Inventor of Proxy Firewall Blames Hackers 742
An anonymous reader writes "SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better:
Truly, the only people who deserve a complete helping of blame are the
hackers. Let's not forget that they're the ones doing this to us. They're the
ones who are annoying an entire planet. They're the ones who are costing us
billions of dollars a year to secure our systems against them. They're the
ones who place their desire for fun ahead of everyone on earth's desire for
peace and the right to privacy."
its the hackers alright! (Score:3, Funny)
Re:its the hackers alright! (Score:3, Interesting)
Suddenly we're all little piggiesliving in the big bad wolf's neighborhood and we're living in software houses built of twigs.
Re:its the hackers alright! (Score:5, Insightful)
At least we've had time to learn and understand and actually build tools to help in the defense of our systems. Now if companies ignored the petty hacker attacks that's their own fault, but at least it started with relatively innocuous stuff rather than more heavy duty attacks...
Re:its the hackers alright! (Score:5, Insightful)
I have no use for destructive hackers. It's much easier to find a hole in a system then it is to anticipate all possible angles of attack. If some ass-hat script kiddy wants to show what a clever boy he is, he should do something useful and become a security consultant. On the other hand, that would take brains and work...
Re:its the hackers alright! (Score:5, Funny)
What about the guy who broke into my computer, erased my copy of Windows and installed Fedora Core in its place?
I suspect he was a Red Hat hacker, personally...
Re:its the hackers alright! (Score:3, Interesting)
Have sex with a woman in a parked car on some random street. Anyone can stop and watch and they are doing nothing wrong.
Hacker Justification (Score:4, Interesting)
Besides. Hackers have been doing serious damage from day one. Besides just breaking into networks for "curiosity sake" they've been planting worms, trojans, trolling entire credit card data bases, commiting DDoS attacts, etc etc. No, not all of them, but enough to make the OPs point a ridiculous one to even attempt to justify.
Re:its the hackers alright! (Score:3, Insightful)
Why is the blame always pushed in one direction OR the other and not both?
Re:its the hackers alright! (Score:3, Informative)
Breaking legs doesn't alter ones DNA. Kids would be born with stronger bones only if bdit went around breaking the legs of a large fraction of the population, and the stronger legs among the population survived the breaking attempts. Also, you'd need people without broken legs to have more kids than people with broken legs.
Re:its the hackers alright! (Score:4, Insightful)
We need to get it through people's heads that everything that's running is a security risk, and if the benefits don't outweigh the risks don't use it, or install it and block it's ports.
Someone should patent blame deflection (Score:5, Insightful)
hackers. Let's not forget that they're the ones doing this to
us. They're the ones who are annoying an entire planet. They're the
ones who are costing us billions of dollars a year to secure our
systems against them. They're the ones who place their desire for fun
ahead of everyone on earth's desire for peace and the right to
privacy."
Ok, but swap a hacker's desire for fun with a software companies
desire to make money without properly taking responsiblity for
securing their product and one could also write:
Truly, the only people who deserve a complete helping of blame are the
software companies. Let's not forget that they're the ones
doing this to us. They're the ones who are annoying an entire
planet. They're the ones who are costing us billions of dollars a year
to secure our systems against them. They're the ones who place their
desire for profit ahead of everyone on earth's desire for peace
and the right to privacy."
It is like a credit card company saying that if someone breaks into
their systems and steals my credit card number, that is my
responsibility - or maybe it is the hackers fault. Well sure, it is
my fault for using a stupid bank, and the hackers fault for committing
the crime - BUT SURELY the bank has to take some fault for making this
whole possible - right?
Re:Someone should patent blame deflection (Score:2, Insightful)
A lot of hackers have "fun" causing other people pain. It's weird, I've never quite understood how that actually works, but I've met plenty of people who just experience joy at doing damage.
Well sure, it is my fault for using a stupid bank, and the hackers fault for committing the crime - BUT SURELY the bank has to take some fault for making this whole
Re:Someone should patent blame deflection (Score:2, Interesting)
A logged in user may occasionally troll (who knows what kind of warped mind finds this "fun"?), but someone who logs in to drop bombs in a d
Re:Someone should patent blame deflection (Score:3, Interesting)
All corporations exist to make money for shareholders.
Secondly, Banks exist to link people with money to people who wish to borrow money. You put your money in the bank. The bank pays you interest (pretty low interest today, but still). Then the bank lends it out at a higher rate of interest. The difference is the bank's profits. Its role is to act as an intermediary. Lending money yourself is risky. You put your money in the bank and the bank assumes all costs,
Re:Someone should patent blame deflection (Score:3, Informative)
Thing is the bank takes on risk too. All it takes is for another depression for the banks to lose everything... Look, today we're at a MASSIVE credit bubble... Huge, unlike nothing we've ever seen before in our lifetimes. Personal debt is the highest per-capita it's ever been. A spike in interest rates is all it takes to create defaults on loans. Those defaults
Re:Someone should patent blame deflection (Score:5, Insightful)
We're born into this imperfect world and should expect nothing less than we've already been born into. The lock was invented before anyone presently reading this was born. This is a clear indication of the state of things and in my opinion, the nature of humans... or animals for that matter. (Raccoons, monkeys and other creatures are famous for stealing things too!)
The individuals responsible are individually responsible for their own actions and should be held accountable. But the reality that should be mentioned and understood is that we're in a world where people do shit to each other.
In that climate, we look to software makers to make reliable products. We want them to be able to withstand the efforts of the rest of the world doing what it is that's natural for them to do. It is not an impossible task. It has been shown through the virtue of patches that it can be done and since it can be patched it could also have been done right the first time had they only taken the time and effort to write it correctly to begin with.
Re:Someone should patent blame deflection (Score:2, Insightful)
Your original argument completely invalidates this insertion that
Re:Someone should patent blame deflection (Score:5, Insightful)
I appreciate my dog who barks when strangers approach the house - hey, it might be a problem, and early warning is useful.
Similarly, I appreciate hackers who find security holes and report them to the companies responsible.
I do NOT appreciate dogs who bite my arm and give me rabies just because I wasn't wearing a kevlar protection suit.
I do NOT appreciate hackers who install spyware on my machine just because I was a day late in applying the latest security patch.
Just because's a guy isn't wearing a cup, doesn't mean you should walk up and kick him in the groin.
Article is not particularly insightful, really (Score:2)
I think that's kind of implicit, but as he says, there would be no need for security without hackers. Of course, his comments are no more insightful than saying it's only because of thieves that we have to spend money on locks. Well, duh.
It's not insightful, but it is true. Hackers are to blame for our current security needs.
Re:Article is not particularly insightful, really (Score:5, Insightful)
It never ceases to amaze me how much blame is laid at the feet of the users. I know running an email attachment executable is really stupid, but alot of other exploits are the equivalent of using a crowbar to break your windows. Thieves get serious jailtime and the police work to find them and they are considered the only ones to blame. In the PC realm, hackers go largely uncaught and unpersued by the athorities, and the user gets told its their fault.
Re:Article is not particularly insightful, really (Score:3, Insightful)
It depends on where you live. In some cities/countries/parts of the world, you are expected to have three deadbolts on the door, or some other security features. Otherwise you end up paying very high insurance fees.
Re:Article is not particularly insightful, really (Score:3, Interesting)
To follow along with this analogy. But with my house when I install a new deadbolt I'm done. With a PC users need to install a new "lock" every month.
I just find the amount of crap users are expected to do just to keep their machine usable is amazing. Everyone is expected to be an expert and they're not. In the real world Brinks will outfit your house with a security system, install it, manage it , the whole nine yards.
Re:Someone should patent blame deflection (Score:5, Insightful)
Perhaps you should RTFA--no, really. The article was very reasonable and well-written. The synopsis was not. Here's the context from which the quote you refer to came--
Re:Someone should patent blame deflection (Score:5, Insightful)
Cities have legions of building inspectors for just this purpose who's job it is to actually ensure that the tradesmen actually built their part of the house up to the standards set in the local building codes.
They actually have standards in the construction industry.
Re: (Score:3, Insightful)
Re:Someone should patent blame deflection (Score:5, Interesting)
At least a door is an effort at security. Most software makers make no effort. I can prove this by the large list of programs that require me to make hours of phone calls to find all the stupid places they put stuff so my users do not have to run in admin mode in windows.
Re:Someone should patent blame deflection (Score:3, Insightful)
Most software makers? This is modded interesting? Interesting! Why not mod it insightful while you are at it? Holy crap.
That is a terrible generalization with absolutely no basis in fact, and no evidence behind such a bold statement. If you really studied this, I seriously doubt you'd find that 51%+ of software makers make no effort to develop secure software. But like you, I have no proof. At least I'm up front about
Re:Someone should patent blame deflection (Score:5, Insightful)
In a way, hackers are kind of pointing out that the emperor has no clothes.
With that said, I, personally, find nothing wrong with a hacker trying to figure out an application / OS's vulnerabilities and sharing them with the developers. And if they do nothing about it, share it with the rest of the world to force them to. People deserve doors to have doorknobs and doors that have locks. People also deserve software that doesn't leave their anal cavity wide open for nefarious probing.
However, the hackers who run amok trying to fuck things up as much as possible for the sake of fucking it up (more script kiddies than hackers, but to the average person, they're the same); they still need to be blamed. They're still the primary culprits. But software companies can be extremely negligent at times, and thus, they bear some responsibility too. Responsibility isn't finite; just because we have two parties doesn't mean the major culprit receives any less of the blame.
And I'm rambling, again. I'm sorry.
Re:Someone should patent blame deflection (Score:3, Insightful)
Blame Canada (Score:3, Funny)
Re:Blame Canada (Score:3, Funny)
let's not forget (Score:5, Funny)
I agree... (Score:3, Interesting)
Yes hackers are a pain in the arse, so are spam merchants. Thats life, live with it.
In other news the inventor of the Yale lock blames thieves for the invention of the lock, which irritates us daily.
Re:I agree... (Score:2)
Re:I agree... (Score:5, Insightful)
No, while they were idiots for leaving the door open, you were the only one who broke the law.
The same thing applies here. Because someone or something leaves doors open doesn't mean you can or should enter them. No one has to live with spam merchants - that's why we're taking measures to combat spam on many levels (from the national do not call registry to spam filters on the email system at the office). No one has to live with hackers, either. That's life, but not how you put it; this time, I applied your logic to both sides.
Can you live with that?
Re:I agree... (Score:3, Insightful)
People NEED to take more responsibility for their actions. If I left my systems with the default passwords, didn't patch them, and had no firewall, it still would not by fault if someone broke in. It would be irresponsible of me, but that's is a different matter.
There needs to be more of a realisation that responsibility lies with the person who CHOOSES to break the law.
Re:I agree... (Score:3, Informative)
Re:I agree... (Score:3, Insightful)
Re:I agree... (Score:2)
If Proxy Firewalls offer a comparable level of security to a Yale lock, then we are seriously in trouble!
From my own forum: How to defeat a Yale lock using nothing but a plastic bottle [bowlie.com]
and interestingly enough... (Score:5, Insightful)
"They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them."
Re:and interestingly enough... (Score:5, Insightful)
It's like saying the vandal who goes around smashing windows is a good guy because he keeps the window repairman employed.
Old and crusty falacy...
Re:and interestingly enough... (Score:5, Insightful)
The "window" tech. isn't standing still as the Vandal runs around breaking them.
Re:and interestingly enough... (Score:4, Funny)
Re:straight from Hazlitt (Score:5, Insightful)
The grandparent and parent both touch on something important. The vandal/repairman example comes straight from Hazlitt and is indeed an old fallacy. People see the new improved and rock-resistent glass and they say 'now that's progress'. What they don't see is the resources the shopkeeper had wanted to purchase with the money that had to go to the new window. The shopkeeper could have spent that money to become more efficient or expand. Or as in Hazlitt's example, bought a new suit. Then the tailor would have had more resources to put into play.
The window repairman, much like the parent poster, probably thinks rock-resistant windows and proxy firewalls are an excellent investment. When we look at the long list of technologies that changed the 20th century, many/most were developed at least in part to help wage and defend warfare. One might deduce that warfare is a creator of value. Yet war is always a destroyer of value. It is the allocation of resources that could be more suitably employed.
Re:straight from Hazlitt (Score:3, Interesting)
Until that changes, war is indeed a creator of value, because it's unlikely that many of those advances would have been made otherwise. All we know of space exploration is founded on advances that were originally made to kill people. Nuclear power came after nuclear weapons.
It's nice to imagine a
He is 100% right (Score:3, Insightful)
But it is also our own responsibility to be sure that we can prevent people from taking advantage of us. This means that we must have those locks and firewalls. To neglect this is to essentially invite attack and intrusion. And if it isn't at the hands of one group, it will be at the hands of another.
We don't live in a perfect world, so it's important that we have adequate locks.
Re:He is 100% right (Score:5, Insightful)
Just because you park your car in a mall and only protect it with a piece of glass that's easily broken and an alarm that everyone will ignore doesn't make it your fault if someone breaks in and steals your car. It seems like a lot of folks, though, would blame GM for not making steel shields for your windows.
The virus/worm writers are the problem; how can anyone possibly defend them?
Re:He is 100% right (Score:2)
The Internet however is and will remain "International Waters" where a lifestyle change is required to survive. If only everyone just tried to be a little nicer...
You must be joking.. (Score:2)
The house we bought in the nicest part of Vancouver last year came with security bars on the 1st floor windows, an alarm system and triple locks on the doors. Maybe the previous owner was a bit paranoid, but a private security firm has just started patrolling the area near us due to a rash of break-ins.
Vancouver has the highest rate of car theft in North America hence the arguably successful bait car program [baitcar.com].
You might argue that we don't lock our doors in the d
Re:He is 100% right (Score:2)
I've heard of apologists before but this is bordering on ridiculous.
Here's an analogous idea: the world is going to be full of tyrannical despots, we have to be on our guard against them. So it's not right to blame them, someone was going to murder all those Kurds if Saddam didn't do it. In fact these people are doing us a favor by keeping us on our toes! (and sometimes chopping them off)
Re:He is 100% right (Score:2)
You don't need to live in a perfect world to do without locks. You do need to live in a community with a strong sense of cohesion and a definite perimeter (not the same as a fence). it also helps to lead lifestyles that do not involve owning property that you leave unattended for the majority of the day.
locks allow you to avoid all these burdens: you can have an anonymous, uncohesive community in which you are free to leave your stuff unattended. the question is: does the value you gain from this abilit
Re:He is 100% right (Score:5, Insightful)
He agrees with you. That quote was the last paragraph of the last answer in the interview. Here's the full question/answer:
His point: there is pleny of blame to go around, if you want to spread the blame. The hackers who break in are the reason the rest of the blame matters, but the rest is still there.
Just in case someone thought you disagreed with him. And because now everyone has read the full context of the quote we are discussing, which will be a rarity on /.
Good God... (Score:5, Insightful)
It'd sound fucking ludicrous to read that in a history book, it's no less ludicrous to read that in a modern context.
Dude, grow a pair.
Re:Good God... (Score:2, Insightful)
Re:Good God... (Score:4, Insightful)
He's not deflecting blame, he's pointing out that blaming your neighbor or your vendor is fine, but the lion's share of the blame for intrusions belong's square in the lap of the intruder.
To quote TFA:However, I'd like to point out that I disagree with something fairly fundamental in what he's saying. The people who are "annoying us" make us build better security, and I'm much rather have a numbskull try to poke at my security for bragging rights than have nothing for years and then a series of well-organized, well-hidden attacks that gain long-term access to sensitve data. I don't enjoy having to secure networks against boneheads, but I don't blame them for having to build good security, that should have been done from the day the first machine sent out a set of voltage modulations that could loosely be called "IP".
"Desire for fun"? Oh please.. (Score:5, Informative)
In the past years, we have seen profit-seeking criminals discover how useful insecure systems are to them. The major disruptions now are not caused by simple thrill-seekers.
Re:"Desire for fun"? Oh please.. (Score:4, Insightful)
Please name one serious, high-profile hacking case (to include authoring viriii & worms) in which the perpetrator was caught and didn't turn out to be a teenager or a still adolescent 20 something.
Inside jobs don't count.
I'm sure there must be a few but I honestly can't think of any.
Not to say that there aren't real bad guys out there... they just don't seem to get caught despite all the money thrown at computer and network security.
Speaking as a sys admin for almost 20 years, most hacking has been a source of annoyance (and sometimes amusement) rather than serious damage. The oft quoted "billions & billions of damage due to hackers' is a load of crap as far as I can tell. Kind of ike the y2k bug was.
They don't frighten me. The internet was never designed for privacy to begin with. If that's your aim then paying to "hack in" extra security is the price you pay.
And you know what...? sometimes the cure is even worse than the disease.
I read somewhere recently (sorry, can't remember where) where someone (a security "expert"?) criticized a nuculear power plant's network security by saying something along the lines of "they're so backward they aren't even connected to the internet". Sounds like good security to me.
Re:"Desire for fun"? Oh please.. (Score:5, Interesting)
sPh
He means crackers right? (Score:2, Informative)
criminal hacker => cracker
criminal non-hacker => script kiddie
Re:He means crackers right? (Score:4, Insightful)
criminal hacker == hacker therefore
criminal hacker == hacker
Re:He means crackers right? (Score:2)
(It's a reference to 1984, for those who haven't read it).
Re:He means crackers right? (Score:3, Funny)
You mean deviants right? (Score:3, Funny)
homosexual => deviant
closet-case => priest
Yeah, go on. Mod me -1. I've got Karma to burn, and if you're so easily offended, perhaps you should turn your computer off. This is a humorous post to demonstrate that words change over time and the OP should learn to deal with it or move to France (where they have a department to try to keep the language pure).
Didn't I just read the Onion? (Score:4, Funny)
Is it just me or does this sound like a Onion story?
which came first? (Score:2)
There's an old Saying.... (Score:2, Insightful)
Re:There's an old Saying.... (Score:2)
Locks discourage the lazy. Since criminals by their very nature tend to be lazy, security measures do have some deterrent effect against those that don't personally have it in for you.
Hackers don't do the damage (Score:2)
The people doing the damage are low life scum who buy Spam packages from other low life scum, and set up their own little mom and pop operations. Or script kiddies who create zombie farms from tips and tricks learned in IRC rooms.
They probably barely know how computers work, and not a lick of programming. But they can surely run a spamming or DOS script.
We should no more blame the hackers for spam and DOS attacks than we should blame Napster for music piracy,
Could not be more wrong (Score:5, Insightful)
What would you prefer? An Internet full of weak hosts, with a wealth of unexploited security holes and weakly configured security systems, where your security is left up to the good will of others (everybody just play nice now)? Or one where leary vendors and service providers stand in constant vigilance over security issues, because they have to. The wolves are circling the herd.
What would happen if all the 'hackers' just went away? Everyone would get complacent. Security holes would proliferate, until the temptation just became too large and someone takes it all down in one fell swoop.
Re:Could not be more wrong (Score:2)
---
Jihadists, whacko environmentalists, right-wing extremists and their ilk are the predators and pathogens of the modern global ecosystem. They kill off the weak and make the rest stronger.
What would you prefer? A world full of weak hosts, with a wealth of unexploited security holes and weakly organized government systems, where your security is left up to the good will of others (everybody just play nice now)? O
Re:Could not be more wrong (Score:4, Insightful)
No, these are the ticks, the mosquitoes, the starlings. They annoy the shit out of the system, occaisionally cause or induce actual harm, but are for the most part really just benign, in the grand scheme of things.
The real wolves are the RIAA/MPAA, corporate agriculture, "Free Trade" advocates, Brazilian soy bean farmers, squeeky wheel Revelationists, neo-Talibanists in the US, etc., a culture that seems to know the price of everything and the value of nothing, and Congresses (US and EU) that values their corporate ties more or less above all else, and has forgotten that its job is not to get itself reelected, but to serve the people of the US and country, not serve the companies that serve the people.
boo-hoo-hoo (Score:3, Insightful)
If there weren't any burglars around, I wouldn't have to lock the doors of my house.
If everyone would abide traffic rules, the need for airbags etc. would vanish.
This guy is not only complete missing any connection with the outside world, he also forgets that there are thousands of people working in the (IT) security industry, making a living. It may sound silly, but we keep our economy going this way. This is why there are so many economists/therapists/lawyers/communication advisors/etc. around.
I feel like feeding the troll here. Time to knock it off...
Lord of the Walls (Score:3, Funny)
*gollum, gollum*
"Perfect World" (Score:2, Insightful)
Security and Concepts (Score:2)
Why do hackers get all the blame? (Score:2)
If we got rid of all the hackers, wouldn't we still need to secure our networks from governments, crimi
Focus on the Process (Score:2, Insightful)
Hackers = Canaries in the Coal Mine (Score:5, Insightful)
The *REAL* danger are corporate spies who not only want your secrets, but also plant spyware, or destroy infrastructure to hamper a competitor. There is also the growing instances of state-sponsored computer cracking whereby poorer nations (particularly the axis-of-evil states) seek to leverage the power of attacking information infrastructures instead of the physical infrastructure. Remember, the US didn't take down the Soviet Union by dropping bombs and shooting bullets. We bankrupted their ass in a nice game of 'keeping up with the neighbors'.
Re:Hackers = Canaries in the Coal Mine (Score:3, Insightful)
Your forgetting that a really significant contributor to the downfall of the Soviet Union was their "Vietnam", the war in Afghanistan. The U.S. did supply the bullets and in particular the Stinger missiles that were used by proxies to kill their draftee soldiers and created a couple generations worth of veterans who were completely scarred i
Re:Hackers = Canaries in the Coal Mine (Score:3, Insightful)
When Russia invaded Afghanistan they united the muslim world to throw them out. In a mutual case of the enemy of my enemy is my friend the CIA and Bin Laden formed a partnership of convenience. Bin Laden and company were given big bags of money and arms by the CIA, the stuff they needed to beat the Russian's in Afghanistan, especially the stinger missiles which were used to turn the tide again
Re:Hackers = Canaries in the Coal Mine (Score:3, Insightful)
OTOH, if you go back that century, you find the same motivations present in Washington, and around the country. You find Hearst using yellow journalism to create a war. You find Teddy
Jeeze... (Score:2)
Yes, if it weren't for x we wouldn't need y. However, much like bacteria strengthens the body, crackers strengthen our software. Albeit in a round about way.
In a related story (Score:3, Funny)
Criminal Responsibile for the Crime (Score:5, Insightful)
Yes, insecure code, a lack of a firewall or antivirus software opens you up to potential attacks, or not having the latest security patches. However that doesn't excuse an actual attack.
By the reasoning of most of the posters here, unless your home is as secure as fort knox, anyone who breaks in and steals stuff isn't really to blame... I mean, come on, you could have protected your house better. Put in pressure plates and motion sensors. Try a laser grid on the floor. Armed guards, time sealed doors, attack dogs etc. Anything less and, geeze, you're practically inviting them in to take your stuff!
That's what the Internet is like. You really have to lock up your system like Fort Knox to keep yourself safe. Even then, the burglar could find a spot in the security system that isn't fully covered and get in that way.
The ONLY secure machine is one that is sitting in the corner, surrounded by a lead box, not connected to any network or power supply. A useless machine really.
Those who attempt to maliciously exploit vulnerabilities deserve every once of blame you can possibly assign to them. I personally want to kick the guy in the balls that did the Blaster worm... took weeks to get my old workplace cleared of that thing. Just because it is POSSIBLE to exploit something does not mean you SHOULD exploit it. Too many people online use the reasoning that if it's possible it should be allowed.
Say hello to evolution (Score:3, Interesting)
A patron is looking for a good deal, and will expend effort to maximize their deal, so sloopy wording on a sign on your store-front are invites to a natural onslaught of fiscal frustration. By natural, I mean there is no evil intent in people trying to keep you for your word in maintaining a good bargain (that you didn't intend).
If there is money on the street, it is conceivable that:
a) the original owner will never find it again
b) someone else will take the money
So you justify taking the money yourself.
If you are hungry, you might be inclined to take two samples at a free food-sample kiosk. It's unfair as it goes beyond the intent of "sampling" and takes away from other's (since there is usually a set amount of sample provided for the day).
In reality, those that are sheltered from such harsh survival of the fittest environments will EVENTUALLY meet with that environment.. It is impossible (short of death) to avoid it. Thus the question is not IF we will meet our challenges, but when, and how quickly will the difficulty level rise.
For those with assets we fear to loose (time,money,posessions,intellectual property, etc), it is natural for them to be saught by others. Having a public wiki is valueable advertising real-estate (or a personal repository for globally accessible content). So grafiti, being merely a primitive form of marketing, is bound to happen. Bank accounts are an obvious point of content.. If you happened to come across money on the street, you are more than likely to take it. If your ATM machine started allowing you to withdraw cash w/o deducting from your bank account, there is a better than likely chance that you'll take advantage (anonymous theft when it is considered to not overwhelmingly harm someone else - proportionate loss/gain - is often self justified). There isn't much difference from taking from that ATM machine and taking from an online bank account that you've happened by. Yes there is a greater issue of proportionality (you might be stealing from someone poorer than you), but you might think to yourself (I'm teaching them a lesson).. What-ever the cause, an otherwise moral man may find themselves tempted.. To say nothing of the mafia.
And ultimately organized crime is the tyrannasauras of our internet age. The mafia being only one form of it (unfriendly governments being an even more serious threat). The age of mafia and internet "WAR" (literally between nation-states) is only a matter of time.
So if our "evolution" through natural selection and adverse environment does not "toughen" us enough to sustain such natural phenomena, then we will die (or at least the medium will die).
So lets look again at these "evil" hackers. Many of the hackers were self-professed white-hackers, or anonymous exposers. If you are inclined to see if a WEB-INF directory or IIS-specific file-set are visible on a public site, you can either email their sys-admin who might sue you for hacking, or simply ignore you (like MS tries to do with serious security alerts so long as the general public is oblivious), or you can make it a priority for them... Deface their web site, delete lots of their database records.. Make it too expensive for them NOT to resolve the issue.
These are altruistic people. Slightly less altruistic are those that advertise themselves 3l33t hacker-names advertised here and there. As they have the fun and recognition-factor of it all (especially if they get CNN coverage).
Embrace th
blame everybody (Score:5, Insightful)
Its about protecting information that you otherwise don't want unauthorized people to have access to. its about espionage, its about privacy. Its about making sure you know if somebody is just looking on your system. Honestly a server can be replaced if it gets fried by some hacker trying to hurt it, and there are backups. But you'd never know if somebody went in and just invaded your privacy and looked at all your things and then left it completely clean right?, not without something like a firewall or some sort of logs and security system set up.
So yeah go blame hackers for making us think of the idea
Inventor of proxy firewall - takes another toke (Score:4, Insightful)
How can someone be clueful and clueless all at once... Desire for fun....that did not steal 40 million credit card numbers. Everyone on Earths desire for peace and right to privacy? Tell that to the Chinese who are told what ports they can or can not secure to allow for "public monitoring" This guy is lost.
bullshit (Score:4, Insightful)
Security isn't an accidental byproduct of software, it is one of its primary functions; if software doesn't provide security, then it is defective. That's just like if you buy a padlock, you have an expectation that it actually works as a lock. The padlock manufacturer can't say "oh, well, our padlock doesn't work, but that's really the criminal's fault".
Any vendor that puts out software that contains easily avoidable security holes (like buffer overflows, backdoors,
Blame vs responsibility (Score:4, Insightful)
This sounds merely like an argument for altruism and security thru obscurity (which of course doesn't work). Why would a company try to harden against problems, even if caused my a mistake, if there is never any pressure to think there would be a need?
Would a civilization wonder if there is anyone else out in space if they can see no stars? Problem is without external pressure, people get sloppy. Of course people are sloppy to begin with. Imagine the extent of the credit card problems we have seen in the past months if there was no security at all? Its a poor argument really.
Re:Blame vs responsibility (Score:3, Interesting)
The fact is that people have been kidding themselves that they have some level of security for a long time, and if there was no security at all, then
UberMUD & UnterMUD (Score:3, Interesting)
Thought I'd mention a bit of history (long since forgotten) that Marcus Ranum was also the author of the UberMUD and UnterMUD, mud engines. Two very nice mud cores, written in K&R C that ran on Ultrix. Both had their own strengths and weaknesses. UberMUD was my favourite, as it had its own scripting language called "U". UnterMUD didn't so it was harder to develop on, but its filestore backend was much smarter than Uber's. A union of the two would have been the perfect MUD engine IMO.
This strikes me as whining... (Score:3, Insightful)
600 Fucking Posts and Nobody RTFA! (Score:3, Informative)
Get over the last paragraph, morons, and RTFA!
It's FAR more insightful than any of the comments I've seen bitching about the "blame hackers" paragraph - which was preceded by "blame everybody else" sentences anyway.
You guys sound like the big media press whenever somebody gets caught faking or running false stories - "Oh, woe is us! Somebody is blaming us for being idiots! We're such a poor, put-upon industry!"
Deal with it!
Re:Here we go again (Score:3, Insightful)
Re:Here we go (Score:3, Insightful)
Well, I guess they did prepare us for more serious infrastructure threats, e.g. information warfare, organized crime etc.
I'd rather have an army of citizen-lamers spend decades breaking into our computers for fun, prompting us to build up an immune system.
Xcott
Re:Only those dastardly hackers (Score:2)
We spend billions of dollars per year to FIX OUR SYSTEMS because they are built with faults that the builder should have known better than to engineer in. His rant would be more meaningful if the negligence of certain companies weren't dramatically aggravating the problem.
The fact that he's a guru doesn't alter the fact that he's full of shit.
Corps have to clean up after certain operating systems infected with certain classes of malware because of pisspoo
Re:What the author doesn't realise (Score:2)
I would like to "express" myself as I please.
Re:First against the wall (Score:2)
Who exactly are you refering to?
Re:Guns don't kill people (Score:2, Insightful)
The idiot who comes in with a lit cigarette is doing nothing wrong and, supposedly, didn't intend anything evil. You're a moron for spreading kerosene all over the house. The cigarette dude isn't to blame. This is just an unfortunate incident caused by owner neglect and stupidity.
Not so with the hacker. The hacker might know the owner neglected to have decent security on his system but he's still entering the system with malice in mind.
You can call a home-owner
Re:If I may state the bleeding obvious (Score:3, Insightful)
It is thieves and vandals causing all those problems.
Hackers invented the micro/home/personal computer. Hackers invented the diverse protocols that allowed these machines to talk to one another. Hackers invented the operating systems. Hackers invented the Internet. A