NBC News Confuses the World About Cyber-Security 144
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
The word "cyber" is so 1999. (Score:4, Insightful)
The real news is that, after having read tonight's even *more* lame, unhelpful, patronizing and disappointing Slashdot Beta feedback thread, it's now clearer than ever that this ship of ours is sinking. At long last, I think that Netcraft really HAS confirmed it.
Soulskill and the other Dice weasels may indeed be "listening" to us, but they've still got a righteous hard-on for destroying this website regardless of how many times we've rubbed their noses in the beta's odiferous offal. I don't believe their calculated, faux-caring, used-car-salesmen spiel for one moment.
The question now is: Exactly when do we take to the lifeboats, and to what safe harbor do we start rowing towards?
~JPE
Sochi (Score:4, Insightful)
It's not hard to believe there might be a lot of attacks on wireless devices in Sochi. The place is pretty fucked up. Whether these reporters and their consultants know their ass from a wifi antenna or not.
From a story I've linked below:
Dmitry Kozak, a Russian deputy prime minister in charge of preparations for the Olympics, complained about water being wasted by hotel guests when said; "We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day,"
It didn't occur to Kozak that someone might have a problem [theverge.com] with being surveilled in the shower until after he blurted this interesting bit of knowledge.
You just have to wonder what sort of pay-offs went into this Sochi Olympics deal. Russia is a deeply fucked up place to begin with and Sochi is a special level of fucked up within that.
Re:It's almost too easy (Score:2, Insightful)
I'll admit Slashdot has serious balls to link to a news site that just got its own redesign, with the exact response that this site's beta got (and deserved just as much).
Re:Yay! Beta moderation at last (Score:3, Insightful)
but it does have a few interesting features.
Like what?
Re:beta.slashdot.org (Score:3, Insightful)
Re: beta.slashdot.org (Score:2, Insightful)
Hi, it's called a "boycott."
Think of the "f beta" posts as picketing.
Also, this is pretty much a non-story.
Clueless reporter doesn't know what he's talking about - news at all damn day long on every news channel.
Same everywhere (Score:5, Insightful)
It's the same everywhere you look. The current state of IT security is horrible, utter and total crap, and the main reason is that most of the people who work in the sector have no clue, starting from journalists like those and consultants and... well... almost everyone else.
The reason is that much like cryptography, real security is hard. It's not something you pick up in a week course when your boss decides someone in the team needs to specialize on security. There are a great number of actual experts and over the years I've had the pleasure of meeting or working with many of them, but it's a small world and the total number of experts available world-wide is far smaller than the demand for manpower in the security "industry".
Plus it's a bikeshed problem [wikipedia.org]. Lots of people know a little bit about security, so focus is given to the parts that people believe they understand, instead of the real problems. When I do consulting (I don't very much, I dislike it, but I occasional take jobs because I enjoy the problem, or the company) my metaphor for that is that in IT security, it is very easy to find someone who will sell and install you a 3-inch solid steel door with military level security locks for your front door, but very difficult to find someone who will walk around the house with you and point out the easily broken windows and the open basement door.
Here's a free business hint: When you hire a security consultant, ask them for a quick suggestion for a password policy. If you get the two decades old "at least x letters, at least 1 special character, at least 1 number", don't hire them. That bullshit was adequate on Multics systems in the 70s. Today, it will weaken your password security if you programmatically enforce it. (and yes, I have the data to back that up, but that's a short presentation and not a comment field).
So yes, these journalists are spreading bullshit. They are like the power users in a company - the nightmare of IT support. They probably know a little about security, just enough to get it wrong.
Re:Yeah, yeah, we get it now... (Score:0, Insightful)
There is a discussion topic about the Beta. It is only about 5 items down from this one. We all get it: you don't want the Beta (and I share your feelings, btw). But can we please just keep on enjoying Slashdot too?
No. Fuck beta!
Re:Yeah, yeah, we get it now... (Score:5, Insightful)
But can we please just keep on enjoying Slashdot too?
But that's the point isn't it? I want to keep enjoying Slashdot as I have for years, but that is most likely going to change, and well, there isn't a really good alternative out there. So I'm trying to communicate that in the one way that will make them reconsider: fucking up the comments. For some reason the Dice clones think that this site is very similar to a tech section from HuffingtonPost.com, and that all they need to do is tweak the UI to drive up traffic. If they can see that the fucked up comments are actually hurting traffic maybe they'll get the message that Slashdot really wasn't what they thought, and that it really is all about the moderation system and comments like everyone has been trying to tell them.
I'm not hopeful though. The sheer arrogance in corporate board rooms today is breathtaking. Look at the Xbone. They had lots of people shouting at them that they were headed for disaster, people who really cared. They told those people that maybe they ought to get with the times. Those people did: they bought PS4s.
Re:Funny.. (Score:4, Insightful)
Shit, you're right. There's no way the entire Slashdot community has immediately decided to down-mod fuck beta posts so quickly after the official discussion topic.
It's amazing DICE and associated fuckers honestly think we wouldn't notice this. They REALLY think we're dumb fucks.
Re: beta.slashdot.org (Score:1, Insightful)
If you think it's bad with all these 'fuck beta' posts, try reading them on Beta!
Dice shit the bed. They are ruining /. and we're trying to show them our disdain for their poorly thought out actions. Their email address for us to send beta feedback to was full and rarely accepted messages (probably a metaphor for their position on the matter). So we went public with our frustrations.
I can't wait for a tech website to report on the /. revolt of 2014. I also expect a few MBAs to do their thesis on how not to ignore your content providers and ad targets when they provide unmistakable signs of disappointment and resistance.
Re:Funny.. (Score:3, Insightful)
The off-topic posts about beta annoyed me before there was a story about them, but I understood their reason. While there's a story on the front page where they're on-topic, I'd like to be able to find the on-topic comments on other stories.
Re: beta.slashdot.org (Score:3, Insightful)
A boycott would be people not using /. at all. At best all the complaining and 'fuck beta' posts are unproductive protests.
Re: beta.slashdot.org (Score:2, Insightful)
A boycott would be people not using /. at all. At best all the complaining and 'fuck beta' posts are unproductive protests.
That's coming. The complete boycott is Feb. 10th to Feb 17th. In the mean time, keep up the good work with the Beta comments everyone!
Re:Funny.. (Score:4, Insightful)
Well then go bitch about it to the beta overlords. Seems you need a USEFUL FEATURE: A filter option with boolean logic. It could run in JS so as not to consume server cycles.
In other words: FUCK BETA. If it was useful YOU WOULDN'T BE SEEING THESE COMMENTS.