Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inventor of Proxy Firewall Blames Hackers

Posted by CmdrTaco on from the get-your-rage-out dept.

An anonymous reader writes "SecurityFocus published an interview with Marcus Ranum, the inventor of the proxy firewall. It's an interesting reading, and the end is even better: Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and the right to privacy."

10 of 742 comments (clear)

  1. Someone should patent blame deflection by _am99_ · · Score: 5, Insightful

    Truly, the only people who deserve a complete helping of blame are the
    hackers. Let's not forget that they're the ones doing this to
    us. They're the ones who are annoying an entire planet. They're the
    ones who are costing us billions of dollars a year to secure our
    systems against them. They're the ones who place their desire for fun
    ahead of everyone on earth's desire for peace and the right to
    privacy."

    Ok, but swap a hacker's desire for fun with a software companies
    desire to make money without properly taking responsiblity for
    securing their product and one could also write:

    Truly, the only people who deserve a complete helping of blame are the
    software companies. Let's not forget that they're the ones
    doing this to us. They're the ones who are annoying an entire
    planet. They're the ones who are costing us billions of dollars a year
    to secure our systems against them. They're the ones who place their
    desire for profit ahead of everyone on earth's desire for peace
    and the right to privacy."

    It is like a credit card company saying that if someone breaks into
    their systems and steals my credit card number, that is my
    responsibility - or maybe it is the hackers fault. Well sure, it is
    my fault for using a stupid bank, and the hackers fault for committing
    the crime - BUT SURELY the bank has to take some fault for making this
    whole possible - right?

    1. Re:Someone should patent blame deflection by erroneus · · Score: 5, Insightful

      At first I was going to mod this +interesting or something like that but I think I'd rather just add to it.

      We're born into this imperfect world and should expect nothing less than we've already been born into. The lock was invented before anyone presently reading this was born. This is a clear indication of the state of things and in my opinion, the nature of humans... or animals for that matter. (Raccoons, monkeys and other creatures are famous for stealing things too!)

      The individuals responsible are individually responsible for their own actions and should be held accountable. But the reality that should be mentioned and understood is that we're in a world where people do shit to each other.

      In that climate, we look to software makers to make reliable products. We want them to be able to withstand the efforts of the rest of the world doing what it is that's natural for them to do. It is not an impossible task. It has been shown through the virtue of patches that it can be done and since it can be patched it could also have been done right the first time had they only taken the time and effort to write it correctly to begin with.

  2. Re:and interestingly enough... by Anonymous Coward · · Score: 5, Insightful

    But if they weren't keeping you and I employed we could both be employed doing more productive things.

    It's like saying the vandal who goes around smashing windows is a good guy because he keeps the window repairman employed.

    Old and crusty falacy...

  3. Good God... by aendeuryu · · Score: 5, Insightful

    Rome builds shitty wall, Emperor blames failure on existence of barbarian hordes.

    It'd sound fucking ludicrous to read that in a history book, it's no less ludicrous to read that in a modern context.

    Dude, grow a pair.

  4. "Desire for fun"? Oh please.. by Entrope · · Score: 5, Informative

    Perhaps five or ten years ago it would have been plausible to say that computer criminals were largely breaking into others' machines for fun -- but even then, as Clifford Stoll discovered, there were exceptions. Then it turned into more of an organized enterprise. People controlling most of the infected machines on the Internet are NOT doing it out of curiosity or fun: They are doing it for power, and exploiting that for criminal enterprise.

    In the past years, we have seen profit-seeking criminals discover how useful insecure systems are to them. The major disruptions now are not caused by simple thrill-seekers.

  5. Re:I agree... by Southpaw018 · · Score: 5, Insightful

    If I'm reading that right, you have it backwards - like a lot of people, I think. If, let's say, someone left their front door open and you saw some nice lookin shiny thing while walking down the street, and you went in and took it, then got caught...what would the police say? "Oh, it's not your fault. After all, they left their door open."

    No, while they were idiots for leaving the door open, you were the only one who broke the law.

    The same thing applies here. Because someone or something leaves doors open doesn't mean you can or should enter them. No one has to live with spam merchants - that's why we're taking measures to combat spam on many levels (from the national do not call registry to spam filters on the email system at the office). No one has to live with hackers, either. That's life, but not how you put it; this time, I applied your logic to both sides.

    Can you live with that?

    --
    ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
  6. Re:its the hackers alright! by pixelpusher220 · · Score: 5, Insightful

    Actually I'd say the Hackers probably did us a favor in the long run. How bad would it be if everything were nice and rosy and then organized crime started playing hard ball?

    At least we've had time to learn and understand and actually build tools to help in the defense of our systems. Now if companies ignored the petty hacker attacks that's their own fault, but at least it started with relatively innocuous stuff rather than more heavy duty attacks...


    --
    People in cars cause accidents....accidents in cars cause people :-D
  7. Re:He is 100% right by Daniel_Staal · · Score: 5, Insightful

    He agrees with you. That quote was the last paragraph of the last answer in the interview. Here's the full question/answer:

    If we consider the Internet as a big local network, we will see that some of our neighbours keep getting exploited by spyware, virus, and so on. Who should we blame? OS producers? Or our neighbours that chose that particular software and then run it without an appropriate secure setup?

    There's enough blame for everyone.

    Blame the users who don't secure their systems and applications.

    Blame the vendors who write and distribute insecure shovel-ware.

    Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.

    Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.

    Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.

    Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and [the] right to privacy.

    His point: there is pleny of blame to go around, if you want to spread the blame. The hackers who break in are the reason the rest of the blame matters, but the rest is still there.

    Just in case someone thought you disagreed with him. And because now everyone has read the full context of the quote we are discussing, which will be a rarity on /.

    --
    'Sensible' is a curse word.
  8. Hackers = Canaries in the Coal Mine by thelizman · · Score: 5, Insightful

    Obviously this guy has never heard of espionage. *Most* (not all) hackers/crackers get in, poke around, and leave. I've known a few that actually fix shit on the way out, and leave friendly notes (though I think more highly of the do no harm crowd).

    The *REAL* danger are corporate spies who not only want your secrets, but also plant spyware, or destroy infrastructure to hamper a competitor. There is also the growing instances of state-sponsored computer cracking whereby poorer nations (particularly the axis-of-evil states) seek to leverage the power of attacking information infrastructures instead of the physical infrastructure. Remember, the US didn't take down the Soviet Union by dropping bombs and shooting bullets. We bankrupted their ass in a nice game of 'keeping up with the neighbors'.

  9. Re:straight from Hazlitt by eventDriven · · Score: 5, Insightful

    The grandparent and parent both touch on something important. The vandal/repairman example comes straight from Hazlitt and is indeed an old fallacy. People see the new improved and rock-resistent glass and they say 'now that's progress'. What they don't see is the resources the shopkeeper had wanted to purchase with the money that had to go to the new window. The shopkeeper could have spent that money to become more efficient or expand. Or as in Hazlitt's example, bought a new suit. Then the tailor would have had more resources to put into play.

    The window repairman, much like the parent poster, probably thinks rock-resistant windows and proxy firewalls are an excellent investment. When we look at the long list of technologies that changed the 20th century, many/most were developed at least in part to help wage and defend warfare. One might deduce that warfare is a creator of value. Yet war is always a destroyer of value. It is the allocation of resources that could be more suitably employed.