NBC News Confuses the World About Cyber-Security

Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."

Re:

[hcs_$reboot]

I don't know where all of this (beta) thing is going. But this is currently impossible to read a story at /. Not only everyone digresses into "beta", but also no relevant "mod" is performed. I just hope it all gets fixed quickly - whatever the solution is - that starts to be annoying.

Re: beta.slashdot.org

[Anonymous Coward]

Hi, it's called a "boycott."
Think of the "f beta" posts as picketing.
Also, this is pretty much a non-story.
Clueless reporter doesn't know what he's talking about - news at all damn day long on every news channel.

Re:

[dreamchaser]

A boycott would be people not using /. at all. At best all the complaining and 'fuck beta' posts are unproductive protests.

Re:

[Anonymous Coward]

A boycott would be people not using /. at all.

OK, call it a strike then. Or civil disobedience.

At best all the complaining and 'fuck beta' posts are unproductive protests.

It's disruptive, yes. Unproductive, no -- if it leads to the assholes pushing beta down our throats to reconsider.

Re:

[runeghost]

A boycott would be people not using /. at all. At best all the complaining and 'fuck beta' posts are unproductive protests.

That's coming. The complete boycott is Feb. 10th to Feb 17th. In the mean time, keep up the good work with the Beta comments everyone!

Re: beta.slashdot.org

[Anonymous Coward]

If you think it's bad with all these 'fuck beta' posts, try reading them on Beta!

Dice shit the bed. They are ruining /. and we're trying to show them our disdain for their poorly thought out actions. Their email address for us to send beta feedback to was full and rarely accepted messages (probably a metaphor for their position on the matter). So we went public with our frustrations.

I can't wait for a tech website to report on the /. revolt of 2014. I also expect a few MBAs to do their thesis on how not to

Re:

[hcs_$reboot]

I didn't say these beta posts are bad. I said Fix it! because it is annoying - whatever the solution is: improve || remove beta. /. is a very particular site with no equivalence. Some people want to create a new site, why not. But, as we say, you know what you have, you don't know what you'll get. So, I'd prefer to go for a mediation-solution, where everyone agrees on a strategy to have slashdot back on rails.

Yeah, yeah, we get it now...

[captainpanic]

There is a discussion topic about the Beta. It is only about 5 items down from this one. We all get it: you don't want the Beta (and I share your feelings, btw). But can we please just keep on enjoying Slashdot too?

Re:Yeah, yeah, we get it now...

[pitchpipe]

But can we please just keep on enjoying Slashdot too?

But that's the point isn't it? I want to keep enjoying Slashdot as I have for years, but that is most likely going to change, and well, there isn't a really good alternative out there. So I'm trying to communicate that in the one way that will make them reconsider: fucking up the comments. For some reason the Dice clones think that this site is very similar to a tech section from HuffingtonPost.com, and that all they need to do is tweak the UI to drive up traffic. If they can see that the fucked up comments are actually hurting traffic maybe they'll get the message that Slashdot really wasn't what they thought, and that it really is all about the moderation system and comments like everyone has been trying to tell them.

I'm not hopeful though. The sheer arrogance in corporate board rooms today is breathtaking. Look at the Xbone. They had lots of people shouting at them that they were headed for disaster, people who really cared. They told those people that maybe they ought to get with the times. Those people did: they bought PS4s.

Re:

[PGC]

Interesting how suddenly all Fuck Beta posts are modded away. PS. Fuck Beta.

Re:

[PGC]

The discussion about Beta is 5 items down, 6 items down, 4 items down, 3 items down, 2 items down, 1 item down, 0 items down and 1 items up ,,,,

Re:

[pitchpipe]

Right!? This [imgur.com] could be their marketing poster.

Re:

[Anonymous Coward]

Right!? This [imgur.com] could be their marketing poster.

Fuck New Slashdot. The good old /. would have used Natalie Portman!

Re:

[game kid]

I'll admit Slashdot has serious balls to link to a news site that just got its own redesign, with the exact response that this site's beta got (and deserved just as much).

Re:It's almost too easy

[Guy Harris]

I'll admit Slashdot has serious balls to link to a news site that just got its own redesign, with the exact response that this site's beta got (and deserved just as much).

No, it deserved it more. Next to nbcnews.com, beta.slashdot.org is a masterpiece of clean Web design. (Hell, the new nbcnews.com makes buzzfeed.com look not too bad.)

I use a better tactic

[SuperKendall]

My computer is password protected, and I simply don't give the password to NBC reporters. So far, no viruses yet! :-)

And these are supposed to be professional media

[SuperKendall]

This NBC thing is why I treat blogs and traditional media with equal amounts of respect and skepticism. The "real" media is actually far more prone to making things up wholesale than any blogger, who lives and dies by reputation, ever did.

Not Watching

[Anonymous Coward]

FYI, the world doesn't watch NBC.

Re:

[jmac_the_man]

The World Series is so-named because the best baseball players in the world come to the United States to play because US teams will pay them more money than teams in their country.

Re:

[Pope]

Nope.

Re:

[Jane Q. Public]

I could be mistaken, but I think the World Series was so-named because at the time, pretty much nobody else in the world played Baseball.

2% of USA watches NBC news

[raymorris]

Beyond that, about 7 million people, or 2% of the US, watches NBC news on a given night. 98% of Americans didn't watch that broadcast.

NBC News Confuses a Few Senior Citizens About Cybersecurity
Ftfy

Re:

[R3d M3rcury]

NBC News [nbcnews.com] vs. MSNBC [msnbc.com].

Not the same thing.

Re:

[Adult film producer]

Many people will and we're trying to stop it. Although my ID is quite high I've been here since '01 and will leave for good if that BETA junk is the new face of slashdot.

It's bad.. bad, bad. Let's stop it before it happens!

Re:Classic Slashdot

[amn108]

I thought people come here for content, not stylesheets?

Re:

[Man Eating Duck]

I thought people come here for content, not stylesheets?

Yeah, they come for the comments. Comment posting and -reading have many, many problems in the beta, some of them strongly degrading functionality.

Re:

[amn108]

Well, that's different. It's moronic to redesign things all the time, just to supposedly keep audience interest. Moronic. They could just change the stylesheets, if they knew their stylesheets from their content, of course. Instead they played dice with their entire userbase.

Re:

[Rakarra]

People come here for user-generated content, and the beta eviscerates that function pretty cleanly. Even the official dev feedback notes that the user comment feature is an afterthought.

Thinly veiled attack on Russian security

[Anonymous Coward]

They have publicly stated they plan on monitoring every internet connection originating from Sochi. Cellular or wired. Big surprise.

The word "cyber" is so 1999.

[j_presper_eckert]

No one here gives a shit about that lame "o noes hax0rz in mah cup of coffee" NBC article.

The real news is that, after having read tonight's even *more* lame, unhelpful, patronizing and disappointing Slashdot Beta feedback thread, it's now clearer than ever that this ship of ours is sinking. At long last, I think that Netcraft really HAS confirmed it. :/

Soulskill and the other Dice weasels may indeed be "listening" to us, but they've still got a righteous hard-on for destroying this website regardless of how many times we've rubbed their noses in the beta's odiferous offal. I don't believe their calculated, faux-caring, used-car-salesmen spiel for one moment.

The question now is: Exactly when do we take to the lifeboats, and to what safe harbor do we start rowing towards?

~JPE

Re:

[Tom]

after having read tonight's even *more* lame, unhelpful, patronizing and disappointing Slashdot Beta feedback thread

Strange, that must've fallen through my filters somehow. Where is it?

Watched the video

[sh00z]

Bonehead reporter couldn't even open the Macbook Air box! It shows him *tearing* one end open like it's a mailer. I would venture to say that every Apple product made in this century has pretty elegant "Frustration Free" (TM-Amazon) packaging. What an idiot.

Re: The sucky beta

[BigLonn]

It hate to be negative, what was wrong with the old /. ? The main priority of any website is that it works, the old one did. The new one looks sadly to be a buddy job, ya know, a job you give your buddy a job to keep them employed, and not really care what the consequences are. Ya know don't have to fix the old one, just go back to it and ditch the beta.

Re:

[phantomfive]

but it does have a few interesting features.

Like what?

Re:

[Racemaniac]

"appealing to a wider audience"

Re:

[arth1]

"appealing to a wider audience"

Why would they want to appeal to CowboyNeal? He's busy with his new site!

Re:

[VortexCortex]

"appealing to a wider audience"

Fuck Beta! My weight does not dictate my web design preference! I don't need them insinuating that we're getting fatter. It's called a CALORIC RESERVE. When the beta destroys the basement kingdoms, you'll be starving and wishing you were a wider visitor too!

Re:

[hmckee]

How did I get marked as a troll? Probably should have turned off the karma bonus. Oh, well.

The redesign is less cluttered. I like the static (always at the top) header. The comment widget is nice.

I only said there are a few things I like, there's a lot more I don't.

Re:

[phantomfive]

You got marked as troll for saying you disagree with everyone without giving specifics. Don't take it personally.

Re:

[hmckee]

OK, I guess I didn't fully understand how a revolt at Slashdot works and I've been here a long time. :) It's funny that my post gets marked down for being slightly positive yet others get modded up for saying only "Beta sucks!"

I tried modding in the big Timothy response article but most of the good comments were already visible. I'd really be happy with a site that just has article summaries and comments. I don't care so much about redesign, just fix the current issues.

Re:

[phantomfive]

Yeap. If you want to go against the group think, your writing must be more clear, and all-around better writing. It's just an artifact of the human tendency to not understand easily what they disagree with.

But we can still trust everything else, right?

[mc6809e]

I wonder what experts in other areas are complaining about.

It can't be just this one area they get wrong.

Sochi

[Anonymous Coward]

It's not hard to believe there might be a lot of attacks on wireless devices in Sochi. The place is pretty fucked up. Whether these reporters and their consultants know their ass from a wifi antenna or not.

From a story I've linked below:

Dmitry Kozak, a Russian deputy prime minister in charge of preparations for the Olympics, complained about water being wasted by hotel guests when said; "We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day,"

It didn't occur to Kozak that someone might have a problem [theverge.com] with being surveilled in the shower until after he blurted this interesting bit of knowledge.

You just have to wonder what sort of pay-offs went into this Sochi Olympics deal. Russia is a deeply fucked up place to begin with and Sochi is a special level of fucked up within that.

Re:

[swb]

Didn't the State Department issue some kind of data security warning, too?

Given the shadowy nexus of Russian organized crime and the intelligence services coupled with the security applied against the "terrorist" threat and the the opportunity to eavesdrop on a large amount of visiting dignitaries, it doesn't seem at all surprising that there would be a high threat environment.

I would think that you would expect your data connections to be sniffed at a minimum and probably attempts to intercept SSL which wo

Re:

[PRMan]

Why do you think they won't give out shower curtains? Because they block the camera of course.

Re:

[ckedge]

Are you sure he said "video"?

Running a shower against a wall is something I might do to defeat laser reflector and conduction audio taps.

They might just have an audio tape with nothing but the thunder of water on it, and be really pissed :)

ALSO CONFUSING - BETA

[Anonymous Coward]

Also very confusing is the existence of Slashbeta. It reflects badly on humans as a species for bringing such garbage into this world.

I'm confident when the sun dies and explodes into super nova whatever the fuck - Humans will look back on their entire history and regret most the creation of Slashbeta.

comp.misc on Usenet is the new Slashdot

[RocketRabbit]

Comp.misc on Usenet is the new Slashdot. It is a totally abandoned group, and I have already inaugurated it. Nobody even uses it, so we won't be offending anybody.

Come one come all, join the Slashdot exodus on usenet! Eternal September is a free Usenet provider, and you can read news with Seamonkey, MS Outlook, Opera, Unison (pay product), or the classic Unix programs such as tin, rn, slrn and so forth.

Usenet is free, distributed, uncensored, and allows you to shit-can offensive posters. While it doesn'

Re:

[Teun]

I've been and am using my real name and mail address on usenet since the 1990's, it has never caused me grief.

But there's a difference between registering with your real name and posting with it, the last is not what Eternal September enforces.

Confessions Of an Ex-SLASHDOT BETA user

[Anonymous Coward]

Day 1: It wouldn't stop, the redirecting. At first I thought it was malware. Had my first drink in a long time.

Day 2: Barely had the strength to carry on as the BETA REDIRECTIONS continue.. trying not to talk to hallucinations at the bar and in the bathroom which laugh at me about these redirections.

Day 3: Discovered the BETA redirections were random, and while at first they looked somewhat usable, when I looked at me and my monitor screen in the mirror, a horrible woman with flesh hanging off of her body l

not even in Sotchi

[tero]

..they were in Moscow..

Funny..

[Adult film producer]

How all of the comments about Beta are being moderated to ZERO or worse since that recent story.

Stay strong people... uprate slashbeta comments despite this blatant attack on the userbase.

Re:Funny..

[Thanosius]

Shit, you're right. There's no way the entire Slashdot community has immediately decided to down-mod fuck beta posts so quickly after the official discussion topic.

It's amazing DICE and associated fuckers honestly think we wouldn't notice this. They REALLY think we're dumb fucks.

Re:

[Vitriol+Angst]

Well, I'm not on either side of this F@ck Beta debate -- because I haven't even investigated it yet.

But it seems to me that -- just by random chance, that if there are more posts saying "F#ck Beta!" and they are all getting modded down, and yet, there are a few "gosh, you guys are immature" pro Beta comments, and they reach 5 -- all ten of them. Well it seems to me that other than saying something is a conspiracy theory because we all know there are NEVER ANY conspiracies, that it seems like the Pro Beta cr

Re:

[Vitriol+Angst]

Oh, and I haven't actually counted the pro beta vs. anti beta comments. I just brought a can of gas to this candle vigil.

Re:

[Anachragnome]

"Stay strong people..."

Can I be in your next movie? I want to be as FUCKed as BETA. /.

Since I cannot add this much to my signature, and the fact that signature isn't visible unless you are a logged-in user, this will have to do...

US5722418
+
US5644363
+
GoogleGlass
+
Acceptance
=
????

If history is any sort of an indicator, any rights we sell today, our children must buy back with blood tomorrow.

Re:

[Anonymous Coward]

The off-topic posts about beta annoyed me before there was a story about them, but I understood their reason. While there's a story on the front page where they're on-topic, I'd like to be able to find the on-topic comments on other stories.

Re:Funny..

[VortexCortex]

Well then go bitch about it to the beta overlords. Seems you need a USEFUL FEATURE: A filter option with boolean logic. It could run in JS so as not to consume server cycles.

In other words: FUCK BETA. If it was useful YOU WOULDN'T BE SEEING THESE COMMENTS.

Re: Funny ..

[tqk]

How all of the comments about Beta are being moderated to ZERO or worse since that recent story.

Stay strong people... uprate slashbeta comments despite this blatant attack on the userbase.

How you managed to pull off +4 Interesting for that, I can't imagine.

Dice, are you listening?

[Gordo_1]

What I really want in the new design, is easier access to SlashDataCenter and SlashCareers.... oooooh and SlashBI. I really can't get enough 'Business Intelligence' news formatted as a two paragraph article with a large stock image and zero comments!

Re:

[thegarbz]

Who gets their business intelligence from a site that has managed to set off a new record in pissing off the largest number of people in one go?

Seriously though this has got to be a world record. They say they inflicted 25% of users to this? Well this is a website which cripples servers all over the internet just by linking to them. 25% of that bandwidth is a metric fukton of pissed off users.

Wow, what a circus!

[jones_supa]

I don't like the beta either but I didn't expect this kind of chaos to ensue. No proper discussion can be had in any article as they are filled only with beta comments. Interesting situation indeed. I'm grabbing the popcorn.

Re:

[thegarbz]

Did you expect a proper discussion could be had about an article which describes a dumb clueless internet user thinking the entire world is trying to hack him because he doesn't understand how it works?

Re:

[PGC]

Not a proper one, but the discussions at Slashdot are usually informative and/or entertaining to read. But back to more important matters: Fuck Beta.

Same everywhere

[Tom]

It's the same everywhere you look. The current state of IT security is horrible, utter and total crap, and the main reason is that most of the people who work in the sector have no clue, starting from journalists like those and consultants and... well... almost everyone else.

The reason is that much like cryptography, real security is hard. It's not something you pick up in a week course when your boss decides someone in the team needs to specialize on security. There are a great number of actual experts and over the years I've had the pleasure of meeting or working with many of them, but it's a small world and the total number of experts available world-wide is far smaller than the demand for manpower in the security "industry".

Plus it's a bikeshed problem [wikipedia.org]. Lots of people know a little bit about security, so focus is given to the parts that people believe they understand, instead of the real problems. When I do consulting (I don't very much, I dislike it, but I occasional take jobs because I enjoy the problem, or the company) my metaphor for that is that in IT security, it is very easy to find someone who will sell and install you a 3-inch solid steel door with military level security locks for your front door, but very difficult to find someone who will walk around the house with you and point out the easily broken windows and the open basement door.

Here's a free business hint: When you hire a security consultant, ask them for a quick suggestion for a password policy. If you get the two decades old "at least x letters, at least 1 special character, at least 1 number", don't hire them. That bullshit was adequate on Multics systems in the 70s. Today, it will weaken your password security if you programmatically enforce it. (and yes, I have the data to back that up, but that's a short presentation and not a comment field).

So yes, these journalists are spreading bullshit. They are like the power users in a company - the nightmare of IT support. They probably know a little about security, just enough to get it wrong.

Re:

[magamiako1]

I disagree with you on the "most people who work in the sector have no clue" statement. People have long known about IT security issues. It's not like things like "sub7", "winnuke", "nimda", "code red", etc. weren't issues.

We've long known about NTLMv1 issues and it was strongly recommended as a hardening practice as early as 2001/2002 when Microsoft implemented it.

The issue has never been "nobody having a clue", but more like, "Management not giving a shit". Yes, the state of information security is atroci

Re:

[aaarrrgggh]

A very low percentage of IT people understand security issues to a sufficient degree to be able to act on them in the abstract. Talking to the director of IT at a very large defense contractor a few years back about a new proposed SCADA network, I showed him the plan for our isolated network, and the proxy/firewall connection to his corporate network, and asked him how they wanted to treat it. He was prompt to ask who needed access, how much throughput would it need, and if we needed more than one IP addr

Re:

[Tom]

I disagree with you on the "most people who work in the sector have no clue" statement. People have long known about IT security issues. It's not like things like "sub7", "winnuke", "nimda", "code red", etc. weren't issues.

I should've been more clear:

There are security experts, and there is the security industry. The two occasional meet to compare notes, most of which are beyond the understanding of the later.

The security "industry" is exactly the snake-oil job you describe, for most parts. Business people with just enough understanding of security to fuck it up really well, and well-meaning techies who know just enough to complete the mess. They package security into nice products... sorry, "solutions" and sell it at incredi

Not so much that it is hard

[DarthVain]

More so that it takes effort, involves more complexity, and costs more. Management doesn't want to pay for it, doesn't want projects to take longer because of it, and doesn't want to be inconvenienced by it.

That said, I have seen it swing the other way as well, heightened security being applied to everything regardless of risk due to silly policy. I had a project delayed by about a year to deploy an application because the security goons wanted to lock it down so much as to make it useless (making network c

Re:

[Tom]

It goes all ways. I've seen many security problems caused by tech people with little security understanding who didn't want to be inconvenienced. The sub-net that the developers set up for themselves because the corporate network is too restricted is often the one that is easiest to break into.

As I said: The most dangerous users are not the ones with no clue at all, but the "power users".

phone av?

[Necroloth]

there's antivirus software for phones?! I've never seen anyone use such a thing or hear it advertised. Perhaps it's because I'm safe... I use a Blackberry Z10...

Welcome to our world

[Lord Kano]

You know that angry "What the fuck?" bubbling up in the back of your mind?

That's how gun enthusiasts feel when news people start making nonsensical claims about guns.

When some dumb ass says "military style" or "assault magazine clip" or someone ridiculous nonsense, we feel the way you do watching this story.

LK

Re:

[Vitriol+Angst]

So like, when someone says "Bushmasters and AR 15 Assault weapons" and you grit your teeth because they are the same thing and that idiot commenting about guns are dangerous doesn't even know how much grain to pack in a good sniper bullet.

Personally, I'm really bored by guns -- so I can imagine someone NOT knowing all these details when they complain about a mass shooting totally destroys any credibility for you but not for me.

Re:

[Lord Kano]

Almost.

When someone uses "assault weapon", I roll my eyes and when someone uses "assault weapon" and "assault rifle" interchangeably, I grit my teeth.

I want to pull my hair out when some idiot says something like "You don't need an AR-15 or AK-47 to hunt deer, they are high powered killing machines unlike grandpa's deer rifle." but is blissfully unaware they these are unarguably less powerful than a hunting rifle. When some dumb ass uses the term "magazine clip" or prefixes any legitimate term with "assault

All the Slashbeta comments moderated to -1

[Anonymous Coward]

Fuck you DICE, fuck YOU VERY MUCH!

And fuck Slashdot Beta!

FUCK BETA

[Anonymous Coward]

Fuck beta.

Supervisors at the London Olympics monitored nobod

[pigsycyberbully]

Hi, I was one of many supervisors at the London Olympics. All the Routers that were put in every single athletes room had backdoors they were specially designed for the Olympic village. After the games they were destroyed. All mobile phone messages was monitored from a temporary prefabricated building which monitored mobile telephones, and any form of wireless communication. The reason given for monitoring everybody was in case somebody from within the village used a computer, or so on to communicate with s

slashdot beta is dying

[Anonymous Coward]

It is now official. Netcraft has confirmed: slashdot beta is dying

One more crippling bombshell hit the already beleaguered slashdot beta community when IDC confirmed that slashdot beta market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that slashdot beta has lost more market share, this news serves to reinforce what we've known all along. slashdot beta is collapsi

A problem with fearmongering

[Rambo Tribble]

Reports like this tend to leave the non-technical user overwhelmed and befuddled. What does someone who is ovewhelmed and befuddled do? They freeze up and do nothing, think "deer in the headlights". In other words, these things often exacerbate the problem. But, then, exacerbating problems to boost ratings is nothing new for the media.

Small world

[flyingfsck]

Confuses the world? A small world, even in the American sense of the world - which ends just a few hundred meters beyond its borders...

Re:

[xianzombie]

Of course there's meters outside the borders, that's how we charge Canada and Mexico. I'd venture to say there's maybe even a thousand of them to cover both borders

Phone Antivirus

[giantism_strikes]

I was under the impression that antivirus for phones was pretty much useless. The reasoning behind it was that it requires admin/root privileges in order to detect viruses, and most phones only let you operate in an app/user sandbox. The only time antivirus would have these type of permissions is during the install. Have I missed some step forward in phone antivirus applications?

NBC's tech 'expert' has come clean

[derekw]

NBC's tech expert finally confesses in his blog [bit.ly] three days after the TV broadcast: "Compromises can occur in Russia just as quickly as in any other country ... All the attacks required some kind of user interaction." This contrasts to Tuesday's news broadcast: "Visitors to Russia can expect to be hacked ... it's not a matter of if but when." NBC fabricated the story to mislead their viewers.

Re:

[Notlupus]

Flappy butts