Forgot your password?
typodupeerror
Security

NBC News Confuses the World About Cyber-Security 144

Posted by samzenpus
from the think-of-the-athletes dept.
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
This discussion has been archived. No new comments can be posted.

NBC News Confuses the World About Cyber-Security

Comments Filter:
  • by SuperKendall (25149) on Friday February 07, 2014 @01:54AM (#46183267)

    This NBC thing is why I treat blogs and traditional media with equal amounts of respect and skepticism. The "real" media is actually far more prone to making things up wholesale than any blogger, who lives and dies by reputation, ever did.

  • Not Watching (Score:2, Informative)

    by Anonymous Coward

    FYI, the world doesn't watch NBC.

  • by Anonymous Coward

    They have publicly stated they plan on monitoring every internet connection originating from Sochi. Cellular or wired. Big surprise.

  • by j_presper_eckert (617907) on Friday February 07, 2014 @02:16AM (#46183359)
    No one here gives a shit about that lame "o noes hax0rz in mah cup of coffee" NBC article.

    The real news is that, after having read tonight's even *more* lame, unhelpful, patronizing and disappointing Slashdot Beta feedback thread, it's now clearer than ever that this ship of ours is sinking. At long last, I think that Netcraft really HAS confirmed it. :/

    Soulskill and the other Dice weasels may indeed be "listening" to us, but they've still got a righteous hard-on for destroying this website regardless of how many times we've rubbed their noses in the beta's odiferous offal. I don't believe their calculated, faux-caring, used-car-salesmen spiel for one moment.

    The question now is: Exactly when do we take to the lifeboats, and to what safe harbor do we start rowing towards?

    ~JPE
    • by Tom (822)

      after having read tonight's even *more* lame, unhelpful, patronizing and disappointing Slashdot Beta feedback thread

      Strange, that must've fallen through my filters somehow. Where is it?

    • Bonehead reporter couldn't even open the Macbook Air box! It shows him *tearing* one end open like it's a mailer. I would venture to say that every Apple product made in this century has pretty elegant "Frustration Free" (TM-Amazon) packaging. What an idiot.
    • It hate to be negative, what was wrong with the old /. ? The main priority of any website is that it works, the old one did. The new one looks sadly to be a buddy job, ya know, a job you give your buddy a job to keep them employed, and not really care what the consequences are. Ya know don't have to fix the old one, just go back to it and ditch the beta.
  • I wonder what experts in other areas are complaining about.

    It can't be just this one area they get wrong.

  • Sochi (Score:4, Insightful)

    by Anonymous Coward on Friday February 07, 2014 @02:30AM (#46183405)

    It's not hard to believe there might be a lot of attacks on wireless devices in Sochi. The place is pretty fucked up. Whether these reporters and their consultants know their ass from a wifi antenna or not.

    From a story I've linked below:

    Dmitry Kozak, a Russian deputy prime minister in charge of preparations for the Olympics, complained about water being wasted by hotel guests when said; "We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day,"

    It didn't occur to Kozak that someone might have a problem [theverge.com] with being surveilled in the shower until after he blurted this interesting bit of knowledge.

    You just have to wonder what sort of pay-offs went into this Sochi Olympics deal. Russia is a deeply fucked up place to begin with and Sochi is a special level of fucked up within that.

    • by swb (14022)

      Didn't the State Department issue some kind of data security warning, too?

      Given the shadowy nexus of Russian organized crime and the intelligence services coupled with the security applied against the "terrorist" threat and the the opportunity to eavesdrop on a large amount of visiting dignitaries, it doesn't seem at all surprising that there would be a high threat environment.

      I would think that you would expect your data connections to be sniffed at a minimum and probably attempts to intercept SSL which wo

    • by PRMan (959735)
      Why do you think they won't give out shower curtains? Because they block the camera of course.
    • by ckedge (192996)

      Are you sure he said "video"?

      Running a shower against a wall is something I might do to defeat laser reflector and conduction audio taps.

      They might just have an audio tape with nothing but the thunder of water on it, and be really pissed :)

  • by Anonymous Coward

    Also very confusing is the existence of Slashbeta. It reflects badly on humans as a species for bringing such garbage into this world.

    I'm confident when the sun dies and explodes into super nova whatever the fuck - Humans will look back on their entire history and regret most the creation of Slashbeta.

  • Comp.misc on Usenet is the new Slashdot. It is a totally abandoned group, and I have already inaugurated it. Nobody even uses it, so we won't be offending anybody.

    Come one come all, join the Slashdot exodus on usenet! Eternal September is a free Usenet provider, and you can read news with Seamonkey, MS Outlook, Opera, Unison (pay product), or the classic Unix programs such as tin, rn, slrn and so forth.

    Usenet is free, distributed, uncensored, and allows you to shit-can offensive posters. While it doesn'

  • by Anonymous Coward

    Day 1: It wouldn't stop, the redirecting. At first I thought it was malware. Had my first drink in a long time.

    Day 2: Barely had the strength to carry on as the BETA REDIRECTIONS continue.. trying not to talk to hallucinations at the bar and in the bathroom which laugh at me about these redirections.

    Day 3: Discovered the BETA redirections were random, and while at first they looked somewhat usable, when I looked at me and my monitor screen in the mirror, a horrible woman with flesh hanging off of her body l

  • by tero (39203) on Friday February 07, 2014 @03:42AM (#46183635)

    ..they were in Moscow..

  • Funny.. (Score:4, Interesting)

    by Adult film producer (866485) <van@i2pmail.org> on Friday February 07, 2014 @03:43AM (#46183637)
    How all of the comments about Beta are being moderated to ZERO or worse since that recent story.

    Stay strong people... uprate slashbeta comments despite this blatant attack on the userbase.
    • Re:Funny.. (Score:4, Insightful)

      by Thanosius (3519547) on Friday February 07, 2014 @05:10AM (#46183953)

      Shit, you're right. There's no way the entire Slashdot community has immediately decided to down-mod fuck beta posts so quickly after the official discussion topic.

      It's amazing DICE and associated fuckers honestly think we wouldn't notice this. They REALLY think we're dumb fucks.

      • Well, I'm not on either side of this F@ck Beta debate -- because I haven't even investigated it yet.

        But it seems to me that -- just by random chance, that if there are more posts saying "F#ck Beta!" and they are all getting modded down, and yet, there are a few "gosh, you guys are immature" pro Beta comments, and they reach 5 -- all ten of them. Well it seems to me that other than saying something is a conspiracy theory because we all know there are NEVER ANY conspiracies, that it seems like the Pro Beta cr

        • Oh, and I haven't actually counted the pro beta vs. anti beta comments. I just brought a can of gas to this candle vigil.

    • "Stay strong people..."

      Can I be in your next movie? I want to be as FUCKed as BETA. /.

      Since I cannot add this much to my signature, and the fact that signature isn't visible unless you are a logged-in user, this will have to do...

      US5722418
      +
      US5644363
      +
      GoogleGlass
      +
      Acceptance
      =
      ????

      If history is any sort of an indicator, any rights we sell today, our children must buy back with blood tomorrow.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The off-topic posts about beta annoyed me before there was a story about them, but I understood their reason. While there's a story on the front page where they're on-topic, I'd like to be able to find the on-topic comments on other stories.

    • How all of the comments about Beta are being moderated to ZERO or worse since that recent story.

      Stay strong people... uprate slashbeta comments despite this blatant attack on the userbase.

      How you managed to pull off +4 Interesting for that, I can't imagine.

  • What I really want in the new design, is easier access to SlashDataCenter and SlashCareers.... oooooh and SlashBI. I really can't get enough 'Business Intelligence' news formatted as a two paragraph article with a large stock image and zero comments!

    • by thegarbz (1787294)

      Who gets their business intelligence from a site that has managed to set off a new record in pissing off the largest number of people in one go?

      Seriously though this has got to be a world record. They say they inflicted 25% of users to this? Well this is a website which cripples servers all over the internet just by linking to them. 25% of that bandwidth is a metric fukton of pissed off users.

  • by jones_supa (887896) on Friday February 07, 2014 @04:08AM (#46183707)
    I don't like the beta either but I didn't expect this kind of chaos to ensue. No proper discussion can be had in any article as they are filled only with beta comments. Interesting situation indeed. I'm grabbing the popcorn.
    • by thegarbz (1787294)

      Did you expect a proper discussion could be had about an article which describes a dumb clueless internet user thinking the entire world is trying to hack him because he doesn't understand how it works?

      • by PGC (880972)
        Not a proper one, but the discussions at Slashdot are usually informative and/or entertaining to read. But back to more important matters: Fuck Beta.
  • Same everywhere (Score:5, Insightful)

    by Tom (822) on Friday February 07, 2014 @04:11AM (#46183719) Homepage Journal

    It's the same everywhere you look. The current state of IT security is horrible, utter and total crap, and the main reason is that most of the people who work in the sector have no clue, starting from journalists like those and consultants and... well... almost everyone else.

    The reason is that much like cryptography, real security is hard. It's not something you pick up in a week course when your boss decides someone in the team needs to specialize on security. There are a great number of actual experts and over the years I've had the pleasure of meeting or working with many of them, but it's a small world and the total number of experts available world-wide is far smaller than the demand for manpower in the security "industry".

    Plus it's a bikeshed problem [wikipedia.org]. Lots of people know a little bit about security, so focus is given to the parts that people believe they understand, instead of the real problems. When I do consulting (I don't very much, I dislike it, but I occasional take jobs because I enjoy the problem, or the company) my metaphor for that is that in IT security, it is very easy to find someone who will sell and install you a 3-inch solid steel door with military level security locks for your front door, but very difficult to find someone who will walk around the house with you and point out the easily broken windows and the open basement door.

    Here's a free business hint: When you hire a security consultant, ask them for a quick suggestion for a password policy. If you get the two decades old "at least x letters, at least 1 special character, at least 1 number", don't hire them. That bullshit was adequate on Multics systems in the 70s. Today, it will weaken your password security if you programmatically enforce it. (and yes, I have the data to back that up, but that's a short presentation and not a comment field).

    So yes, these journalists are spreading bullshit. They are like the power users in a company - the nightmare of IT support. They probably know a little about security, just enough to get it wrong.

    • I disagree with you on the "most people who work in the sector have no clue" statement. People have long known about IT security issues. It's not like things like "sub7", "winnuke", "nimda", "code red", etc. weren't issues.

      We've long known about NTLMv1 issues and it was strongly recommended as a hardening practice as early as 2001/2002 when Microsoft implemented it.

      The issue has never been "nobody having a clue", but more like, "Management not giving a shit". Yes, the state of information security is atroci
      • by aaarrrgggh (9205)

        A very low percentage of IT people understand security issues to a sufficient degree to be able to act on them in the abstract. Talking to the director of IT at a very large defense contractor a few years back about a new proposed SCADA network, I showed him the plan for our isolated network, and the proxy/firewall connection to his corporate network, and asked him how they wanted to treat it. He was prompt to ask who needed access, how much throughput would it need, and if we needed more than one IP addr

      • by Tom (822)

        I disagree with you on the "most people who work in the sector have no clue" statement. People have long known about IT security issues. It's not like things like "sub7", "winnuke", "nimda", "code red", etc. weren't issues.

        I should've been more clear:

        There are security experts, and there is the security industry. The two occasional meet to compare notes, most of which are beyond the understanding of the later.

        The security "industry" is exactly the snake-oil job you describe, for most parts. Business people with just enough understanding of security to fuck it up really well, and well-meaning techies who know just enough to complete the mess. They package security into nice products... sorry, "solutions" and sell it at incredi

    • More so that it takes effort, involves more complexity, and costs more. Management doesn't want to pay for it, doesn't want projects to take longer because of it, and doesn't want to be inconvenienced by it.

      That said, I have seen it swing the other way as well, heightened security being applied to everything regardless of risk due to silly policy. I had a project delayed by about a year to deploy an application because the security goons wanted to lock it down so much as to make it useless (making network c

      • by Tom (822)

        It goes all ways. I've seen many security problems caused by tech people with little security understanding who didn't want to be inconvenienced. The sub-net that the developers set up for themselves because the corporate network is too restricted is often the one that is easiest to break into.

        As I said: The most dangerous users are not the ones with no clue at all, but the "power users".

  • there's antivirus software for phones?! I've never seen anyone use such a thing or hear it advertised. Perhaps it's because I'm safe... I use a Blackberry Z10...
  • Welcome to our world (Score:5, Informative)

    by Lord Kano (13027) on Friday February 07, 2014 @04:54AM (#46183877) Homepage Journal

    You know that angry "What the fuck?" bubbling up in the back of your mind?

    That's how gun enthusiasts feel when news people start making nonsensical claims about guns.

    When some dumb ass says "military style" or "assault magazine clip" or someone ridiculous nonsense, we feel the way you do watching this story.

    LK

    • So like, when someone says "Bushmasters and AR 15 Assault weapons" and you grit your teeth because they are the same thing and that idiot commenting about guns are dangerous doesn't even know how much grain to pack in a good sniper bullet.

      Personally, I'm really bored by guns -- so I can imagine someone NOT knowing all these details when they complain about a mass shooting totally destroys any credibility for you but not for me.

      • by Lord Kano (13027)

        Almost.

        When someone uses "assault weapon", I roll my eyes and when someone uses "assault weapon" and "assault rifle" interchangeably, I grit my teeth.

        I want to pull my hair out when some idiot says something like "You don't need an AR-15 or AK-47 to hunt deer, they are high powered killing machines unlike grandpa's deer rifle." but is blissfully unaware they these are unarguably less powerful than a hunting rifle. When some dumb ass uses the term "magazine clip" or prefixes any legitimate term with "assault

  • by Anonymous Coward

    Fuck you DICE, fuck YOU VERY MUCH!

    And fuck Slashdot Beta!

  • by Anonymous Coward

    Fuck beta.

  • Hi, I was one of many supervisors at the London Olympics. All the Routers that were put in every single athletes room had backdoors they were specially designed for the Olympic village. After the games they were destroyed. All mobile phone messages was monitored from a temporary prefabricated building which monitored mobile telephones, and any form of wireless communication. The reason given for monitoring everybody was in case somebody from within the village used a computer, or so on to communicate with s
  • by Anonymous Coward

    It is now official. Netcraft has confirmed: slashdot beta is dying

    One more crippling bombshell hit the already beleaguered slashdot beta community when IDC confirmed that slashdot beta market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that slashdot beta has lost more market share, this news serves to reinforce what we've known all along. slashdot beta is collapsi

  • Reports like this tend to leave the non-technical user overwhelmed and befuddled. What does someone who is ovewhelmed and befuddled do? They freeze up and do nothing, think "deer in the headlights". In other words, these things often exacerbate the problem. But, then, exacerbating problems to boost ratings is nothing new for the media.
  • Confuses the world? A small world, even in the American sense of the world - which ends just a few hundred meters beyond its borders...
    • Of course there's meters outside the borders, that's how we charge Canada and Mexico. I'd venture to say there's maybe even a thousand of them to cover both borders

  • I was under the impression that antivirus for phones was pretty much useless. The reasoning behind it was that it requires admin/root privileges in order to detect viruses, and most phones only let you operate in an app/user sandbox. The only time antivirus would have these type of permissions is during the install. Have I missed some step forward in phone antivirus applications?
  • NBC's tech expert finally confesses in his blog [bit.ly] three days after the TV broadcast: "Compromises can occur in Russia just as quickly as in any other country ... All the attacks required some kind of user interaction." This contrasts to Tuesday's news broadcast: "Visitors to Russia can expect to be hacked ... it's not a matter of if but when." NBC fabricated the story to mislead their viewers.

Hacking's just another word for nothing left to kludge.

Working...