Author Says It's Time To Stop Glorifying Hackers 479
First time accepted submitter Geste writes "Diane McWhorter pleads in this NYT Op-Ed piece that it's time to stop glorifying hackers. Among other things she rails against providers' tendencies to 'blame the victim' with advice on improved password discipline. Interesting, but what lesson are we to learn from someone who emails lists of passwords to herself?"
Also time to stop (Score:5, Insightful)
glorifying actors, sports figures, politicians, generals, soldiers, writers, artists, architects, Canadians, cooks, race car drivers, the old, children, dogs, accountants, spies, computer programmers, cowboys, drug smugglers, and the disabled.
Re:Also time to stop (Score:5, Funny)
Goddammit, you stole the thunder out of so many potentially good posts, fast-acting AC.
Re:Also time to stop (Score:2)
mice
Re:Also time to stop (Score:3)
scientists never get respect.
Re:Also time to stop (Score:5, Funny)
Come on now, no one glorifies clowns.
Re:Also time to stop (Score:5, Funny)
That's because they think outside the box.
Re:Also time to stop (Score:2)
Re:Also time to stop (Score:2, Insightful)
Well there is a difference between glorifying people who somewhat try to do positive things with their life, and achieved something from it.
But Hackers, drug smugglers and much of the other black market activity really shouldn't be glorified. Because for every 1 person who does this for some noble deed there are a thousand stupid kids who do this because they think it is easy money.
Re: Also time to stop (Score:4, Insightful)
Re:Also time to stop (Score:5, Funny)
glorifying actors, sports figures, politicians, generals, soldiers, writers, artists, architects, Canadians, cooks, race car drivers, the old, children, dogs, accountants, spies, computer programmers, cowboys, drug smugglers, and the disabled.
So long as we still glorify the Hypnotoad, I'm cool with that.
Re:Also time to stop (Score:2)
Her father was an engineer
Won't you shed a tear
For my yellow rose
My yellow rose
Re:Also time to stop (Score:2)
Wouldn't Walter White count as a chemical engineer?
Re:Also time to stop (Score:2)
Wouldn't Walter White count as a chemical engineer?
No because making meth good enough for consumption/addiction is hardly a feat of chemical engineering; meth heads will consume actual shit, poison, air, rocks, etc if they thought there was the slightest chance of a buzz.
His exploits obviously color him as a social engineer (hacker alert!!!!!)!!!
Re:Also time to stop (Score:3)
As a fellow Canadian, I'd like to point out that you forgot to say sorry.
Sorry :(
Re:Also time to stop (Score:5, Interesting)
The thing is, there is the general public definition of hacker (ie a criminal), and then there is the definition of hacker by other people that is something along the lines of: somebody who likes to take things apart, exploring the system's limits; an expert on the field. The later definition includes people like the Elf Lord you mentioned, Abby (from the same show), most security consultants, criminals, etc.
Therefore, his comment is valid for a certain definition of hacker (and most hackers don't reach the news because they are security consultants, or work in IT in a company, or report the issues to the companies who don't go "YOU HACKED INTO MY SYSTEM NEED TO SUE"). And thus: the biggest problem IT people have when communicating with the rest is that neither side really talks the same language. How are we going to communicate effectively and solve issues if we don't really share the same language?
Re:Also time to stop (Score:3, Interesting)
> In most cases a hacker is nothing more than a thief and criminal, the article is correct, they should not be glorified.
Originally, grasshopper, hacker meant someone who was curious about a system and/or learning -- non-destructive probing, or one produces elegant code.
* The Original Hacker's Dictionary, http://www.hackersdictionary.c... [hackersdictionary.com]
Then the media hijacked the term and labeled all the white hats with the black hats.
Re:Also time to stop (Score:3)
The term "hacker" gets applied in the general public usage to:
1. Social Engineers, regardless of tech skills
2. ignorant script kiddies
3. malicious invaders ("crackers")
4. people who bang on systems with blunt objects ("hack jobs" in the pre-computer sense)
5. people who actually know what they are doing and do it for constructive purposes
It's mostly our own fault that we haven't managed to make the distinctions clearer. The first 3 on the list are basically criminals unless they're working for authorized purposes. The fourth may or may not be, but even when they are on the side of "good", sloppy is a menace in and of itself. The fifth is not only all too rare, but in my experience is sometimes actively discouraged, because it takes too long to do a truly competent job.
Criminals do get glorified, when they're "Robin Hood", Thoreau, or the Founding Fathers. Sometimes their crimes are attempts to remediate even worse crimes.
Re:Also time to stop (Score:3)
"Timothy McGee" (NCIS), that occasionally needs to hack something to save a life
The fact that a law enforcement agent breaks the law during the course of their duties should be cause for concern. We have the 4th amendment for a reason. You cannot make an action permissible for one person, while making it illegal for another. That sets up all kinds of trouble.
Besides, he is rarely saving lives with his actions. The hacking is usually done to catch the perpetrator after the fact as a deus ex machina to move the plot along.
Re:Also time to stop (Score:3, Informative)
You keep using that word (Score:5, Insightful)
Note to the press: "Hackers" doesn't mean what you think is means.
Re:You keep using that word (Score:5, Insightful)
Indeed.
There's a difference between somebody who takes a list of passwords and abuses it and somebody who finds security issues and reports them responsibly.
There's also a difference between somebody who it a victim and somebody who gmails list of passwords to herself.
Oblig. car analogy: The person stealing your car is a "criminal", the owner of that car is a "victim". The person bypassing the lock on his own car and then reporting the issue to the car manufacturer is a "hacker". The person keeping a keychain in her unattended car, with keys of all her properties, conveniently labelled what each key is for and where it can be found, is called an "Idiot".
One does not preclude the other.
Re:You keep using that word (Score:5, Insightful)
The difference between "idiot" and "at fault" is huge.
Users will be idiots. Does any IT admin deny this fact? If your system only protects users who aren't idiots, you're a sorry excuse for an admin.
Make your system robust against weak passwords. This is not rocket science. If it's something important, use two-factor auth. If not, make account recovery easy - put real thought and effort into it! And for goodness sake, make sure your DB of password hashes doesn't become public - that's all in your hands, and it's completely your fault if that happens, weak passwords or strong.
Re:You keep using that word (Score:5, Insightful)
Your system cannot protect the idiots from themselves. That is a trap you fell into somewhere. Most likely you simply agreed it would be nice if it was so. "Yeah, why can't we protect all our users?!"
This isn't brain science or rocket surgery. The idiots have to have a way to access the system. They will NOT remember strong passwords, they will write them in a stupid place or keep them in gmail with public information as the account recovery. And guess what, you can't control gmail. Put some real thought into it, your idiot users will hand their access away to the first thief, and you can't do much to protect them.
All you can do is protect your system and try to make anything important difficult enough to access that the idiots can't get in.
Re:You keep using that word (Score:3)
Sure you can protect the idiots. Like my post said, you can use 2-factor auth, or if it's not that important, you can make account recovery easy. Debit cards work fine with a 4-digit PIN, because both "it's 2-factor auth" and "fraud prevention and recovery is well thought out".
Re:You keep using that word (Score:3)
You can train people to sue strong but easy to remember passwords.
Re:You keep using that word (Score:2)
> The difference between "idiot" and "at fault" is huge.
It depends on the environment. In some environments, you will be punished for leaving your valuables unsecured. It is considered bad policy to tolerate idiots that invite thieves.
The meat space equivalent of what this idiot journalist does is illegal in some jurisdictions.
Re:You keep using that word (Score:5, Informative)
I currently have over a dozen passwords I have to keep memorized for accessing various systems (each with their own unique login IDs and passwords), many of which are changed every 3-6 weeks and do stringent checks on previously used passwords. That's just for work, and not including the dozen or so username/passwords I use online in my personal time. Seriously, it's time to rethink passwords because if you don't like that I write all this shit down in a spreadsheet that I print out and stuff in a binder, well, it beats the other guys post-its on their monitors.
I have a problem with that. (Score:3)
NOT ON THE COMPUTER!
For work passwords, WRITE them down (pen) on a piece of paper and keep that piece of paper in your wallet.
For home passwords, WRITE them down and then that piece of paper like any other important piece of paper for your home.
If you do it on the computer you do not know that the system has not saved it to a temp file or something that a cracker will find.
People who will physically break into your house and steal your computer are a different threat than people who will break into your computer via the Internet. Protections against one will not help against the other.
Re:You keep using that word (Score:3)
Why the fuck aren't you using a password manager like KeePass / KeePassX ???
Memorize one long master passphrase, copy/paste every other password.
Re:You keep using that word (Score:4, Insightful)
You could use a password manager like KeePass, LastPass, PasswordSafe, etc. Is there some reason you don't?
And even if there is, reconsider it. You can keep a password safe database(s) on a thumb drive handcuffed to your wrist if you want to be really paranoid. The databases are encrypted, but if they're physically tethered to you, you'll have to take them with you instead of possibly leaving them unguarded on your desk.
The idea of making different apps all have different passwords (as opposed to single signon or a password safe/PIN vault under a master password) may sound secure, but nobody's memory is that good, and the resulting post-its, unencrypted spreadshhets, Windows Notepad files or whatever means that in reality, you may be less secure, rather than more secure.
Comment removed (Score:3)
Re:You keep using that word (Score:2)
Hacker is not a term used for the good guys (Score:2)
The person bypassing the lock on his own car and then reporting the issue to the car manufacturer is a "hacker".
That is NOT how the term hacker is used by most of the population and I suspect you know that. "Hackers" are not considered good guys. Someone breaks into a computer (or car in your analogy) that is not their own? Hacker. A hacker *might* do what you describe but most are (or at least appear to be) engaged in considerably less honorable activities.
I giggle every time nerd gets in a huff and tries to self righteously insist the word hacker is for the good guys and cracker (which is also a racial pejorative for white people) is the term for bad guys. When I was in college I had a black roommate that used the term cracker in that context to me (I'm white) in front of another black roommate. You should have seen the look on the other guy's face.
That battle is long over (Score:3)
So you would stand idly by and allow misinformation by a group who clearly and chronically has absolutely no grasp of the field they are discussing ruin your language?
It's not my language. I didn't invent it. I don't own it. I also am not so arrogant as to think other people are stupid and do not grasp the meaning of the word. And even if I have an opinion about it my opinion doesn't mean much. The word hacker, for better or worse, now means someone who breaks into computer systems. Intent doesn't play into it although usually the term isn't used with positive connotations. You may not like this but that is the way it is. Get used to it. That battle was lost a LONG time ago.
Re:You keep using that word (Score:4, Informative)
"Hackers" are called Makers now. We lost that language war, but we have a new term now.
Re:You keep using that word (Score:3)
"Hackers" are called Makers now. We lost that language war, but we have a new term now.
Because "maker" isn't a completely generic term, that wouldn't get confused with ANYONE WHO MAKES THINGS. Sorry to yell. Some people are hard of hearing.
Re:You keep using that word (Score:3)
We need people to build things far more than we need people to break them. Building things is cool. Breaking them isn't.
Gandalf isn't always right. Sometimes, you *do* have to break things in order to know how to build them better.
Re:You keep using that word (Score:2)
Re:You keep using that word (Score:2)
Expecting a potential crime victim not to be a fucking idiot isn't the same as blaming them for the crime. Yeah, in an ideal world, I should be able walk through the worst neighborhood in town waving a wad of cash at 2 a.m. yelling "I'm unarmed and have a lot of cash!" and not get robbed. And if I was robbed, it wouldn't be any less a criminal act on the criminal's part. But it would still make me a fucking idiot.
Re:You keep using that word (Score:4, Insightful)
Re:You keep using that word (Score:4, Insightful)
IOW your argument is stupid.
Re:You keep using that word (Score:3)
Now, who is stupid: the person who is using the word as most of the human race uses it; or you, who is insisting on using the word according to the preference of a small group of people?
P.S. if you say "him and everyone else", you should see a psychologist about your narcissistic delusions.
Re:You keep using that word (Score:3)
Re:You keep using that word (Score:3, Insightful)
Exactly. This ship sailed a long time ago. Time to give it up. The original meaning of "hacker" is dead. If you use it in that sense, you will only be miscommunicating with the vast majority that uses it in the new sense.
Seriously people. Let it go. Words change. Many of the words you use now meant something else entirely a hundred years ago.
Re:You keep using that word (Score:4, Insightful)
The commonly-accepted usage of words is determined by the majority.
While I do agree that whatever "hacker" used to mean is called a "maker" now, you're way off on how word meanings are determined.
It turns out, each word can have multiple meanings, and all the meanings with common published examples are the real meanings! Wow! Blows your mind, right?
How can nerds expect the world to believe in our vocabulary if we can't even read dictionaries?
Re:You keep using that word (Score:2)
The commonly-accepted usage of words is determined by the majority. Whatever "hacker" used to mean, it now means someone who bypasses computer security systems to commit crimes.
Hacker is someone who drives a hack, a horse and buggy or else car for hire. Another term for cab driver.
Re:You keep using that word (Score:2)
You don't get to supplant the definition of a word because you want to embrace it's favorable connotations while rejecting the negatives: I'm assuming you're referring to hacker vs. cracker.
Re:You keep using that word (Score:2)
If only we had a time machine, we could go back to the 90s and fight thing battle again. At this point I think it is fair to say, the word means whatever it is used for. Makers are the new hackers.
Re:You keep using that word (Score:3)
Note to the press: "Hackers" doesn't mean what you think is means.
So true.
Interestingly House of Cards which includes a character who is a cracker and hacker (appears to have good hacking skills which he uses to break into systems). It appeared that the writers had actually made an effort to learn about the culture(s). For example there was a well done attack that combined social engineering and sleight of hand to defeat two factor authentication.
Unfortunately his lines still made it clear that the writers didn’t really understand what those words really meant (sorta like when the marketing department uses the word “cloud”). And the set department still made the usual nonsensical computer displays. As for the character himself. well he was hardly glorified. In fact if I ever met a person like that my overshelming desire would be to smite him with a copy of the V7 manual. Twice, if he kept moving.
Re:Note to codemonkeys. (Score:3)
Protip: Words can have multiple meanings.
Time to stop glorifying the NYT Op-Ed (Score:5, Insightful)
Stop falling for the clickbait, Slashdot.
Re:Time to stop glorifying the NYT Op-Ed (Score:3)
Joke's on them. Nobody at Slashdot actually reads the articles.
Hackers get no RSPECT (Score:3, Funny)
And yea, that's spelled right. In all 57 states.
Blaming the victim? (Score:4, Insightful)
Next thing you know we'll stop teaching kids to look both ways before crossing the street because we're teaching people not to drive drunk. But this just isn't how the world works.
Re:Blaming the victim? (Score:3)
Victim blaming (Score:5, Insightful)
Why the hell is there a trend nowadays to call it "victim blaming" to give people advice on protecting themselves? Is it really such a bad idea for people to do things to protect their passwords?
I guess telling people to run antivirus is now "victim blaming", too.
Re:Victim blaming (Score:5, Funny)
Don't teach users not to run mysterious .exe files from suspicious people without antivirus software! Teach scammers not to scam!
Comment removed (Score:2, Funny)
Re: Victim blaming (Score:4, Insightful)
Re:Victim blaming (Score:2)
There's a difference between trying to get people to protect themselves and blaming the victim. Telling users "you need to run an anti-virus" is giving advice. Telling users "you were hacked because you're an idiot that runs Microsoft software" is victim blaming. To take this away from the computer world, telling women "you could take a self-defense class or carry Mace with you" is advice. Telling a woman "you were raped because of the way you were dressed - that's just asking for it!" is victim blaming.
There's an important distinction between the two. Even if the incident in question could have been avoided if the victim had taken protective measures, don't try to assign blame to a victim who is hurting from the incident. That's just going to cause ill will and won't lead to the person listening to you in the future. It is possibly to blame the perpetrator for the crime committed while still offering to help make sure incidents like these don't happen in the future,
Re:Victim blaming (Score:2)
Why the hell is there a trend nowadays to call it "victim blaming" to give people advice on protecting themselves? Is it really such a bad idea for people to do things to protect their passwords?
I guess telling people to run antivirus is now "victim blaming", too.
It's just misuse of the term by people who don't understand what it means. See: irony, meme, feminism, communism, fedora, ...
Re:Victim blaming (Score:3)
If there is a reasonable and effective method that women can use to protect themselves from getting raped, why would they not use it? Sadly, there is no such reasonable or effective method. Becoming a shut-in is not reasonable, and unlikely to be effective. Rapists don't rape because of someone's choice of clothes, so telling them to not wear certain clothing is just idiotic.
Your comparison is bad and you should feel bad. In fact, just think about what you're saying; you're essentially saying that people shouldn't mention to other people that there are ways to protect themselves from bad things. It's just absurd.
It all depends on how the advice is given. If you're blaming a victim for someone else's actions (say, someone breaking into their home), then I could see that as "victim blaming." However, if you merely fault them for not taking reasonable and effective steps to mitigate the chances that they will be harmed, that is entirely different than blaming them for the actions of another. This "victim blaming" nonsense needs to be put to rest.
US blame culture. (Score:5, Insightful)
So she emailed a list of passwords to herself, didn't bother encrypting it, and kept it in her on-line email account for 9 months, then she's actually surprised when she gets hacked?
I look forward to the day when America gets back to the point where people start taking responsibility for their own actions again, instead of always looking for someone else to blame (and sue) for their own stupidity.
Re:US blame culture. (Score:2)
I look forward to the day when America gets back to the point where people start taking responsibility for their own actions again, instead of always looking for someone else to blame (and sue) for their own stupidity.
Judging from the increasing number of brain-dead liberals infesting America, I think you're gonna be waiting a LONG LONG time......
Thank you for a prime example of my "misuse of terms that people don't understand" post above.
Author is s twat (Score:4, Informative)
He *emailed* himself his own password list then whines when his account gets hacked.
NO SURPRISE HERE.
*She* (Score:2)
I corrected it myself.
Re:Author is s twat (Score:2)
If she used webmail, or TLS/SSL-encryption when sending the email, that should be safe.
Unless the email account is hacked by other means. But usually, that will screw your passwords anyways, as all registrations either sent you passwords, or will allow you to reset them using the email address.
Re:Author is s twat (Score:2)
No, it's not "safe". It violates the first three rules of passwords:
1. Do not write passwords down
2. Do not store all of your passwords together.
3. If you do break #1, do not store your password in an un-safe location.
That second rule... (Score:2)
I was not aware of the second rule. Which is broken by all those password manager software, btw.
It's not a bad advice, to be honest, but it also depends on the fact that you are writing (storing) your passwords already.
Diane McWhorter? (Score:2)
Only NSA can do that ! (Score:2)
All others have to be quiet naive idiots ?
"Victim Blaming" (Score:3)
See Adrienne Brown, who really was victim blamed.
Or the poor woman in the Steubenville Rape case.
In other news... (Score:3)
Author Diane McWhorter identity was stolen 6 times today
disconnect (Score:3)
but what lesson are we to learn from someone who emails lists of passwords to herself?
That real-world security is very disconnected from the clean and nice scenarios in your books and head, because real users think differently than geeks and do different things for different reasons. Some of them we gloat over and call them Lusers and other deragatory terms, but that's mostly to cover up our own insecurity because most of the Lusers out there have had ten times as many and twice as beautiful women and don't live in their mothers basements anymore.
Yes, I know that's also untrue. The point is that different people have different skills and while many of the non-techie people do stuff that we techies consider stupid, they could laugh just as much about us in other areas of expertise. Maybe not women, maybe for them it's sports or marketing or making friends.
So stop gloating and calling people stupid and look at what they can, in fact, teach you. In this case, there's quite a bit to be learned, not the least of which is that passwords are a moronic concept and need to die.
Re:disconnect (Score:2)
passwords are a moronic concept and need to die
There are two ways to implement authentication: Provide a unique token that you have possession of or provide an identifier that you have exclusive knowledge of. Things that you possess can be stolen by taking them (credit card, rfid badge, SecureID). Some things that you possess can't be used universally (fingerprints, iris/retina). Things that you know, however, can't be stolen so long as you keep them in your head. Which is more moronic?
Victim Response (Score:2)
Hacker says it's time to stop listening to authors. Especially if they think hacker=computer criminal. It's got as much integrity as saying white people=bankers.
My takeaway.. (Score:3, Funny)
Things I learned in reading that blabbering op-ed.
Earthlink is still alive. (shocking, but meh...)
Author likely uses same password for multiple publically known email accounts. (lacks even the least amount of personal information security training)
Seems to think Gawker is a respected, um, network. (HAHAHA!)
Thinks pepole hacking celebrity accounts or high-profile public figures is equivalent to what Snowden and similar whistleblowers do, at least as popularity is concerned. (Err...)
Mentions term 'white hat' like it's a mythical unicorn. (turtles all the way down....)
This is like a nail beutician, commenting on the security of a cars CAN bus. I want my 5 minutes back!
Maybe it's time to take away her soapbox (Score:4, Informative)
Agreed! (Score:2)
It is also time to stop glorifying Googlers and Facebookers.
They should be called voyeurs.
Why is this on slashdot? (Score:2)
A badly written rant containing ill-informed opinions, even when accounting for the author being no `geek', as she puts it.
The problem is not the `glorification' of hackers (seriously?). The problem is that laws remain outdated to cope with this digital age. The problem is that governments rely on badly protected and badly regulated technologies.
The problem is not having enough hackers.
Hire an expert (Score:3)
Dear Diane... (Score:4, Interesting)
If you want to see what real hackers are about, come on down to H.O.P.E. this year, http://www.hope.net./ [www.hope.net] We're just a short walk away from the New York Times at the Hotel Pennsylvania.
See you there!
Idiots... (Score:3)
Ms. McWhorter, It has nothing to do with "glorification". Criminals and miscreants will steal your shit if they can, often just because they can. The motivation doesn't matter. What matters is that they will. What matters even more is that one can, with a few simple steps, drive the likelihood of such a theft down to near zero. So when you fail to take those steps, you are being stupid. Its like never locking your house or your car and then crying foul when someone points out your negligence to you.
Re:Idiots... (Score:2)
Have to say, after reading the first two paragraphs (have "paragraph" and "sentence" always been synonymous in news/paper articles?), I've already come to the conclusion that your comment is 100% accurate.
I WAS at the Museum of Modern Art in New York not long ago, soaking in Edward Hopper’s retro downer mystique,
Hmm...elitist art person?
when I got a call that opened up brave new all-night-diners of doom and gloom.
Rather inflammatory and blatantly attention-grabbing.
The editor of thesmokinggun.com, a website that publishes embarrassing documents with headlines like “Man Jailed for Toilet Seat Attack on Disabled Kin,”
Crass...just from the URL I can already tell that I don't want to know anything about the site because it'll probably depress me.
had come into some documents of mine, including my Social Security number with birth date, a photograph of me assailing a moth infestation in an elderly friend’s kitchen
Okay, not that surprising but obviously not fun.
and nearly all my passwords.
Aaaaand this immediately sets off my warning bells that you probably did something monumentally stupid in order for this to happen.
Author also wants... (Score:3)
everyone to get off her lawn.
hackaday .. (Score:2)
The Song of Their People (Score:5, Funny)
I'm a hacker,
I'm a snacker,
I'm a mid-night wacker.
I get my lovin' on the net.
Ooh, ooh, ooh, ooh
Victims often at "fault", but not their fault (Score:4, Interesting)
Ok, we're going to snicker at someone e-mailing password lists, because we all probably understand that e-mail, by default, is sent in the clear, and is therefore not secure. It's hard for tech geeks to properly empathize with "normals" who just want to get some work done, or surf around on the net and not worry about getting their computer taken over by some malware.
Honestly, though, it's hard to blame normal users for this. Should a user have to be a computer expert in order to actually use a computer? Some might argue yes, but that doesn't seem too realistic. The fault lies with software developers who blindly rushed features out the door without giving proper thought to the security implications. Microsoft had a really bad habit of this until they made security a significant corporate priority - it's time for Apple to catch up now, as proven by the recent "goto fail" fiasco. The focus has since shifted to softer targets, first Javascript and browser exploits, and then third party plugins as those closed up, such as Adobe products or browser-based Java exploits, and the good time for hackers (no, I'm not going to call them "crackers") is still rolling on.
Honestly, I'm not sure what the answer is: Probably most casual users should actually move away from fully-powered computers and move toward safer, more locked-down systems like tablets and phones (like they have been). For people not doing serious work or creating actual content, these are more than capable, and are certain safer systems in general. Alternatively, getting set up as a limited account in an operating system with a smaller attack surface like Linux would be fine too. BTW, I don't buy the notion that Linux is inherently safer than Windows (granted, that definitely used to be true) - it's a combination of fewer threats (because it's a less rich target) and configuration options - Windows is also very safe as a limited user account). We've seen plenty of serious security holes in very popular FOSS software, even recently. But people buy computers because they actually want to do computer-like things with them, including running popular software. Limited accounts / locked-down systems are not always feasible.
One thing I'd love to see is the death of standard login-password mechanisms. It's too much of a burden for both a normal user to both create and remember a secure password, and for the website to keep that valuable user information secret. We've demonstrated again and again and again that eventually a crack will be found and the info will leak. That's why I'm hoping that something like SQRL will eventually see widespread adoption. It's biggest strength is that it doesn't require trusting ANY second or third party with secrets of any sort in order to keep your identify secure (granted, associated data can still be compromised, but your identify can't be stolen at least). It's a very promising system, but we'll see if it catches on - it's sort of a long shot. But for the time being, something like LastPass is the next best thing. Someone needs to tell the author of this article about it so she can stop e-mailing herself password lists.
Re:Victims often at "fault", but not their fault (Score:3)
Should a user have to be a computer expert in order to actually use a computer?
They don't need to be experts; they just need to not be absolutely retarded. You learn to drive (maybe) before you get your license. Learning a few basic facts before you go off and do a bunch of stupid shit with a computer is something everyone should be able to do, though I don't think there should be a license.
Modern computers essentially have the equivalent of a big red light switch placed out in the open which, if flipped, may accidentally burn your office down. No one would find that acceptable design anywhere outside the computer world. If a user accidentally double-clicks an attachment, it can bring down a corporate network. I don't consider that acceptable or sustainable, and I don't think that someone double-clicking an attachment is retarded, because that's a FEATURE that's been added. Why the hell can't we make it safe to double-click and view an attachment? That's OUR fault, not theirs!
This lady knew enough not to re-use passwords among different services and sites. Short of using a third-party password management system, and without the inherent understanding that e-mail isn't secure (which service providers don't exactly communicate openly), e-mailing password lists doesn't seem retarded to me. It sounds like someone trying their best to stay secure within a very complex environment they don't completely understand, and probably never will.
Computer-literate folks like us tend to set the bar too high without realizing how difficult we're making things for others who would just like to use computers to get work done, and not have to spend have their time just in training how not to get hacked. Calling non-experts "retarded" is not going to help anything.
Re:Victims often at "fault", but not their fault (Score:3)
Computer-literate folks like us tend to set the bar too high without realizing how difficult we're making things for others who would just like to use computers to get work done, and not have to spend have their time just in training how not to get hacked.
Strange how people treat cars so differently. Going onto the road with no understanding of how to operate a vehicle or what the rules of the road are would be seen as unacceptable, but if you do something similar (though I think less extreme) with a computer, it's just normal.
Calling non-experts "retarded" is not going to help anything.
I'm not saying that non-experts are retarded. One doesn't have to be an expert to not be retarded; they just have to be a tiny bit competent and learn some *basic facts*.
Comments prove the McWhorter's point (Score:4, Insightful)
Most comments on here are verbally abusing the victim while completely ignoring the person who compromised her account and posted her personal details on line. And, I am willing to bet that if that happened to any of those posting said comments, the victim would want to kill the perpetrator.
Re:Comments prove the McWhorter's point (Score:3)
Saying "That car thief was AWSOME! You deserved to get your car stolen, you fucking shithead! Next time turn off your car and lock the door, n00b!" Isn't "suggesting that they not leave their car running and walking away".
Please go read the comments where they are not suggesting she "take reasonable security precautions" but rather are simply insulting her. Also, read her article where people are praising "Guccifier" and wanting to start defense funds, etc.
The end result is abuse of the victim and praise/support of the perpetrator.
Agree with headline... (Score:3)
Disclaimer: I didn't RTFA, and while I agree with the headline and summary, it's not for the same reasons and I actually have a lot of respect for real hacking.
I agree that it's time to stop glorifying hackers. Not real hackers that find SSL vulnerabilities, or who hack the mainframe, or who embed assembly in their compiled programs. No, those people deserve all the glory they get (which is very, very little). No, I'm talking about the "hackers" that are always stealing peoples' passwords.
A figurative 99% of security breaches happen because a password got stolen. That is not hacking. That is stealing a password. It requires no more technical competence than the average user possesses. If you write your password down and throw it away, the garbage man can find it and log into your email. Does that make him a hacker? No, it makes him an unethical, opportunistic garbage man.
Password security is not equal to computer security. Real hackers compromise computer security, possibly resulting in a stolen password, or possibly resulting in access that renders the stolen password irrelevant. And if someone steals a banker's password and uses it to do things the banker is allowed to do, then there wasn't anything wrong with the computer security.
That's not to say the user is automatically at fault for the password security. I mean, sure, the user could have handled the password better, but if that user understood that in the first place then there never would have been a problem. Password security is a policy detail. That's probably why it's usually the weakest link. Only the geeks understand enough to design an effective policy, but the geeks don't usually design good policies for non-geeks.
Let's get this straight, Diane... (Score:3)
... we don't glorify hackers, we glorify good people doing good things that benefit the common good. It just so happens that some of those people accomplish that goal by hacking.
So says the NY Times. (Score:5, Insightful)
Our top artist, Jay-Z is a man who made a career spanning over a decade rapping about being a criminal(gangsta rapper), and glorying a life soaked in drugs, loose women, and crime.
On the other hand, we have movies like zero dark thirty which glorify torture.
We glorify politicians who lie, cheat, and steal, and we encourage eachother to lie cheat and steal for them.
When a kid is bullied in school they are generally blamed for being weak, socially unfit, or making themselves a target.
Most celebrities, the people who we all mimick, do drugs, drive under the influence, sleep around, and act without a care for the rest of us. If we admit we don't like them, something is wrong with us. We re-adjust our social values around them.
We glorify the press and the news, and when they get caught lying to us, often to assassinate someones character for either social or political reasons, strut around as if their position makes them nobility, and violate each and every rule they tell us they abide by with enough regularity its safe to say they don't exist, we extoll them as the saviors of democracy.
But yes, its hackers. Hackers are making society a terrible place. If computer break ins where any other field besides computers, it would be socially accetable. If you get take advantage of financially, or make a silly mistake, well its proof the capitalists are smarter than you. If the bank takes advantage of your lack of time to fight them, its because they deserve to prey on the weak. If you break into the bank computers because the same smarty pants bankers are to daft to learn your field, your a terrorist.
Somehow hackers are glorified? Another shitty op-ed from the NY Times, a fine publication with a long history of clueless op-ed writers, and hideously snobbish double standards.
I've said this before, and I'll say it again, the NYT is a fine publication, but the opinion editorials are run by a bunch of smarmy yuppie shitheads without any real vantage point in society.
Re:Still No Excuse For NOT Following Best Practice (Score:2)
In the case of large organizations like Target, IT expenditures are controlled by management ladder climbers who don't have the knowledge to make the proper decisions on matters that require anticipating "unknowns". If a business case can't be made for spending money on security it gets cast aside because these people are only taught about bean counting in their MBA coursework.
Re:Still No Excuse For NOT Following Best Practice (Score:2)
I'm surprised it took until two thirds of the way down this article for someone to say this. The author seems to be proposing that companies just don't implement security and "trust" hackers to not hack?
I also don't "get" why all these security breaches keep happening where the attacker can download the plaintext of basically all users' passwords...why the hell aren't these companies just storing the password hash? If a user forgets their password, email them a reset link to their listed account email. Wasn't this a solved problem 10 years ago?
(I admit I'm straying into the "this should be so simple and just work!" viewpoint that I complain about non-programmers having, unfortunately.)
Re:How is this brainless drivel even here (Score:2)
It seems to me like a venture into the fearsome territory of pointless and redundant. How is this a worthy discussion point and not promptly-filtered-by-hippocampus blabber from an entitled and technologically uneducated person? Do people now need detailed explanation from "the authorities on the subject" on absolutely *everything* ?
Reading this, to me, feels like reading anti-evolution blogs. Desperately trying to be an edgy and heard voice of a generation. So much so that "logic" is, for the purposes of being perceived as hip, opinionated and ahead of the times as possible, thrown out along with the baby, the bathwater & the bathtube.
"hippocampus blabber' - I like it....
The quality of the prose and logic suggests that the entire article was written after a double skinny natural vanilla flipped cappuccino at the local Starbucks and uploaded to the NYT using the Starbucks WiFi network without any sort of encryption at all.
We'll probably find her new passwords on Gawker next week.
Re:Need to stop trying to market brand "hackers" (Score:2)
If you hire a lawyer or tax consultant to help with tor networks for your taxes
Er...do people actually do this?
I'd rather have them say "white hat hacker" than assume all hackers are evil; wouldn't you?
Re:Need to stop trying to market brand "hackers" (Score:3)
I would rather they say 'A criminal hacked into...