard (Score:1, Interesting)
1) Guns are highly controlled in Switzerland,
the gov't can and does do random intrusive searches, checking for agreement to the gun laws.
2)There are mandatory yearly inspections with Stiff penalties.
When was the last time the police showed up at your door and conducted a search to check that you had a supply of emergency food & water, and had your guns properly locked and your ammunition properly checked and that you had passed your mandatory gun proficiency tests?
When this is the situation in the States then you can argue that guns have nothing to do with this stat. Switzerland has Gun control. If anything the situation in Switzerland is is an argument for Gun controls.
Guns don't kill people, it's idiots with guns that kill people.