Slashdot Mirror
Clean Needles for Hackers
scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."
Clean needles for hackers? What sort of analogy is that?
Addicts get clean needles in drug programs so they don't catch AIDS and start costing society even more.
In the case of hackers, a program on the same lines would give them money so they don't commit fraud and cost society even more.
If you wanted to find an analogy to writing more secure code in drug solutions it would be making it physically impossible for heroin addicts to take their drug (Cut their arms off? Lock them up?)
They are talking about User Mode Linux, not Unified Markup Language. How ridiculous.
Everyone is entitled to their own opinion. It's just that yours is stupid.
This isn't about letting hackers go free. It's about making systems more secure without having to violate civil liberties by enforcing draconian security measures.
Or, to put it another way, alleviating a symptom (rampant hacking) of a problem (programs with security holes) by actually solving the problem (using safer programming methods to close the security holes) while still punishing those who continue to try to hack, who, with these lower-level holes closed, will have to resort to higher-visibility methods where they are easy to catch using ethical (i.e. strictly-reactive) methods of law enforcement, rather than violating the rights of 10,000 innocent people for the sake of catching a single wrongdoer.
If you lock your systems down tight, you still have to worry about social attacks. Unless something is done, social engineering will always be one of the most effective, least difficult methods for gaining access.
One of the biggest needs of improvement is in employee education. Most people just do not understand why the password "Snoopy", or "office", or their name, their username, etc. is bad. They don't see why locking their desktop when they go to lunch is important. They're happy to tell you their username and password if you ask them (perhaps while throwing some confusing technical terms at them).
Some of the energy being spent (and there's a lot of energy people are putting into technical security measures) should be devoted to educating users on good security practices.
.sigs are for post^Hers.
People who break into other people's computers are trespassing. This represents an initiation of force -- a "natual crime" if you will -- because there is an actual breach of property rights
I certainly don't regard trespass as a 'natural crime'. In the UK, it isn't a crime at all. Only if damage is caused, or the area is restricted is it a crime.
The conflict between freedom to go where you will and enjoyment of property rights has been going on for centuries, without a clear resolution. For example, at Kinder Scout.