Slashdot Mirror
Inventor of Proxy Firewall Blames Hackers
An anonymous reader writes "SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better:
Truly, the only people who deserve a complete helping of blame are the
hackers. Let's not forget that they're the ones doing this to us. They're the
ones who are annoying an entire planet. They're the ones who are costing us
billions of dollars a year to secure our systems against them. They're the
ones who place their desire for fun ahead of everyone on earth's desire for
peace and the right to privacy."
with their hair and thier clothes, and thier music! I can't stand 'em!
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
Here comes 100+ comments attempting to rationalize the need for hackers.
Truly, the only people who deserve a complete helping of blame are the
hackers. Let's not forget that they're the ones doing this to
us. They're the ones who are annoying an entire planet. They're the
ones who are costing us billions of dollars a year to secure our
systems against them. They're the ones who place their desire for fun
ahead of everyone on earth's desire for peace and the right to
privacy."
Ok, but swap a hacker's desire for fun with a software companies
desire to make money without properly taking responsiblity for
securing their product and one could also write:
Truly, the only people who deserve a complete helping of blame are the
software companies. Let's not forget that they're the ones
doing this to us. They're the ones who are annoying an entire
planet. They're the ones who are costing us billions of dollars a year
to secure our systems against them. They're the ones who place their
desire for profit ahead of everyone on earth's desire for peace
and the right to privacy."
It is like a credit card company saying that if someone breaks into
their systems and steals my credit card number, that is my
responsibility - or maybe it is the hackers fault. Well sure, it is
my fault for using a stupid bank, and the hackers fault for committing
the crime - BUT SURELY the bank has to take some fault for making this
whole possible - right?
Blame Canada
bieng the inventor of said firewall they have most asuredly paid your bills for sometime.
I am Bennett Haselton! I am Bennett Haselton!
How dare a large american mega-corperation that wants to keep our private data on their systems and make money off selling it have to spend any money protecting it.
Yes hackers are a pain in the arse, so are spam merchants. Thats life, live with it.
In other news the inventor of the Yale lock blames thieves for the invention of the lock, which irritates us daily.
"They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them."
Hmmm.
I think security measures are always going to be necessary because we will never live in a world where everyone is happy and content not to steal something from someone else.
Call me pessimistic.He is also 100% wrong. No one wants to live in a world where we have to lock our doors. Everyone wants to live freely without worry of being taken advantage of. It is absolutely the fault of the "evildoers" that we must put locks on our windows and worry about the footsteps following us down the dark, reeking alleyway.
But it is also our own responsibility to be sure that we can prevent people from taking advantage of us. This means that we must have those locks and firewalls. To neglect this is to essentially invite attack and intrusion. And if it isn't at the hands of one group, it will be at the hands of another.
We don't live in a perfect world, so it's important that we have adequate locks.
Yak Yak Yak - started it all. Find me some Gibsons!
Let's forget the fact that hackers exist for a moment...
These companies would have millions of customers' data out in the open if they could? Personally, I'm glad there are people out there testing these systems to the extent that they are.
I live in a gated community in a town where crime is essentially zero, but we still lock our doors when we're not at home or when we're sleeping.
Rome builds shitty wall, Emperor blames failure on existence of barbarian hordes.
It'd sound fucking ludicrous to read that in a history book, it's no less ludicrous to read that in a modern context.
Dude, grow a pair.
Perhaps five or ten years ago it would have been plausible to say that computer criminals were largely breaking into others' machines for fun -- but even then, as Clifford Stoll discovered, there were exceptions. Then it turned into more of an organized enterprise. People controlling most of the infected machines on the Internet are NOT doing it out of curiosity or fun: They are doing it for power, and exploiting that for criminal enterprise.
In the past years, we have seen profit-seeking criminals discover how useful insecure systems are to them. The major disruptions now are not caused by simple thrill-seekers.
programmer => hacker
criminal hacker => cracker
criminal non-hacker => script kiddie
"Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."
Is it just me or does this sound like a Onion story?
Sit... Speak.... Shake.... Good Dog!
the firewall or the hacker?
abcdefghijklmnopqrstuvwxyz
How about locks? If only some people wouldn't place their desire for our property ahead of everyone's else's deisre for property and privacy. They make us run around with keys.
Maybe it's sad, but I guess it's just the nature of the beast. Whole other industries exist for these kind of phenomena, and yes, firewalls are included.
I guess that is why all the prisons are full of hackers not murderers, rapists, etc.
-1: Unrelated. Murderers and rapists aren't the ones comprimising computer networks.
Perhaps you missed the "costing us billions of dollars a year to secure our systems" bit you quoted?
Hackers exploit code that is insecure. Who are the ones who make this code insecure, the good guys. So if people weren't so obsessed with releasing products before they have been reviewed for security, or giving programmers time to create more secure applications then hackers would have a harder time doing the things they do. If anything the recent rise in this type of activity has done nothing but benefit the user in the long run because it is forcing companies to develop more secure and efficient code. I mean when's the last time in the last couple of years you heard Microsoft pushing back a windows release to improve security? Although not all hackers are beneficial and sometimes their motives can be questionable, I think in the end they provide some good, and have even helped spawn completely new IT sectors
I love to deploy my packages
hey're the ones providing you information for you vulnerability scanning software.
They're the ones giving you an oportunity to earn a nice salary at the end of the month.
"Locks only keep honest people honest." Such is the same with all security measures. Anything that is created by man can be defeated by man.
Cliff Claven
K.E.G. Party Chairman
Founding Leader of: Koncerned for Egalitarin Governance
They just find the holes and make the tools.
The people doing the damage are low life scum who buy Spam packages from other low life scum, and set up their own little mom and pop operations. Or script kiddies who create zombie farms from tips and tricks learned in IRC rooms.
They probably barely know how computers work, and not a lick of programming. But they can surely run a spamming or DOS script.
We should no more blame the hackers for spam and DOS attacks than we should blame Napster for music piracy, or crowbar manufacturers for house breakins.
And we don't... do we? *checks slashthink manual*
Virus writers, crackers and their ilk are the predators and pathogens of the Internet ecosystem. They kill off the weak and make the rest stronger.
What would you prefer? An Internet full of weak hosts, with a wealth of unexploited security holes and weakly configured security systems, where your security is left up to the good will of others (everybody just play nice now)? Or one where leary vendors and service providers stand in constant vigilance over security issues, because they have to. The wolves are circling the herd.
What would happen if all the 'hackers' just went away? Everyone would get complacent. Security holes would proliferate, until the temptation just became too large and someone takes it all down in one fell swoop.
I don't know where to begin on this one.
If there weren't any burglars around, I wouldn't have to lock the doors of my house.
If everyone would abide traffic rules, the need for airbags etc. would vanish.
This guy is not only complete missing any connection with the outside world, he also forgets that there are thousands of people working in the (IT) security industry, making a living. It may sound silly, but we keep our economy going this way. This is why there are so many economists/therapists/lawyers/communication advisors/etc. around.
I feel like feeding the troll here. Time to knock it off...
*gollum, gollum*
My web domain.
I can spread kerosene puddles all over the house, but be blameless, while the idiot who comes in with a lit cigarette is at fault.
Would you rather have it so that you were liable as well? If someone broke into your house and stabbed your family with your kitchen knives, would your family be liable for owning them and keeping them out in a block on the counter?
IPv6 should be the future. Do you see a more secure future then?
No, IPv6 isn't going to solve anything.
I liked this line the best. I'm tired of the people who prattle on about how NAT has broken the internet and how IPv6 will negate the need for NAT and solve all our security problems. That line is a bunch of crap and now we have someone of authority acknowledging that. As for the "out of addresses" excuse, don't even get me started.
As nice as it is to think that the world would be in perfect harmony without hackers, it is little more than a pipe dream. Throughout history, humanity has been plagued by the selfish nature of its constituents ('human nature' just does not jive with the 'common good'), and that is a fact I would argue is on par with Death and Taxes. We as a society have to be realistic here, and we as the geek community, the developers of software, have to take the responsibility to make high quality, secure software, because you just can't trust the public. Wasting our efforts by complaining about hackers is foolhardy.
I'd rather be cycling.
One of the reasons Ranum is such a bitter guy is that he never made any money out of his products. He was always working for someone else and never got a piece of the action. When he finally had his own company (NRF) the product we ill defined, then attempted to redefine itself as an IDS, but was never able to keep up with the performance of modern networks.
"They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."
And they're the ones you should be thanking. They expose your vulnerabilities and make you secure your system against those who don't just want to hack you for "their desire for fun", but are competing with your company and will use the information they get to bring you down.
Having insecurity is a plus to the world as it raises peoples awareness of issues and in the long term security should hopefully improve. "hackers" will get better and better to keep one step in front but at the end of the day if the user is well protected then they will be at a lower risk than those that use windows 2000 or redhat 5.2 with no patches.
Interesting. Does he also blame "the burglars" for "costing us billions of dollars" to secure our homes against them? For "placing their desire for fun ahead everyone on earth's desire for peace and right to privacy"?
It's very easy (and stupid) to blame problems like these in a poorly-defined class of people. It achieves nothing. It would be far more productive to analyse what exactly makes it possible, easy and acceptable for people to "hack" -- in the sense that most people doing it wouldn't consider to be thieves (I believe), but are happy to invade other people's computers.
If we got rid of all the hackers, wouldn't we still need to secure our networks from governments, criminals, terrorists, rival business, etc?
I think the blame lies with them more then just hackers.
He probably didn't think it was entirely accurate.
We spend billions of dollars per year to FIX OUR SYSTEMS because they are built with faults that the builder should have known better than to engineer in. His rant would be more meaningful if the negligence of certain companies weren't dramatically aggravating the problem.
The fact that he's a guru doesn't alter the fact that he's full of shit.
Corps have to clean up after certain operating systems infected with certain classes of malware because of pisspoor engineering.
The script kiddies are secondary. Like obnoxious drivers are secondardy to the problem of SUV's that have blowouts or rollover.
Engineered systems are expected to be able to take a certain level of abuse.
A Pirate and a Puritan look the same on a balance sheet.
I see every day the results of poor practices, shoddy software, and just plain old stupidity when it comes to security. Fix those first, then worry about the hackers.
LOAD "SIG"
RUN "SIG"
Canada is innocent. I blame it on the Boogie(TM).
Perhaps Marcus secretly likes hackers. Consider the hidden subtext in his statement:
Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy.
Ask me about repetitive DNA
Could you let me know where you live?
I would like to "express" myself as I please.
They should be the first against the wall when the revolution comes.
Who exactly are you refering to?
Obviously this guy has never heard of espionage. *Most* (not all) hackers/crackers get in, poke around, and leave. I've known a few that actually fix shit on the way out, and leave friendly notes (though I think more highly of the do no harm crowd).
The *REAL* danger are corporate spies who not only want your secrets, but also plant spyware, or destroy infrastructure to hamper a competitor. There is also the growing instances of state-sponsored computer cracking whereby poorer nations (particularly the axis-of-evil states) seek to leverage the power of attacking information infrastructures instead of the physical infrastructure. Remember, the US didn't take down the Soviet Union by dropping bombs and shooting bullets. We bankrupted their ass in a nice game of 'keeping up with the neighbors'.
I think that's kind of implicit, but as he says, there would be no need for security without hackers. Of course, his comments are no more insightful than saying it's only because of thieves that we have to spend money on locks. Well, duh.
It's not insightful, but it is true. Hackers are to blame for our current security needs.
While I don't think *cracking* is right ( nevermind arguing the semantics of it ), I don't think it's relevant to complain about them. It's like getting annoyed with bacteria, and blaming it for the invention and need of anti-bios.
Yes, if it weren't for x we wouldn't need y. However, much like bacteria strengthens the body, crackers strengthen our software. Albeit in a round about way.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
The Hackers are not available for comments.
In other news, Jonh Key, a bolted lock inventor ended his interview stating: "Truly, the only people who deserve a complete helping of blame are the burglars. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our homes against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."
The Sig, the sig
Which idyllic part of Canada do you live in?
The house we bought in the nicest part of Vancouver last year came with security bars on the 1st floor windows, an alarm system and triple locks on the doors. Maybe the previous owner was a bit paranoid, but a private security firm has just started patrolling the area near us due to a rash of break-ins.
Vancouver has the highest rate of car theft in North America hence the arguably successful bait car program.
You might argue that we don't lock our doors in the daytime when we're home, but the number of home invasions is making that less common.
If you don't want to repeat the past, stop living in it.
HARTMAN Jesus H. Christ! Private Pyle, why is your footlocker unlocked? PYLE Sir, I don't know, sir! HARTMAN Private Pyle, if there is one thing in this world that I hate, it is an unlocked footlocker! You know that, don't you? PYLE Sir, yes, sir! HARTMAN If it wasn't for dickheads like you, there wouldn't be any thievery in this world, would there? With full credit to Kubrick, Herr, and Hasford, there is some wisedom in this quote. If folks would secure their software there wouldn't be a temptation to try to get in. I know that it is impossible to make something 100% secure; however, leaving the door wide open (as many software vendors do) only adds to the problems.
This signature intentionally left blank.
The idiot who comes in with a lit cigarette is doing nothing wrong and, supposedly, didn't intend anything evil. You're a moron for spreading kerosene all over the house. The cigarette dude isn't to blame. This is just an unfortunate incident caused by owner neglect and stupidity.
Not so with the hacker. The hacker might know the owner neglected to have decent security on his system but he's still entering the system with malice in mind.
You can call a home-owner ignorant for not locking the doors of the house but the thief who waltzes in the front door and steals the TV is still a prick and is the one who should be punished.
Even though I am on the defensive side, trying to keep my servers safe from crackers, script kiddies and so on, I do apreciate these groups for existing.
If they didn't exist, I would really have felt much more unsafe from espionage and the prying eyes of national and international bodies.
From my stance, confidential information must be very well protected, and if you put available on the internet, you better have secured it or face the consequences.
By knowing that crackers exist, you might hessitate to put important and confidential information online, imagine how it would be if everybody only talked about cracking as teoretically possible!!! Spies would never tell what they do, they would be everywhere! Knowing your accounting, your secret papers, everything, for nobody would care to improve the security of their products from something that was only teoretical... All the good guys would have no privacy whereas only the black hats would be able to move around as they liked.
Face it - the world have all kinds of people - angles, devils, and all sort of people in between. To be hit by someone who expose you is many times better than to be hit by those who simply abuse the information without any words.
What about the billions of dollars a year to fight crime and terrorism? That's all the same. You'll always have vandals attacking any kind of environment, be it real or virtual. Software developed with security concerns in the first place will require less fixes or addons later.
Have you never heard the saying "Your freedom ends where my nose begins"? Swing your arms around all you want, but if you swing your arm into my nose, that is a crime. Breaking into someone's computer is morally and legally no more justified than breaking into their house. Nobody would care -- and the computer anti-virus industry would not exist -- if viruses were only targeted at willing victims.
Hacking (in the illegal sense) is just asking for trouble. IMO anyone who does it deserves a few years in solitary... Maybe if they just outright hacked anyones head off who did it, then the others would get a clue and stop. :-P
I blame criminals in general for making have:
* Locks on my house doors and windows
* Locks on my car doors
* The fun of car alarms
* Having to put a key into a car to start it, instead of just having a "start" button
* Lock on my laptop at work (my company is big enough where people will steal a laptop off your desk.
* Not letting me keep piles of cash on my front lawn.
I'm trying to make the point that criminals exist in this world, and you have to deal with it. If you don't protect yourself, you will be prayed upon by the ones that want to do harm to you or others. We are in a world where you have to put up a defensive barrier around yourself, as being an aggressor (attacker) is against the law (being a vigilantly).
Its not what it is, its something else.
the Russian mafia, assorted lesser criminals...
Has this guy ever heard of corporate espionage? Granted, it's probably easier to just do an inside job rather than hack network security... if the security is competently done. I don't think any of the usual suspects would pass up an opportunity to be lazy if the PHBs running their target decided to oblige.
At least with your stereotypical "hackers" you'll know you've been hacked, what with your home page redone in leet-speak and all. Professionals will keep you in the dark as long as possible.
In other news, burglers are the reason people have to have locks on their doors and windows.
The article is actually pretty interesting. Sure, this guy is very opinionated, but it's an interesting read (the post made that point). His point about who needs to be blamed for the security issues was taken out of out context.
If we consider the Internet as a big local network, we will see that some of our neighbours keep getting exploited by spyware, virus, and so on. Who should we blame? OS producers? Or our neighbours that chose that particular software and then run it without an appropriate secure setup?
There's enough blame for everyone.
Blame the users who don't secure their systems and applications.
Blame the vendors who write and distribute insecure shovel-ware.
Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.
Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.
Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.
Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and [the] right to privacy.
"Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations."
Can something still be considered slander if it's true??
Time is an illusion. Lunchtime doubly so. - Douglas Adams
Seriously take some responsibility. Yes malicious hackers are annoying and cause damage, but coders writing vulnerable programs are also responsible. If I buy a car and it is found out that there is a known defect that could adversely affect me as the driver what happens... How about not trying to place blame (because if we are then I can point out a lot of software that has the same vulnerabilities over and over and over again...)
News Reporters Make Tasty Polar Bear Treats!
In a related story, the designer of the Great Wall of China blames Mongols.
Don't blame Durga. I voted for Centauri.
mod this story -1 Troll?
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
... wait for it.....
A REDNECK FIREWALL!!!
mu ha ha ha ha.... oh my just breathe...
Oh, and you are not allowed most places to "booby trap" even your own property.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Is anyone ever "truely" secure?
"God of Rock, thank you for this chance to kick ass. "
Everyone's putting this into a context of some sort, so here's mine:
We have cops because there are criminals. But according to the reactions I've seen so far, the cops should be happy we have murderers and theives because they wouldn't have a job otherwise.
What kind of sick, screwed up logic is that!? And why in the heck are people trying to twist the reaction towards this end?
There are hackers, so we created defenses...which in the mirror means we have defenses 'cause there are hackers. We should be thankful there are hackers so we have defenses? Fuck that. And fuck anyone who thinks that.
I have a lock on my front door because there are theives, but I don't go home each night, lock the door, get down on my knees and say "praise the lord there are theives so I can have this lovely door lock!"
It is only prudent that, given that I have something to lose, I should endevour to protect it. Theives (and the like) are not only the reason but the RESULT of having these locks.
So there are these people out there, called hackers, who get some kind of sick joy out of harming, destroying, discrediting and ruining people and their lives. They are the reason for the protections we have, but there is no reason we should be happy we have them. This guy in this article is right, the hackers are a problem and a menace. I say fuck them.
I will not give any glory to hackers. You don't complement the enemy.
The troops are there to protect us from the enemy. I will not thank the enemy for giving me a reason to have troops. I would rather not have to have them. And though we don't live in a WallGreens world, I can't believe anyone would rather have to spend massive amounts of time and money, than not. Fuck the hackers. Fuck their supporters. And fuck anyone who thinks the hackers are just innocent dorks having "fun."
What does this guy have against hackers?
If he's in geek denial I can understand that, and if he has a problem with a particular hacker that compromised his security I can understand being a bit bitter on that one too, but it's no reason to demonise every top-notch programmer in the world with such a broad brush.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
That should be your, not you're.
It is often about keeping employees 'in'; logging where they go, restricting what services they use, etc. Not every wall is to keep people out. Many places I have seen put far more effort into keeping the employees 'in-line' then blocking outside threats.
*Dramatic drum roll*
...but (hopefully) a measly few of us are crackers.
A LOT OF US ARE HACKERS!
Every so often the media prints bad stuff about hackers. More often than not this is a misnomer. A cracker -- the correct term -- is a person who uses computers to do Bad Things (breaking copy protection, committing electronic break-in and theft, writing viruses, etc).
On the other hand, the term "hacker" describes a skillful and devoted programmer. Yes, hackers break some rules, but so do artists - it's a good bad attitude. To stay in that context, for obvious reasons hackers would no more be affiliated with crackers than artists would with graffiti scribblers (though even graffiti has its good and bad sides), so naturally the "hacker" vs. "cracker" discord perpetuated in the media is uncomfortable.
Anyway, in spite of constant media abuse I will not eschew the word. In fact, I frequently pester journalists about their term misuse, though I realize that attempting to enlighten the media about their misconception is probably a lost battle by now, after years and years of misuse.
But, as they say, you miss 100% of the shots that you don't take.
Go ahead, mod me down. Be a sheep.
"Good news, everyone!"
I hardly see how hacking into somebody's system and snatching their data is "democratic". If some hoodlums came by your house and tagged it with spray paint, would you just shrug your shoulders and say "Crazy kids, they're exercising their democratic right to expressing themselves.
There are many industries making life out of people's misery. Think about the drug companies and the anti-virus companies. Do you think they want disease and viruses to go away?
They make their living out of TREATING other peoples' misery, not by creating it.
Taking guns away from the 99% gives the 1% 100% of the power.
There will always be evil so long as there is good and vice versa. One can't exist without the other at least as I understand it.
I think we should be grate full for the curious hackers thats tried security out for free during the history of networking and so on. As they have put light on issues that otherwise would have been ignored and then later used to totaly destroy systems/data when someone with a mission of terrorism tried the same thing.
Its offcourse annoying but much preferred to actually be all out attacked when ever a flaw is discovered.
If there had never been any hackers our systems wold be so easy to exploit when one would appear that its mind numbing to think how quickly basicaly every system in the world could be stoped by a single virus. Who cares about servers, think centralized control systems for trafic lights and airports, power systems, etc etc...
God bless the curious hackers
Perhaps you missed the "costing us billions of dollars a year to secure our systems" bit you quoted?
It was more to highlight that problems in any society cannot have the fault lain completely upon a certain group. The difficulty is that people cannot, in general, be trusted. As described in the many other replies to the article, we lock our doors at night, etc... To say that one group of miscreants embodies all the distrustful people is unrealistic. The problem lies at the heart of societal problems that generate other criminals, if not those of the more severe crimes mentioned.
So, if "hackers" didn't exists, or more correctly crackers, and our systems were left open without the billion dollar protection then anyone could access this information. So, then the distrustful people of the world that aren't the magical hackers could gain access to it. But no one would do that because that sort of deviant behavior is demonstrated by only those dastardly hackers
Now that I come to think about it, the human drive that motivates people to attack others - aggression, envy, desire, jealousy, resentment, greed or whatever - are the same human behaviours that we've always displayed throughout recorded history. They didn't stop us moving from Ur to megalopolis, hunter-gatherer to modern societies and so on, and they're not going to stop computers having an overall beneficial effect. Speaking personally, I'd be out of a job if no-one was a threat to my employer, so to be honest it doesn't bother me. It's a callous thing to say but every time there's a big hack that makes itto the news, I mail my boss with the URL and we look forward t ohaving more ammo for demanding more resources and greater input into development and ops practices, for instance. (The 40million Mastercards hack was a great example: it'll probably turn out to be "only" a few tens of thousands of cards, but it's the 40 million figure that the non-technical management will remember - and that will concentrate their minds on the importance of security. (I don't mean _my_ management of course - they take infosec _very_ seriously, which is why they hired me :)
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
"They're the ones who are costing us billions of dollars a year to secure our systems against them."
Those billions of dollars in system security have created an entire market segment that employs thousands (hundreds thereof?) of people and provides fuel for the economy.
Aside from this, you can't really blame the bad guy by saying "if it weren't for the bad people, we'd all be much better off." Well no shit, Sherlock. The fact of the matter is, there will always be bad people who will cause more trouble than they're worth. So instead of pissing and moaning about the "bad people", just do what you can to provide fewer opportunities for them to do their thing. In this case, that means write better software, design better systems, provide better security tools, etc.
-kidlinux.
They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy.
Damn, I've been hacking strictly for profit. Hours and hours on end of blackmailing small business owners, endless digging through corporate temp folders, sleepless nights coding new trojans... all to make a few bucks. I didn't know it could be fun as well!
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Heh, reminds me of a commercial. Guy is playing golf and continues to smash windows instead of in the hole. And his friend says "better luck next time." The bad golfer then goes into his company car, which is for a window repairshop.
What's the point to this post? No point. I like the commercial. Oh, and if it wasn't for hackers, companies would have to develop their own virii to scare people with.
And it's these criminal hackers that put monetary worth ahead of personal integrity that are giving real hackers a bad name. The word "hacker" gets thrown around so wildly sometimes, without any real distinction that there can be good and bad hackers.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
He's correct in his assessment of blame. The people who hack systems, break stuff, spread viruses and bot networks etc are 100% responsible for their actions. They are violating laws left and right with no regard for others.
Yes, insecure code, a lack of a firewall or antivirus software opens you up to potential attacks, or not having the latest security patches. However that doesn't excuse an actual attack.
By the reasoning of most of the posters here, unless your home is as secure as fort knox, anyone who breaks in and steals stuff isn't really to blame... I mean, come on, you could have protected your house better. Put in pressure plates and motion sensors. Try a laser grid on the floor. Armed guards, time sealed doors, attack dogs etc. Anything less and, geeze, you're practically inviting them in to take your stuff!
That's what the Internet is like. You really have to lock up your system like Fort Knox to keep yourself safe. Even then, the burglar could find a spot in the security system that isn't fully covered and get in that way.
The ONLY secure machine is one that is sitting in the corner, surrounded by a lead box, not connected to any network or power supply. A useless machine really.
Those who attempt to maliciously exploit vulnerabilities deserve every once of blame you can possibly assign to them. I personally want to kick the guy in the balls that did the Blaster worm... took weeks to get my old workplace cleared of that thing. Just because it is POSSIBLE to exploit something does not mean you SHOULD exploit it. Too many people online use the reasoning that if it's possible it should be allowed.
It's also the robbers who are responsible for costing us $trillions for locks, security systems, and maintaining a police force.
And they're been doing that for millenia, with no signs of stopping.
Sigh.
I blame Microsoft! Really, I do!
...they'd be impervious to break-in even by a SWAT team backed up with a tank. Doors and windows with locks suffice. But they are not at all resistant to break-in with the most minor of tools as latchkey kids with a coat hanger prove all across America constantly to their parents.
The point is that your system is yours, no different from your home and there is the tacit understanding that no one sees of your home but the facade you put out for them to see. The inside is your own, what your keep there is your own, and no one has the right to invade it. Hackers are no different than misbehaving teen goons who break into homes to mess around and prove they can do it if not to actually vandalize and steal.
We should treat them no differently and those geeks who sympathize with them and in many cases wish they could be them need to stop and understand that their civil rights are everyones' civil rights. If you don't think people have the right to go through your stuff at will without your permission, others have that same right too and those who won't respect those rights need to be punished by society if we're going to keep those rights. Apathy by the masses with regard to their privacy and the privacy of others is guaranteed to destroy their privacy forever.
Mere decency and mutual respect should be enough. Sad that it isn't.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
To say hackers are evil is like saying germs, viruses, and carnivores in general are evil. By merely acting out Adam Smith's society being benifited best by each acting in his own best interests (adapted by John Nash to include societal interests for best outcome), we are keeping in step with mere nature.. A dog will forage for food, defend it's food, and kill it's food, so that it can stay alive. A rabbit will defend against other rabbits if need be (though they'll generally run away from anything else).
A patron is looking for a good deal, and will expend effort to maximize their deal, so sloopy wording on a sign on your store-front are invites to a natural onslaught of fiscal frustration. By natural, I mean there is no evil intent in people trying to keep you for your word in maintaining a good bargain (that you didn't intend).
If there is money on the street, it is conceivable that:
a) the original owner will never find it again
b) someone else will take the money
So you justify taking the money yourself.
If you are hungry, you might be inclined to take two samples at a free food-sample kiosk. It's unfair as it goes beyond the intent of "sampling" and takes away from other's (since there is usually a set amount of sample provided for the day).
In reality, those that are sheltered from such harsh survival of the fittest environments will EVENTUALLY meet with that environment.. It is impossible (short of death) to avoid it. Thus the question is not IF we will meet our challenges, but when, and how quickly will the difficulty level rise.
For those with assets we fear to loose (time,money,posessions,intellectual property, etc), it is natural for them to be saught by others. Having a public wiki is valueable advertising real-estate (or a personal repository for globally accessible content). So grafiti, being merely a primitive form of marketing, is bound to happen. Bank accounts are an obvious point of content.. If you happened to come across money on the street, you are more than likely to take it. If your ATM machine started allowing you to withdraw cash w/o deducting from your bank account, there is a better than likely chance that you'll take advantage (anonymous theft when it is considered to not overwhelmingly harm someone else - proportionate loss/gain - is often self justified). There isn't much difference from taking from that ATM machine and taking from an online bank account that you've happened by. Yes there is a greater issue of proportionality (you might be stealing from someone poorer than you), but you might think to yourself (I'm teaching them a lesson).. What-ever the cause, an otherwise moral man may find themselves tempted.. To say nothing of the mafia.
And ultimately organized crime is the tyrannasauras of our internet age. The mafia being only one form of it (unfriendly governments being an even more serious threat). The age of mafia and internet "WAR" (literally between nation-states) is only a matter of time.
So if our "evolution" through natural selection and adverse environment does not "toughen" us enough to sustain such natural phenomena, then we will die (or at least the medium will die).
So lets look again at these "evil" hackers. Many of the hackers were self-professed white-hackers, or anonymous exposers. If you are inclined to see if a WEB-INF directory or IIS-specific file-set are visible on a public site, you can either email their sys-admin who might sue you for hacking, or simply ignore you (like MS tries to do with serious security alerts so long as the general public is oblivious), or you can make it a priority for them... Deface their web site, delete lots of their database records.. Make it too expensive for them NOT to resolve the issue.
These are altruistic people. Slightly less altruistic are those that advertise themselves 3l33t hacker-names advertised here and there. As they have the fun and recognition-factor of it all (especially if they get CNN coverage).
Embrace th
-Michael
O my god, you're so full of bullshit! "That's how democracy works": democracy is a very simple principle: the majority decides. Now given this and supposing the majority doesn't like to be abused, robbed, hacked, raped, beaten ... another should'nt do this to one another. If he does, he shall be punished. Very simply no?
pi = 2*|arg(God)|
If you'd RTFA you'd see that he blames all the appropriate parties. Go RTFA.
happy => gay
homosexual => deviant
closet-case => priest
Yeah, go on. Mod me -1. I've got Karma to burn, and if you're so easily offended, perhaps you should turn your computer off. This is a humorous post to demonstrate that words change over time and the OP should learn to deal with it or move to France (where they have a department to try to keep the language pure).
I don't find this part of the interview all that exciting. What I find interesting is that this guy doesn't consider non-deterministic methods at all. Going back to his example of securing a corparate network: sure setting all the trust relationships by hand is next to impposible. But imagine the following scenario: all of a sudden Bob's computer starts talking to Jane's PC, after days of no traffic between the two. Doing some statistical testing this could be noticed to be highly unusual and the communication could be denied, or severely limited. This would do a great deal in stopping worms from propagating.
If it's legit and the statistical filter denies it, then Bob will have to call support. But I reckon this is prefferable to having a whole company infected by the latest worm, just because Bob decided to open the attachement "joke.exe".
the legal writer and thinker, pointed out that the "bad man" has just as much reason as the good man to avoid confrontations with the law. "A man who cares nothing for an ethical rule which is believed and practised by his neighbors is likely nevertheless to care a good deal to avoid being made to pay money, and will want to keep out of jail if he can." Holmes thought that all laws should be constructed with this man in mind. Obviously, code must be constructed with the bad man in mind as well. We can lay the blame on the hacker, but is it his fault we wrote bad code?
If no-one was testing the systems then who would care if they're riddled with holes?
The whole firewall thing always seemed to be a bit sad to me. There really is nothing that a firewall should be able to do, that a properly designed and configurable TCP/IP stack shouldn't be able to do itself. They really do seem to be a band-aid solution to something that should happen at an operating system TCP/IP stack level.
If you're not listening on most ports, but the ones you are listening on are well behaved, throttled, resistant to malformed connections, a firewall should be so unnecessary.
Love many, trust a few, do harm to none.
Lets face it, they are both similar but also two differant things.
What bothers you more, the well trained hacker who maticulusly hunts out flaws in software?
Or the 15 y/o script kiddie sitting in his room on the emachines box he got last christmas and his friends who loadup a botnet to ddos some server?
The "bad guys" (don't want to call them hackers because of the debate about that term) are not going to just go away because we give them mean looks and call them poopheads.
...), we will have to do that on the Internet.
There are three types of motivation:
1. The excitement and fulfillment that comes from understanding a system and finding the holes in it, and often leaving your mark so others know you were there.
2. Political and ideological motivations -- a desire to educate people, and punish the "enemy".
3. Economic motivations. This includes both advertising, and theft/scams.
The trends started at (1) and are increasingly moving towards (2) and (3). Ironically, the technology generated by (1) is being used by those whose motives are very different than the type (1)s.
The only way to fix this is to reduce the openness and anonymity of the Internet.
I repeat:
The only way to fix this is to reduce the openness and anonymity of the Internet.
Just as we had to find a balance between privacy and security/integrity in every other aspect of society (e.g. telephones, credit cards,
"The major disruptions now are not caused by simple thrill-seekers."
Please name one serious, high-profile hacking case (to include authoring viriii & worms) in which the perpetrator was caught and didn't turn out to be a teenager or a still adolescent 20 something.
Inside jobs don't count.
I'm sure there must be a few but I honestly can't think of any.
Not to say that there aren't real bad guys out there... they just don't seem to get caught despite all the money thrown at computer and network security.
Speaking as a sys admin for almost 20 years, most hacking has been a source of annoyance (and sometimes amusement) rather than serious damage. The oft quoted "billions & billions of damage due to hackers' is a load of crap as far as I can tell. Kind of ike the y2k bug was.
They don't frighten me. The internet was never designed for privacy to begin with. If that's your aim then paying to "hack in" extra security is the price you pay.
And you know what...? sometimes the cure is even worse than the disease.
I read somewhere recently (sorry, can't remember where) where someone (a security "expert"?) criticized a nuculear power plant's network security by saying something along the lines of "they're so backward they aren't even connected to the internet". Sounds like good security to me.
Security isn't about stopping somebody who wants to be malicious to a system and have fun with that.
.. but don't say we wouldn't want it otherwise. Firewalls are a good thing...
Its about protecting information that you otherwise don't want unauthorized people to have access to. its about espionage, its about privacy. Its about making sure you know if somebody is just looking on your system. Honestly a server can be replaced if it gets fried by some hacker trying to hurt it, and there are backups. But you'd never know if somebody went in and just invaded your privacy and looked at all your things and then left it completely clean right?, not without something like a firewall or some sort of logs and security system set up.
So yeah go blame hackers for making us think of the idea
Who makes you Sig?
Why in the world would he be bitter-- hackers and criminals keep him employed and have made him somewhat of a known figure. I understand his frustration at the lack of real morality in some people, but the bitterness is a bit over the top.
Let's look at it another way-- do you really think Batman would be happy if Gotham (or the world) were rid of crime? What would he do?
Or yet another point of view-- hackers are actually helping the economy. They have created a new market in security which creates jobs, revenue and all the other economic benefits. As Gordon Gecko might say "Hacking is good!"
To expand this a bit-- without crime there would be no need for a police force. Without war there would be no need for a military. What would we do with all that excess production capacity?
*tounge firmly planted in cheek*
They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy
How can someone be clueful and clueless all at once... Desire for fun....that did not steal 40 million credit card numbers. Everyone on Earths desire for peace and right to privacy? Tell that to the Chinese who are told what ports they can or can not secure to allow for "public monitoring" This guy is lost.
No kidding.
...rendering locks on door unnecessary.
The goal is to live in a society where you have peace and security, not because you can create a fortress, but because everyone agrees to get along.
Crackers are a problem because crackers have issues. When those issues are addressed we wont have the need to have crap on our computers taking up cycles we could devote to programs we want to run.
Man, this stuff isn't suppose to be rocket science.
Computer criminals and black-hat-hackers are as much a fact of life as rain showers in Seattle, earthquakes in California, flus in winter, and accidents on highways.
...) is very much to blame. In fact, it should be possible to hold liable for negligence.
Security isn't an accidental byproduct of software, it is one of its primary functions; if software doesn't provide security, then it is defective. That's just like if you buy a padlock, you have an expectation that it actually works as a lock. The padlock manufacturer can't say "oh, well, our padlock doesn't work, but that's really the criminal's fault".
Any vendor that puts out software that contains easily avoidable security holes (like buffer overflows, backdoors,
Comment removed based on user account deletion
The problem, as I see it, is that since "software" is such a new concept (compared to houses, locks, etc) that people and society haven't settled on REASONABLE steps to secure things vs. UNREASONABLE steps.
For example, if I wanted to, I could easily break into the average person's home. It just isn't that hard. Does that mean they "failed" to secure it? I would think not.
There is no such thing as "perfect" security. It will always be an arms race between malicious people (or misguided non-malicious hackers) and the people trying to protect their systems.
Now this is just a sad justification and can easily be turned the other way-- If it had been organized crime that started hacking, the governement would probably take it more seriously than it is now, with laws and penalties to match. The tools would have been developed anyway, so it's really a non-issue.
Besides. Hackers have been doing serious damage from day one. Besides just breaking into networks for "curiosity sake" they've been planting worms, trojans, trolling entire credit card data bases, commiting DDoS attacts, etc etc. No, not all of them, but enough to make the OPs point a ridiculous one to even attempt to justify.
You need a FREE iPod Nano
They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy.
Who wants peace? Nobody, or else we would act consequently, which we don't, as a world.
Is this a critical series of computer security books?
Wow, I'm not sure if I want to read the article.
Ranum: "Sometimes, patience is a terrific strategy. Wait and see what happens to the early adopters. If they're all getting hacked to pieces or spending tons of money on patches and upgrades and fixes to the stuff they bought - then it's not ready, yet."
Yeah, he thinks the hackers are all to blame, but loves the fact they expose real problems.
So, what was his point about hackers, again? Everyone should share the blame, but its still all the hackers fault?
Isn't there a drug that fixes the inability to express coherent ideas?
"We are all geniuses when we dream"
- E.M. Cioran
ohh, you mean crackers! theres a big difference.. and I thought the author was smart enough to know the difference.
Well hacker isn't the only word to lose it's original benign meaning over the years.
(another one would be gay).
"Truly, the only people who deserve a complete helping of blame are the bad people. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun and/or profit ahead of everyone on earth's desire for peace and the right to privacy."
Is this a little pointless? The fact is that complex systems (not just talking about computer systems) are rarely going to be perfect and bad people will always try to exploit the exploitable for their own gain. Is there any point in complaining? There will always be bad people, there will always be exploitable systems. Why whine? The hackers validate and keep alive an industry and frankly I think that it can be enjoyable on both sides.
Whining won't get rid of bad people and won't fix the Worlds exploitable systems. The arms race will not stop. I see hackers on both sides as being a necessary evil and I respect hackers for their talent, regardless of what side they are on.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
-Death is still the #1 killer of all living beings on earth.
...I could go on for hours.
-Criminals are to blame for 100% of crimes committed.
-Toaplan is responsible for all of the "all your base" sightings.
--- sig moved for great justice.
If hackers are doing it to have fun, the effect is that they are pointing out holes in our security and helping us patch them against spammers, terrorists, thieves and other true evildoers.
Those who hack for fun should be encouraged and rewarded for coming forward with information. When they present a great hack to the public, say, getting into a bank database or the government, they should be announced nationally and given a fairly large cash reward--These people should be revered, looked up to and publicized much more then some basketball or football player.
This would also discourage them from trying to profit from their hacks in more devious ways since that would completely negate their accomplishments and get them thrown in jail instead.
By the way, I am not a hacker (in this sense), nor am I a kid any more, I'm not defending anything I've done, I just think we have a pretty messed up way of looking at things sometimes.
A millionaire got robbed because he had left the front door open. Crazy guy, isn't he? And... here's Mike with the weather.
It's a sad thing that the poster of this choose to take that particular quote out of context. If you read the article Marcus puts blame at the feet of everyone in the process of building security.
-- Ecks
Envy my 5 digit Slashdot User ID!
No one is defending the virus/worm writers. The security holes that virus/worm writers are taking advantage of are defects in the software. You wouldn't accept it if GM sold you a car that would unlock the door if you removed one of the hubcaps, nor should you accept software that doesn't bother to check the validity of input. All software should be run in "taint" mode.
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
the foreign intelligence services and other spy types that are interested... oh and the Chinese Cyber Warriors... Oh - Organized crime is on the rampage such that the Feds miss old fashioned hackers. And Spammer botnets, and so on. Yep, way to blame those poor Stereotypical H4x0rz to get your name in the press yet again.
"Omnis tuus capsa sunt inesse nos"
"... earth's desire for peace and the right to privacy."
Last time I checked, and I could be wrong, but so far I have yet to find any contract or constitution of a nation that secures Privacy as a right. Here in the USA there is no Federal right to privacy, several states have privacy mesaures but those laws are about securing information gathered more then preventing it from being gathered.
-=[ Who Is John Galt? ]=-
Technically his statement is correct, however prima facia, its a foolish one. As its been said elsewhere in the comments it implies that if it were not for 'hackers' systems would be 'safe'. However as is the case with companies looking to cut every conceivable cent, there would be no security otherwise. "Why bother locking the doors there are no criminals to steal my possessions!"
This sounds merely like an argument for altruism and security thru obscurity (which of course doesn't work). Why would a company try to harden against problems, even if caused my a mistake, if there is never any pressure to think there would be a need?
Would a civilization wonder if there is anyone else out in space if they can see no stars? Problem is without external pressure, people get sloppy. Of course people are sloppy to begin with. Imagine the extent of the credit card problems we have seen in the past months if there was no security at all? Its a poor argument really.
You do have to consider how it scales to the corporate world. A thief may spot an easy target in the home and steal something, just like a hacker spots an easy target on the Internet and plants his software. The cop tells you, "Put a better lock on that shed" and the ISP tells you "Install a firewall". However, you wouldn't expect a theif to have an easy time walking into a bank and walking out with a bag of cash so why would anyone expect a hacker to have an easy time breaking into a corporate system and stealing personal information? The amount of private information stored and the financial impact levies a greater burden of responsibility on the bank/corporation than it does the individual.
The grandparent and parent both touch on something important. The vandal/repairman example comes straight from Hazlitt and is indeed an old fallacy. People see the new improved and rock-resistent glass and they say 'now that's progress'. What they don't see is the resources the shopkeeper had wanted to purchase with the money that had to go to the new window. The shopkeeper could have spent that money to become more efficient or expand. Or as in Hazlitt's example, bought a new suit. Then the tailor would have had more resources to put into play.
The window repairman, much like the parent poster, probably thinks rock-resistant windows and proxy firewalls are an excellent investment. When we look at the long list of technologies that changed the 20th century, many/most were developed at least in part to help wage and defend warfare. One might deduce that warfare is a creator of value. Yet war is always a destroyer of value. It is the allocation of resources that could be more suitably employed.
A lot of hackers have "fun" causing other people pain. It's weird, I've never quite understood how that actually works, but I've met plenty of people who just experience joy at doing damage.
Some hackers/crackers have miserable lives. It is not uncommon for miserable people to find comfort in the misery of others. It's like the nerd version of a bully, they believe they have elevated themselves over someone else and are no longer at the bottom. Now add in anonymity and the bully feels even free'er to act, think of the bully who gets to put the white sheet over his head.
I'd be able to take you seriously if you weren't one of those people who constantly spend their time thinking about how they blame something on the "current administration". Take 5 minutes out of your life to think about an issue without doing it in the perspective of 'how can I use this to bash Bush'.
The tripe is really getting tired.
And there have been thousands of instances of nations like Korea, China, Iran, and Syria staging attacks through computers. Why don't you hear about it? Let me ask you something. What law enforcement agency do you call when you find out your server has been compromised from an IP based in Pyong-Yang? I didn't think so.
Evolve or disappear.
Who do we blame if we leave our house door unlocked. Do we blame the intruder or ourselves for being so trusting. In a perfect world, we could trust everyone we see. hahaha. wake up charlie!
As I recall, ranchers typically put a mule with sheep. Predators are less likely to attack because of the mule.
Can't open source work as a mule to help the "sheep"? Firefox is popular because is less exposed than IE and it's great that it's getting exposure.
If there was some sort of easy to use firewall for the non-XPSP2 crowd ( a quick Google lists a few). Let's get some of the advocacy (and deveopers) behind it that worked so well for Firefox. If it works well, people might even consider going fully FOSS for their next computer.
SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better: Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."
:)
They're also the ones giving you a job
Now then, Dmitri, you know how we've always talked about the possibility of something going wrong with the Bomb...
Let's set the record straight: "Hackers" refer to those of us who do wonderful things with the hardware and software. "Crackers" are those who seek unwarranted entry into other people's systems, usually for malicious intent.
I am a born bonafide *hacker*, and have been so for the past 27 years. I, on the other hand, am NOT a *cracker*, and I would like to see them on the business-end of a (insert your favorite weapon here). Recovering from the damage crackers have caused me and others is no fun, eats valuable time, and forces me to focus on things that are not productive, but necessary to keep them out.
Ruby Neural Evolution of Augmenting Topologies
Comment removed based on user account deletion
Thought I'd mention a bit of history (long since forgotten) that Marcus Ranum was also the author of the UberMUD and UnterMUD, mud engines. Two very nice mud cores, written in K&R C that ran on Ultrix. Both had their own strengths and weaknesses. UberMUD was my favourite, as it had its own scripting language called "U". UnterMUD didn't so it was harder to develop on, but its filestore backend was much smarter than Uber's. A union of the two would have been the perfect MUD engine IMO.
I mean sure...the crackers DO cause all the problems, but you have to develop a system that allows for the existance of the inevitable. Yeah, communism is a great idea, but unless it can be modified to account for the fact that there will be people trying to leech off the system, it won't go very far. Similarly with computers: it's a bit foolish to complain that we wouldn't have to have information security if we didn't have all those darn criminals cracking our computers. There will always be people who want to leech because they're selfish, and there will always be criminal crackers. Part of running a society, or a computer system, is making it resilient to those that don't follow the rules.
The criminal, on the other hand, is still a criminal in this scenario because he violated the owner's house/car/computer, and no plea of "trying to protect by demonstration of vulnerability" is possible. In other words, breaking and entering is never a "favor" rendered.
When you buy a product, you expect the same due diligence in quality, truth in advertising, and utility of the product. If the producer deliberately produces an inferior product, lies about it, or if it does not live up to its utility, that producer may be subject to at the least, ridicule, and at the most, financial or criminal liability. On the other hand, someone who deliberately breaks a product has a reduced, and probably no, claim against that producer.
A hacker who draws attention to a weakness in a product may actually be a hero; however, one who deliberately breaks things or breaks into places without permission is nothing more than a criminal.
And per basic logic: what is the simplest explanation for why for the last two years worms have been sucking data off hard drives and transmitting it to various east asian countries? Lot of curious teenagers sitting around over there just dying to read American powerpoints?
sPh
Yaa, right....us, us, our? Our systems? Our systems? I guess if I go in to the Fortune 100 financial company I work for, I can just start taking "my" Sun Enterprise 4900s out the door and back to my house. After all they're "our systems", aren't they? What a load of crap.
I know people like Marcus Ranum, who I personally think is an ass, and my employers try to encourgae me to think that the systems I work with are "my" systems so I'll take care of them more. Sometimes I even buy into that on some unconscious level, as I'm protecting them from users pushing the load average up to ridiculous levels and so forth. But ultimately they're NOT my systems, they belong to the majority shareholders of the corporation I work for. A Federal Reserve survey says 42.2% of the outstanding stock in this country belongs to the wealthiest 1% of Americans, and with the Gini coefficient being high, I know the control over the machines I work for rests with a small elite, not with the people who work on them, who create wealth from them.
Everything else Ranum says is BS as well...I'm not paying to secure my corporation, the corporation is. I have a lot of friends who are employed by the computer security business. And he can make all the convoluted "what's bad for Peter is bad for Paul" arguments he wants, the main effect of need to post sentinels to protect from hackers at the cost of billions a year is to keep many of my friends employed. Those billions of dollars are not coming out of my pocket, no matter what kind of convoluted argument he wants to make. They're going into my friends pockets (and Ranum's pocket).
As far as peace and privacy, I'm not the one who decided to put up SOCKS for my company and log everyone going to Playboy.com and whatnot. I'm not the one who decided to read through people's e-mail. I'm not the one using the Patriot Act to see what library books people are checking out. What privacy?
As far as peace, I never wanted war with Iraq. I don't want the US sending billions in weapons to Colombia and other countries. That's real war and peace. As far as peace for systems, I'll go back to what I said before. Most hackers (hackers, not script kiddies) attack corporate systems. Corporation owners, meaning the majority shareholders of corporations (not people who have 100 shares and whose proxies have ultimately no say) are a small elite who have control of these systems, who own these systems, who use these systems for their profit. These systems are not even owned and controlled by the people who work on them! They're controlled ultimately by this small elite. So put away your lies that the machine I need my manager's signature on a slip to take out of the building is "our" machine. There will be no peace until the means of production are owned and controlled by the people who work on them and create wealth with them.
Is that "if buildings were built the way software is built, the first termite that came along would destroy civilization"
Can you assign all the blame to the foxes if the henhouse door is left open?
The internet is a hostile environment, and you would be foolish to enter without using secure software. Either software is advertised as secure or it isn't.
If software is advertised as being secure and you get hacked, you can blame the maker of the software for advertising it as secure when it clearly was not. You can switch to another vendor (assuming that the market is not a monopoly). Or you can remove yourself from the hostile environment until the issues are fixed.
If the software is not advertised as secure, why on earth or you going on the internet with it? Only you are to blame in this case.
I'll probably be modded down for this...
Or at least, has the wrong emphasis.
Ranum denounces crackers only in the last paragraph.
RTFA! The rest of the article should be modded "Very Insightful!"
I read his "Stupid on Software" article referenced here a while back and it, too, was very insightful. I need to look around and read what else he's written.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
He's right in what he's saying, but its a trivial and obvious point.
If not for bad people and bad thing happening, life on the entire planet would be better for people.
Yeah..but so what? He's arguing that there shouldn't be rude, inconsiderate people? What can I do with that thought? How does that insight help the human race in any conceivable way?
I'd give him the "Captain Obvious" hat, but I respect the guy too much.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Actually Nature, through evolution, strives to try every possible combination that can be expressed.
I mean; evolution is a blind process, not a guided one. How could evolution know which characteristics will make a being successful in its future?
The answer is that evolution doesn't know, or even care. It produces every variation in reach, so that the ones better adapted to the future are the ones which survive.
So "good" and "bad" individuals keep being "produced". Currently successful social organization seems to depend on a vast majority of mostly-good individuals that are able to defend themselves as an organized group. Remove from them the ability to defend themselves and then the future will belong to the better adapted "bad people".
It's a great interview, he tears a lot of folks a new orifice or two. Focus on just the final short paragraph about 'hackers' and you miss the good stuff.
geek can't get laid, blames women.
Comment removed based on user account deletion
consumers want to blame companies
companies want to blame hackers
hackers want to blame developers
developers want to blame users
users blame whoever the media tells them to blame.
there is some truth to what is being said here. sure early hacking showed the developers they had to pay some attention to security. but couldn't that be done in a controlled environment? why? because that way innocent people wouldn't be put out. there are people losing identities and money because of theives (i say 'thieves' becuase a hack where you steal is a theft - sorry everyone but that's the law).
so continue to point your own finger when a finger is pointed at you but at some point some culpability must be had.
nature loves variety::society hates it get your variety at http://www.monkeypantz.net
By YOUR example, your reasoning is that, if you leave your front door wide open, you're not equally to blame if some dishonest bastard walks in the door and steals your stuff.
No. Breakins are going to happen. PERIOD. Understand this. Lock your door.
And stop bitching about the effort it takes.
Chas - The one, the only.
THANK GOD!!!
...make my CISSP totally worth it!
Get over the last paragraph, morons, and RTFA!
It's FAR more insightful than any of the comments I've seen bitching about the "blame hackers" paragraph - which was preceded by "blame everybody else" sentences anyway.
You guys sound like the big media press whenever somebody gets caught faking or running false stories - "Oh, woe is us! Somebody is blaming us for being idiots! We're such a poor, put-upon industry!"
Deal with it!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
At the time (1983) the media learned to use "hacker" to describe computer intrusion, it was the correct term for such, and alternate terms such as "cracker" had not been coined. That there were other meanings to "hacker" has continued to escape them... or at least, they don't give a damn. But compaining about it, and trying to insist that the media should use the term "cracker" instead, is trying to close the barn after the horse has left.
Mind you, I also thing "cracker" is a bad choice if you really want to get the media to change terms. I'm a fan of Vernor Vinge's work; his book "Marooned in Real Time" included a cracker character who had been "head of Systems Penetration and Perversion at USAF, Inc." I think "systems penetration and perversion" nicely describes most of the scummy activities the media classes as "hacking", including but not limited to virus writing; deployment of spyware, adware, and trojan backdoors and rootkits; and WAR3Z cracking. Thus, the obvious term for a perpetrator of such is a "pervert."
Sex sells, so there's a better chance that the media will pick up this usage than the uninteresting (and too similar sounding) "cracker". It also allows for nice shadings of morality involved-- EG, breaking into systems you actually own might be categorized as "kinky". Adopting this term would allow us a much more comprehensive metaphor space for describing such activity... not to mention expanding the wide range of abusive insults that can be applied to those who commit such crimes.
Of course, I'm a lone weirdo, so I doubt such usage will actually spread. Still, it would be nice....
//Information does not want to be free; it wants to breed.
There is a point (and anyone who has ever done ANYTHING wrong knows that point) where you know when you are doing something wrong.
Come on, how hard is it to walk into a candy store and leave with a candybar without paying for it. The point is, you know you did something wrong. You can blame your parents for your upbringing but you know who is at fault.
I am not saying that the bank executive who keeps account numbers on a laptop in a standrad spreadsheet isn't to blame when that laptop is stolen and the accounts are drained. Sure, he has to carry some of the blame. But the person who stole the laptop is really the criminal here.
Blame isn't given out in black and white, it is shared. Breaking the law however, is black and white. You are either guilty or innocent. When you knowingly pass that point, you are guilty and must accept at least part of the blame no matter how easy it was to commit the crime.
There will always be more than one person to blame for everything. He is right in placing blame on the hackers but there is obvisouly more responsibilty involved in computer security. The "blame" is truly shared by all parties involved.
Nobody is expecting people to have computers comparable to fort knox. They are expecting them to have computers comparable to a house with a locked door. There are literally thousands of assholes out there running old, known exploitable windows/IE/outlook versions, who refuse to upgrade. When told that they can get hacked their response is "so, I have nothing important on my computer anways". Locking your door isn't hard, and that's all we expect from you, don't pretend we're asking for anything more.
What I really find interesting about this Thievs/Hackers analogy is that you never hear people telling the victims of Theives that they should have had three deadbolts on the door, or saying "shame on you you don't have bars on your windows, of course you'll get broken into."
You must live in an awfully safe place.
First off, just about every cop who responds to a breakin where security measures weren't taken says exactly this.
Secondly, if you live somewhere this is at all likely to happen (most cities, lots of suburbs), I would say something similar. You have to take appropriate measures for your environment. In a rough part of town, if you don't have burglar bars on ground and accessible floors (that release in case of fire, duh) you're doomed. In other areas, you need more than one deadbolt. Where I live, most people lock their doors at night, but that's about it. Then again, we're a little farther out, and most everyone has dogs, and guns, and notices who's in the area.
He was being sarcastic. Please submitters: RTFA. This interview was a great read, just don't turn it into something it's not.
This sig is intentionally left blank
I mean, sometimes the concept of 'blame' is useful because it means you can persuade a morally inclined person to do something that they wouldn't otherwise do, like "don't drive dangerously because if there is a crash it will be your fault; everyone will blame you." But in this case none of the parties really fall into this kind of classification. We have the vendor who is amoral and so only cares about blame as far as his marketing dept does, we have the cracker who knows he's doing the wrong thing already and the user who doesn't take part in the discussion and hence is not going to be influenced by the blame factor one way or the other.
But i guess this isn't compatible with slashdot's binary good/evil worldview.
How about "an interesting read" instead? HJ
has anyone actually read the entire article ?
Yes -- I read the entire article.
-kgj
-kgj
>> Please name one serious, high-profile hacking case (to include authoring
>> viriii & worms) in which the perpetrator was caught and didn't turn out to be
>> a teenager or a still adolescent 20 something.
> Um, you might want to check the current news.
> Israeli corporations, including defense contractors, are battling an attack of
> corporate espionage conducted via targeted worms and keyloggers right at the
> moment.
They're under attack from teenagers? How do they know? Have they caught them yet? Or do they have some sort of software which can get their age from their IP address.
This wasn't Fox news, was it?
Sadly enough this reminds me of the whole virus / antivirus story that people pointed hackers as the original problem of why we have to invest in product product product. Really the moral of that story is programmers were having fun and it evolved and got out of hand.. then fell into a common ground to people who wrongfully apply the knowledge.
I think instead of placing blame whining about who did what how it occured I think the focus needs to be pointed to the fact that not only does the technology exist for both negative and positive influences but those in the industry can shout out to the fact that a huge chunk of the IT financial claims have been handed out not to a intelligent hacker who was just seeing what was there or a destructive adolecent who wanted to upset someone or a collective company, but rather take a peek at the money spent on fixing someones mistake, or misconfigurations of the simple devices.. someone not doing their job to ensure that something simple as a programming error is not patched properly..
Moral of the story before I rattle on for days... Don't bite the hand that feeds you....
Most people aren't computer savy and some are outright not smart but instead of taking the time to educate the user "no you shouldn't do this because..." we here on slashdot like to insult them with " ooo GAWD you dont know what a firewall is, you fn moron you shouldnt even own a computer".
So unless the person is a prick, help out. If you want to get technical we are all responsible for this mess. Whats worse, not knowing out of ignorance or letting your neighbor stay in ignorance when you very well know you could of easily helped them?
Wow, I'm not sure if I want to read the article.
The original post is whiny and badly out of context, but the article itself is a damned good read.
-kgj
-kgj
It's a very dark ride.
In a world without hackers
there would be no need for computer security.
In a world without violence
we would feel safe all the time.
In a world without crime
there would be no need for police, or prisons.
In a world where all beings agreed with and respected each other
there would be no need for the lawyers.
In a world without war
we wouldn't need the tools of warmongering.
In a world without anger
all the art would be boring.
In a world without tension
there would be no incentive for personal growth.
In a world without pain
pleasure would be meaningless.
In a world without fear
we would all be enlightened.
But we are not without those things. We are not perfect. We are flawed, but spiritual beings in the midst of a human experience. Accept that and everything else makes sense.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
sPh
In a perfect world, maybe. But everything in the world we live in is driven by conflict and competition, not the betterment of our fellow man, not the betterment of our world, not even the betterment of ourselves.
Until that changes, war is indeed a creator of value, because it's unlikely that many of those advances would have been made otherwise. All we know of space exploration is founded on advances that were originally made to kill people. Nuclear power came after nuclear weapons.
It's nice to imagine a world where there is o conflict and there is no competition. That world is probably also without technology, however.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
In the year 2156, when the aliens attack, the hackers will have saved us from them because our computers will be safe from their hacks and we will have all these script kiddies who will be able to take down the alien network with denial of service attacks.
Read my short stories - You won't regret it.
We've had windows for hundreds of years, though. Where's the rock-resistant one that costs the same as the original? This "fallacy" is still quite prevelant today. Especially with GE and the light-bulbs that last a lifetime, and the ones that last about a year.
Please name one serious, high-profile hacking case (to include authoring viriii & worms) in which the perpetrator was caught and didn't turn out to be a teenager or a still adolescent 20 something.
Nice, placing the burden of proof on the other party makes the argument much easier, doesn't it?
Anyway, consider "dialers", programs that reconfigure your Windows internet setting to dial in via the equivalent of a very expensive 1-900 number. These programs have a "tendency" to install through some security holes in Internet Explorer against the will of the PC's owner. They caused enough financial damage to warrant a federal regulation. Today a legal "dialer" has to explicitly ask for permission to install itself, thereby presenting the incurred cost. Guess what, there is JavaScript in circulation which clicks OK in this dialog without the user even noticing.
None of this crap has been written by teenage hackers, this is paid for by shady corporations, and they are not caught, because chains of subcontractors have to be tracked through countries you have never heard of.
Second example: in Feb 2004 german computer magazine c't reported a connection between virus authors and spam senders. Basically spammers paid for the ip-adresses of "owned" PCs and used them as spam drones. (German article)
Don't tell me all this happens for fun. It happens for profit.
Without hackers forcing security fixes and encryption technology, our systems would be completely open to the CIA, NSA, Chinese, space aliens, or anyone else who was interested.
It's the same reason Europeans were able to take over North America so easily: disease resistance. They had it, Native Americans didn't.
yup
- sigilicious -
I guess that's why you put those into a safe...
his parents don't demand that the backpack makers improve the security of their product.
But they do ask the people in charge of the school to improve the security within the school. Or at least they should!
I think it's time to say that that balance has shifted. Most people hacking into others' machines are not doing it for fun anymore.
How can we make this inference? Because hacking is not that fun anymore. Doing actual hacking has become the equivalent of doing petty crime. Anything interesting enough to be fun is probably more of a computer security research problem, and not often actually taken advantage of by the people who work on it.
Old skool hacking groups are giving powerpoint presentations on low-level network technology. What they're actually doing is research, because it's more fun than doing the hacking...
Not even the patent office would do that. There is prior art going back thousands of years by fine politicians from countries around the world. In fact I bet blame deflection has been used in their very office! Perhaps even in their own house (Joe is to blame for this)! Could be made into a Dilbert cartoon though.
The first major one, the Morris Internet Worm, is a good example. I mentioned Cliff Stoll in my first post; he discovered an East German spy bouncing off his machines to get to other computers in the US. Are you also intentionally ignoring all the spam being spread by virus-infected machines?
Condescension towards a person -- calling them "a teenager or still adolescent 20-something" does nothing to reduce the damages they can cause, and does not to address why they cause the damage. A huge number of 20-somethings, and some teens, are mature and capable enough to run an extortion racket or resell a botnet to spammers.
What kind of systems do you administer? It's a sure bet that you don't deal with very high traffic services, or you would know better about the damages that attackers can do. There were recent articles on /. about the damages caused by DDoSers against a single online casino -- most of those costs are not paying for the bandwidth, but dealing with lost customers and lost profits (and trying to mitigate future attacks).
Kiddies can easily mount 1+ gbps of attacks, but it is very hard for normal systems to stay reachable by most of the world during such an attack.
It is NOT "hackers" causing all those problems with the internets that Dumbfuck McCumstain so laments. (Yes, I AM being really insulting and offensive to Marcus Ranum! He's been really insulting and offensive towards me and my fellow hackers.)
It is thieves and vandals causing all those problems.
Hackers invented the micro/home/personal computer. Hackers invented the diverse protocols that allowed these machines to talk to one another. Hackers invented the operating systems. Hackers invented the Internet. A hacker invented the World Wide Web.
Thieves and vandals merely took advantage of what hackers have invented and shared with the world. Took advantage and turned these tools to an evil purpose. Not hackers, THIEVES & VANDALS!
So fuck you, Ranum! Fuck you with Bill Gates dick! Fuck you with Monkeyboy Ballmer's dick! Fuck you with the collective dicks of SCO!
Just fuck you in general for your stupid, blinkered, stereotypical "oh, it's those damned hackers causing all my problems!" bullshit.
Strongly worded comment to follow!
Guaranteed! This comment 100% Anthrax free!
I just hate seeing this Canard all the time. Regardless of whether you are wrong or right about gun control, you need some facts about gun ownership in Switzerland.
1) Guns are highly controlled in Switzerland,
the gov't can and does do random intrusive searches, checking for agreement to the gun laws.
2)There are mandatory yearly inspections with Stiff penalties.
When was the last time the police showed up at your door and conducted a search to check that you had a supply of emergency food & water, and had your guns properly locked and your ammunition properly checked and that you had passed your mandatory gun proficiency tests?
When this is the situation in the States then you can argue that guns have nothing to do with this stat. Switzerland has Gun control. If anything the situation in Switzerland is is an argument for Gun controls.
Guns don't kill people, it's idiots with guns that kill people.
after my system got pwned!
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
alot of other exploits are the equivalent of using a crowbar to break your windows. Thieves get serious jailtime and the police work to find them and they are considered the only ones to blame.
Again, you're under the mistaken assumption that the police have some obligation to protect you. If someone breaks into your house, shoots your children, and the police don't show up for an hour and a half... well, just try blaming/suing the police sometime. You'll find there is no part of the constitution or the law requiring the police to protect you. That's why you have the second amendment. You are expected to take care of yourself like a big boy. Sure, ultimately it's the fault of the criminal that broke into your house, but your kids are still dead. Having the criminal prosecuted and locked away doesn't change that.
In short: If you want security, buy a system that has a good track record on security. Pointing fingers isn't going to make you more secure or make the hackers go away. Death and taxes are inevitable, and life isn't fair.
are a (ilegal) media downloader, in that case, you are considered almost a "terrorist" by the RIAA/MPAA and get sued and jailed waaaaay more than if you steal a CD at a music shop in real life!
So, although its true the users shouldnt have to keep their own stuff safe (coz, ideally, its private and no-one should ever touch it without permission), they must, just because there is Evil People (tm) out there, you know? And not necessarily they are hackers, there is also a lot of scripty kiddos and all kinds of perversed companies that in the search for revenue sell their morality and ethics to the best bidder.
no sig
They're the ones who are responsible for companies needing to buy the software that the company who employs me produces... thus giving me a job.
To the hackers:
Though you annoy me... my lifestyle thanks you.
While the concept is correct it misses one very important part of reality: people don't act on what is their best interest, only on what they perceive as their best interest.
The difference is important in that sometimes the destruction of an old item by an outside person-group, will force people to change items or processes. People hold on to what is familiar way past when it would've been beneficial to switch to something new. In this sense, war can shift perception and motivate people to perform more than they would've without it.
WWII is a prime example: Could we theoretically have gotten the economy going without the war? Obviously yes.
Was it likely to happen? No, people were too entrenched in their current position psychologically.
So, the point, if there was one, is that war, while an allocation of resources that could be more suitably employed, can also be a spark to start the fire in the forge.
I am not in anyway affiliated with Max Cannon
While I do believe most of the other posts covered the major sticking points, the one that didn't get addressed (completely) was the use of botnets for spam, phishing and pharming. If you do anything with customer financial records, you should be concerned about security, unless you actually have a fully physically separate network (separate power, separate network, no firewall or other bridge to a nonsecure network, EM shielding and for christ's sake, no wifi). Whether or not it's valuable to you, it's valuable to someone either for targetted advertising or worse, identity theft.
Oh, and it doesn't matter how old the person or persons, just how much damage actually caused.
I am not in anyway affiliated with Max Cannon
A historical nit: Neither the Securityfocus article nor Marcus Ranum claim to have "invented" the proxy firewall.
Some kid named Kevin Mitnick was poking around DEC's network in the late 1980s, and Marcus built a proxy that shut him out. An overzealous DEC salesdroid heard about it and claimed to DuPont that DEC had this new proxy firewall thingy DuPont could buy.
This was arguably the first *commercial* proxy firewall, but it wasn't necessarily the first one.
Brian Reid of DEC Western Research Labs had proxy boxes running in his labs at least a couple of years before Marcus was asked to boot out Kevin Mitnick. And Sun had a firewall in the works int he late 1980s that they didn't commercialize until much later.
The article rightly describes Marcus as an innovator. His achievements cover not only firewalls but also VPNs and intrusion detection/prevention. But that doesn't mean, and he didn't say, he built the first proxy firewall.
Without attacks and threats we wouldn't bother developing a resilient software ecology. Heck, we're still not there despite mounting attacks. We would only have the illusion of privacy at best.
Security and software is an ecology, and we have to evolve appropriate measure to combat attacks. The techniques are here [1][2][3][4], we just have to deploy them.
[1] EROS
[2] CapROS (EROS development moving to the community)
[3] Coyotos (EROS successor in the research communits)
[4] E: secure, distributed programming language
Higher Logics: where programming meets science.
"They're the ones who are costing us billions of dollars a year to secure our systems against them."
or:
They're the ones who are costing you billions of dollars a year to secure our systems against them, and allow me to buy a few Hummers.
I blame the people that commercialized the Internet. If money was anything but a first priority, we would have had something far more secure than what we have now. The Internet was insecure to begin with. Then it was commercialized, the world was wrapped around it and it become available to anyone. It's like wireless. Everyone, their mother and his brother thinks it's the coolest thing since sliced bread and therefore gets it without thinking of the consequences.
How naive can people be? You have a global, untrusted network available to anyone. What fool actually expects it to be even remotely safe?
People think that NAT and VPN were both improvements in security. And, while in a way they were, the reason that drove their conception was monetary. They were both made to save money. Security was a second priority. Until security is put first, you can forget things getting safer.
You can blame hackers all you want, but corporations are more likely to spy on your than hackers. Corporations have public trust and therefore already have a backdoor to your system.
You use the operative word there I think - Caught. Just because organised crime is involved doesn't mean there'll be a major name court case, and even if the guys get arrested it might not even be a part of the case. Of the top of my head, an example of this: Al Capone. Multi-million dollar mob criminal, finally brought to court and imprisoned on tax grounds. Try searching the archives for *one* case where he was successfully prosecuted for extortion, racketeering e.t.c - there aren't any. Organised Crime is so because it is successful. Successful criminals *DONT* get caught.
Programming is an Art. I am an Artist. Does that mean I get to wear a daft hat?
Well, the recent non-postal service credit card company leak recently comes to mind. Just because someone is young doesn't mean they don't know how to make a profit. Please.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
My question is simple? Regardless of the outcome or by-products, if hacking into someone else's system moral? This is not a troll. It is an honest question that gets to the heart of the matter.
The grandparent and parent both touch on something important. The vandal/repairman example comes straight from Hazlitt and is indeed an old fallacy.
Did he prove that, or did people just agree with him?
People see the new improved and rock-resistent glass and they say 'now that's progress'. What they don't see is the resources the shopkeeper had wanted to purchase with the money that had to go to the new window. The shopkeeper could have spent that money to become more efficient or expand. Or as in Hazlitt's example, bought a new suit. Then the tailor would have had more resources to put into play.
But now the shopkeeper spend the money on something else and the wheel still spins, who is to say it was worse.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Jeri Ellworth recently gave a talk at Stanford. She hacked on Commodore 64s as a kid, switched over to racing cars as a teenager, ran a computer store for a couple of years, and taught herself VLSI design, which she's used to do things like Commodore 64 emulators. It was a really cool talk, and it was interesting to see somebody who did a lot of car hacking as well as computers.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
organized crime is already worse than 'hackers'. Ever hear of spyware? adware?
Sure blame ALL the problems on the teenagers and completely ignore the crime businesses, terrorists, military attacks, business espinoge, etc.
If you can't deal with the kiddies, then you have no chance against the pros.
Democracy Now! - uncensored, anti-establishment news
In other news
Murderers blamed for all murder!
Move along... there is no sig here.
You know what they say about assumptions, right?
He invented a proxy firewall comeon
he has made a lot of money probably
all the best security expert should be equivilent to a master criminal.
maybe he began hacking proxie to highlight the need for his product??
To be entirely fair, the conflict is usually over how to make the world better. People rarely fight for things that they think will screw EVERYONE over, though they may attempt to sacrifice one good for another. Now, I imagine that you would hold that most of their reasoning about what would make the world a better place is wrong, but we think your ideas are stupid too, so it all works out. ;)
For instance, I like nuclear weapons. They made a lot of annoying politicians shut the hell up for a good couple of decades. I also go with the old saw coined by Clemens, something to the effect of "the only thing worse than war is the degraded moral state in which nothing is worth going to war for". Besides, conflict and competition is pretty much what created life. If there was no statistical conflict between random assemblies of atoms and self-reproducing molecules, earth would still be a wet pile of rocks.
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
no but if it's a policeman/ security worker, should the Employer get a nice big "willfull violation" from OSHA for not protecting it's workers from known and predictable on the jobs hazards after the prep catches a round or two resisting arrest?
Apocalypse Cancelled, Sorry, No Ticket Refunds
When I went to school, a hacker was someone who could never break 100. In fact, they had trouble getting the ball off the tee most times. Young'uns.
Slashdot: Where nerds gather to pool their ignorance
Whomever this anonymous reader is, he seems to be very short sighted. Marcus clearly lays blame on practically EVERYONE out there. What blame? Well, most of it is just plain dysfunctional behavior, practices, management, development, etc... What I love about Marcus is that almost all his little nuggets of insight are blatantly true. And to add to his credibility, almost all of them are only gained through experience. As security practicioners, let's not play to either "the sky is falling" or the blame game. It's time to look inward, step up and do the right thing instead of perpetuating the mistakes of the past two decades. But first, you need to learn a bit of history here and be technically up to the task such that you can fully understand and appreciate.
I'm not being an idiot.
And I'm not saying the person who decides to go in and steal something isn't to blame. Merely that there's more than enough blame to go around.
Lock your door. If he still gets in, he's still fully to blame.
If you don't lock your door, you're to blame just as much as he is. You may as well just put out a sign saying "Come in and take shit".
Thanks for the flaming AC response, pussy.
Chas - The one, the only.
THANK GOD!!!