Slashdot Mirror
Is This the Golden Age of Hacking?
Barence writes "With a seemingly continuous wave of attacks hitting the public and commercial sectors, there has never been a more prodigious period for hackers, argues PC Pro. What has led to the sudden hacking boom? Ease of access to tools has also led to an explosion in the numbers of people actively looking for companies with weakened defenses, according to security experts. Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets. The pressure to get systems up and running as quickly as possible also means that networks aren't locked down as tightly as they should be, which can leave back doors open for hackers."
This is the Silver Age at best.
Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets... ?
Umm no, its the Lulz age of hacking.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
I guess they have forgotten about the 80s?
Palm trees and 8
Haven't RTFA'd yet, but I would suspect that hacks aren't any more common now - just more visible and more reported. It's like when the news media has a "summer of the shark" - after a few notable incidents, the media realizes that these stories bring in viewers, and then any further incidents, no matter how insignificant, are publicized when they otherwise wouldn't be. Just look at the recent Bethesda hack - that kind of thing goes on all the time, and I was surprised anyone bothered paying attention to it. Sure, some of them were big - the first Sony attack was significant, and the US Senate hack is noteworthy - but a lot of these recent hacks have been relatively minor.
There's also the possibility that all this attention is actually causing more hacks - after the initial Sony hack, hackers realized that Sony was a big, vulnerable target. By extension, they realized that big companies actually aren't bulletproof - in fact, many of them have terrible security. I'm sure such knowledge was widespread in the black-hat world, but now the secret is public knowledge.
You probably meant Cracking not Hacking. See http://www.catb.org/jargon/html/C/cracker.html
not especially because of the number of engineers with time on their hands, but because of the number of people who watch their wealth being given to the wealthy by those they voted for, and decide they have had enough and why not burn it all down..
Korma: Good
The problem most websites have is one of users choosing insecure login details, either through ignorance, laziness or disinterest. Although this is not a huge problem if it's front-end users, the same problem exists with admins, and those with elevated privileges. The most secure fortress is little protection if the passcode to open the front door is "1234".
I don't think this problem can be fixed by "forcing" users to choose long passwords, or to have a different password on every site they use. As we've seen, they simply won't do it, and why should they? It's different if you have a technical, or security-related background, and understand the risks - the average Joe isn't interested in spending the effort to maintain and organise a secure list of passwords in an offline location.
i think the only way this can be fixed is by using SecureID style authentication - either with stand-alone units, mobile apps, or units built into laptops or keyboards (separate from the other components). Obviously it would need to be physically separated from the machine being used to login (or at least sandboxed, in the case of a mobile app). We just need a good cross-platform authentication API that's easy for developers to implement, and cheap hardware/free software for the client.
Code, Hardware, stuff like that.
What has led to the sudden hacking boom? Ease of access to tools has also led to an explosion in the numbers of people actively looking for companies with weakened defenses, according to security experts. Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets. The pressure to get systems up and running as quickly as possible also means that networks aren't locked down as tightly as they should be, which can leave back doors open for hackers.
But by that logic, we could have seen similar things when the dotcom bubble burst, right?
My view of this comes from a completely different place. I see an exceptionally large amount of users' rights being debated and discussed and we're seeing communities popping up devoted to this. Frankly, it seems like the users are just getting shit on. And, like any struggle for rights, there are negative things that happen. There are always going to be people that take it to an extreme level and there are going to be innocent bystanders turned into victims. While I still see this as a bad thing, some of these actions remind me of a sort of John Brown at Harpers Ferry incident. Similarly, there's the mindless looting during rights demonstrations and protest crowds at the G8 summit but it's not the overall message that's doing that. The opportunists come out of the woodwork.
Similarly the public and citizens of the internet are demanding more rights. While this fight is going on with Facebook, Sony, world governments, etc, the communities are going to pop up that take it to an extreme offensive. They will do bad things and I'm not going to be one condoning it but I see it as part of the growing pains of companies respecting peoples' rights.
It's a sort of vigilante justice that I don't agree with nor condone but I can somewhat sympathize when I feel like I've been unjustly wronged by some of the targets and have had no sense of justice in the matter. People who feel strongly about this and have that negative spark in them would have a motive to become a part of these new communities. And in my opinion that's a more plausible explanation as to why you're seeing an explosion -- not the recession or turnover in network employees.
My work here is dung.
"Is This the Golden Age of Hacking?"
This what?
This century?
This decade?
How long is an 'Age'
Centralising security creates a single weak point, as recently demonstrated when someone stole the keys from SecureID. If Facebook can recognise us from our friends' pictures now, perhaps all our systems should be doing the same through webcams. It's too creepy to contemplate but not too far fetched technically.
Korma: Good
The issue is that ANYONE can crack these days. People with non-existent computer skills can easily acquire tools with point-and-click interfaces for hacking. Combine this with epic-level apathy on the part of the targets and it is a little like the destruction of the buffalo population during the wild west. Only if the cowboys were 12 years old, rode tanks, and had auto-target.
A golden age can only exist by looking back on what was. Anyone declaring anything to be a golden age is therefor automatically wrong.
The way to fix the problem of bad passwords is to do away with passwords entirely, and start using cryptographic authentication methods. It may require us to issue a special dongle to users, but at the end of the day people should be able to use their public key to log in to online systems. Naturally, there would be some issues -- users would need to have a way to revoke keys, increase their key sizes to compensate for new algorithms and faster computers, etc., but it would still be an improvement over what we have been doing for the past few decades.
Palm trees and 8
What do you expect to happen when you hire Systems Administrators for 6 month contracts to build your systems, and then let the contract expire after the servers are built? Servers don't usually patch themselves, nor do they remain compliant with your security standards once you give developers and DBA's root access.
Most ignorance is vincible ignorance. We don't know because we don't want to know. --Aldous Huxley
If you look at some of the 'hacks' like getting into CityBank, there isn't any real 'l33t uber haxor' going on here. Those sites were remarkably insecure. No stateful inspection of ID/Password, unsalted passwords/ids, declaring what should be very private information in the clear for all the world to see, multiple access points to private data, likely an unencrypted (non-ssl) connection, its also very likely that packet sequencing was non-random, so a border gateway protocol man in the middle attack using packet injection would work, as well as (much easier) ribbon tables to break poor passwords (brute force, but not that much force). The list goes on. Golden age? Not really. This is like when the kid taking his first introduction to scripting course came up with the ILUVYOU virus. If a newbie script kiddie can make off with the keys to the kingdom, then clearly the castle walls shouldn't be made of single ply wet tissue paper.
I think it is more bugs in software than the network infrastructure! Everyone is so quick to blame the infrastructure engineers when I have seen more poorly written applications with memory leaks and ones that run with root privileges than poor network designs.
It takes a special kind of person, who, when presented with lots of free time and the tools to do amazing things, says: "I think I'm going to horribly violate the entire online world today."
Perhaps I should be thankful that I'm turning my talents to more productive ends. But I doubt I'll be hired before these assclowns find work.
If you want to blame someone, we could blame Obama, whose administration has practically continued the war on hackers and then wondered "why are we so short on competent programmers?" or we could blame wall street and its "rape the economy and then blame those that tried to stop us" philosophy, or we could blame industries that engaged in military action against america, deliberately using their racketeering scheme to attack children and college students, knowingly and willfully attacking our country's supply of future skilled labor - something they did for over a decade prior to "the crash", or there's china and india who are or at least were doing so well in spite of our country's failures, or there's our own prior administration who spent countless times more money than we had or would ever have to wage war against iraq, an enemy of the terrorists that bombed us on 9/11, or there's the new fascists of america who are using the words "liberal" and "homosexual" instead of "undesirable" and "jew", or there's global climate change, or those that deny it, or sick and twisted people in power in every position they could be in...
Fuck it. When the world runs out of victims and points in my direction I'll be happily enjoying life on Mars, in my secret volcano lair at Olympus Mons, with my consciousness-infused computer "phylactery" keeping me immortal, enjoying the ability to do in the real world what we do online now.
If you can read this, I forgot to post anonymously.
Golden age implies that great (or, at least, impressive) things are accomplished. Nothing much impressive about (to paraphrase) shooting fish, in a barrel, twice in the head, with an elephant gun.
More online services each year = more targets each year. Inadequate investment in security = easier targets. I'm sure crackers are getting more sophisticated, but probably no more than in any other field. It's definitely easier to find victims.
One could imagine an age of some kind which grows from all this, but not quite there yet.
There are a lot of reasons for this to be an age of intrusions galore:
1: Corporate philosophy. I mention this often, but it is very true -- security is a cost center, so in a lot of firms, it gets hind teat in the budget.
2: Ease of getting away with intrusions. Got a botnet? Just create some PPTP/L2TP connections and you can manually try breaking into machines and one can either not be traced, or have the blame shifted to another party. Especially if the intrusions come from a country that is disliked.
3: Lack of international cooperation. All it takes is one proxy to be in a country that doesn't like another, and there is no way an intrusion can be traced, much less prosecuted.
4: Lack of meaningful security tools. A lot of the tools used in businesses are all sizzle, and not much steak. Take AV programs. They are great at catching last week's stuff. However, most attacks are polymorphic 0-days that just zing past AV program detections.
5: Ease of infecting via ad rotation services. Ad rotation services can sling malware without ever getting caught because people will blame the website, not the servers slapping the ads on it. The same ad servers that can target by demographic can target a company and just that company for malware.
6: Using the Internet for all traffic. In the past, there were backbones that were not accessible to anyone that transactions ran across. Now the same wire that gets pr0n to Joe Sixpack also carries bank data and transactions.
7: Failure to use basic security protocols in password storage. Hell, crypt(3) is better than most ways passwords are stored. The best thing is to look at known secure utilities like TrueCrypt and follow their example.
8: SQL injections and parametrized queries. Simple stuff, but because a lot of dev projects just want a code base regardless of bugs, this stuff gets ignored until the breaches start.
9: No real network security. A firewall doesn't cut it anymore. Instead, companies have to use VLANs and keep departments separated. This way, a compromise in receiving doesn't mean finance or HR is pwned too.
10: Legacy protocols. FTP (other than anonymous FTP), telnet (except for use for debugging), and other insecure protocols need to either be limited via packet filtering mechanisms and router ports, or eliminated altogether. Instead, if two machines need to share data, have them use a LUN presented to them and a filesystem that allows for this.
11: Lack of internal policies and procedures. Security isn't just clicking "secure mode" on an appliance and walking off. There needs to be a process if someone calls in from an internal line demanding info, or someone physically is picking a lock.
12: Separation of duties and data. This is expensive relatively, so it tends not to be done, and the same server with the source code build may have the HR payroll data. This makes for a field day for an attacker.
13: Chain of custody of data. Either the machine it sits on is properly secured, or the data is stored encrypted with proper key management. For example, some enterprise level backup programs have data encrypted at the client end, and only that end has the key. This way, if the enterprise backup server gets compromised, the data can be destroyed, not accessed or modified.
14: Morale. Morale is so easily forgotten, especially with companies that do the low bidding among the last 3-5 candidates. High morale means people are proactive on security. Low morale means people will ignore breaches assuming they won't be thrown under the bus.
15: Cloud computing. There is no benefit for a cloud provider to give anything but token gestures for security financially, so one is begging to be compromised unless there is solid encryption with good key management done before the data leaves the client. Even then, blackhats can have free and unfettered access to the encrypted data and can detect patterns over time. SLAs are meaningless; a cloud provider can change hands or go bankrupt and all the privately stored data can be made into a torrent or sold to anyone with cash.
Because most businesses pay lip service at best to security, it is no wonder why blackhats are having a field day.
The golden age of hacking was the late 1970s and 1980s. Things they pulled off back then were far more impressive and interesting to watch.
I did agree, more people are hacking now than ever before, Magazines like Make and Makerfaire as well as the rise of the Hackerspace has significantly made inroads on bringing hacking back to the masses...
But the article is written by a illiterate journalist that seems to not realize that the term "Hacker" has been retaken and what he is talking about is simply a cyber-criminal or cracker.
Do not look at laser with remaining good eye.
Are they talking about hacking or cracking?
For hacking, this could be a silver age. The days of HomeBrew and phone phreaks were the golden age.
For cracking, as others have noted, it's the lulz age.
I'm not longer writing code myself, but I'm constantly amazed at how utterly horrible the code being written by my successors appears and works. Where is the craftsmanship and pride in writing clean, fast code today?
Indeed since hackers now refer exclusively to the people doing bad stuff on the Internet. Well maybe not exclusively on the Internet, but you get the idea.
(\__/) This is Lapinator
(='.'=) copy it in your sig
(")_(") so it can take over the world
I was going to say something about cost. As the hacking becomes more widespread, companies will notice it is a problem and start to DO something about it. Systems are more vulnerable now because the money has not been spent to secure them - because it hasn't been too much of a problem. We'll probably go through a phase of increased security breaches until people take it seriously and fix it. Now would be a good time for some data driven analysis comparing various OSes and their configurations from a security point of view. That's difficult, but we need to start looking at what works, doesn't work, and why.
Now, I do not condone Lulz Security or Anonymous, but the fact of the matter is they're not just 'script-kiddies'. Every tech-savvy webpage I've gone the ones that are user-submitted have belittled the efforts of both hacking groups as if they could do the same things so easily. I'm not sure why there is such a pretentious atmosphere of 'pro' coders here... but to be real honest with everyone, they have spent a lot of time researching web security vulnerabilities, and the biggest joke of all is that a good portion of readers on slashdot are probably sysadmins who think their system is protected by a golden firewall, which they probably bought from some other software vendor.. Blah, blah, it's just sql injections... lol, yeah... that's the greatest joke of all, they guessed your table names and you allowed escape characters... And these people certainly realize they don't even have to lie or fabricate their stories considering they get in with the simplest, MOST known vulnerabilities.. I think some of lulz's actions deserve merit, the fact that they haven't been caught yet is a sure sign that they're somewhat competent at what they do.... much better in-fact than the security companies that supposedly get paid top-dollar to ensure data protection.. In essence, the biggest joke is not the simple attacks of the hacking groups, it's honestly the over-abundance of hypocrisy and finger pointing that essentially does nothing next to actually coming up with valid security solutions.. The best example of all this is simply Mitnick, he didn't even have to hack.. he just called someone up for a password.. you know why, because the smartest hacker doesn't waste 9 years trying to guess/crack a hash, especially when people are so much easier to manipulate than software.
Can we make another movie with Angelina and just throw in Brad Pitt so we can get the 2x the eye candy in a techy movie? Keep Megan Fox out she's way too dumb for a hacker-esque movie...
The availability of tools that can automagically find these vulnerabilities and exploit them is what I blame.
I have no such sympathy. Those tools with find holes are not just as easy for security staff to obtain, but those tools were made FOR the security staff. If someone works in IT Security and don't know how to run Metasploit on their own infrastructure, then they are utterly useless to the point of being the real point of blame. And if companies can't hire those individuals, they are as to blame as banks that don't take security measures to protect tellers from armed bank robbers.
The same trend to "open environment" that has removed the bullet proof glass from bank tellers is the same BS "open environment" pushed by company websites. Yeah, they opened it, alright. They flew so fast to become "social" that they exposed their nickers!
I8-D
Actually most would consider the "golden age of hacking" to be the mid-to-late 80's.
None of the large, corporate scale intrusions that have been in the news of late were born out of curiosity, or executed using self-derived skillsets or self-crated tools.
On the other hand, it's probably a good time to be in security, as the expected overreaction from the corporates is sure to be the gravy train the various HBGary-esque security firms have been waiting for.
If you consider that "Hacker" now mean "Evil Spawn who do something illegal with a computer", I would say TFT is right, by your own argumentation. More and more people feel the need to break law on a level or an other to do what they want with their devices. So effectively the number of hackers raise.
Me I think that the more lucrative informations will be hackable, the more hackers will be happy.
(\__/) This is Lapinator
(='.'=) copy it in your sig
(")_(") so it can take over the world
Then only outlaws will have hacking tools
QED
If you don't know where you are going, you will wind up somewhere else.
Comment removed based on user account deletion
Could it also be the right generation - there is now a generation of "politically motivated" people out there who will have grown up with a computer+internet environment from an early age....can this reasonably be said of any other generation? Is this the reason so many hackers have been "created"? Other generations used other tools, ours will use the internet.
Nowadays its easier than 10 year ago to explain why you dont want an openly writable share on a network drive. Nowadays its easier to explain to people why they should choose their passwords well.
While i think anonymous-es script kiddies are stupid a-holes who should go to a therapy, i have to say all these things have made the job of the security admin much easier, since you will get more attention than 10 years ago when "but the my network is still working" was a usual response to a "hey, i think this is insecure".
So systems will get more secure, and at some point people may even learn about cryptographic certificates.
"Hack The Planet!"
1990, Legion of Doom steals AT&T Unix source code
August 25, 1991, Linux Torvalds releases the Linux kernel
coincidence?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
This is the golden age of hacking-for-publicity. I have seen a few people comment that the 80's were the golden age of hacking. I wasn't old enough then to agree or disagree, but I do think that hacking was just as big in the early to mid 90's, when I first came on the scene, as it is now. The only difference is that hackers get a lot more publicity now, and that has cause some to seek publicity.
Earlier today Obama talked about a lack of engineers in the US. The same goes for IT professionals. The problem is that those professions are often underappreciated and underpaid, so smart ambitious people go into business and law not tech.
I work for a Fortune 500 company whose IT department just sent down a command to uninstall Firefox 4 and replace it with 3.6. So they went out of their way to decrease the security of someone's workstation. Hacking is so prevalent because the best and brightest go into CS, and the dumbest drop out and go for IT. Those people make departments less secure, not more secure. The IT managers are usually just as bad or worse. And in my experience, the bigger the company the worse the IT department.
That would have been when all services were exposed to the Internet, plaintext protocols were the norm, exploits were of the single-packet variety, etc.
I know it seems that governments are powerless against hackers, especially with many operating in countries that are not currently serious about stoping them, but this will eventually change. Eventually, all governments are going to impose harsh and swift penalties for any and all hacking activities. I'll use an old west analogy to explain...
Back in the old west, if you stole a horse, pretty much whoever caught you could hang you on the spot, or at least any semi-legitimate 'deputy' could do it. Why was horse stealing dealt with so harshly? We don't hang current car theives.
It was because of two things. Stealing a horse was pretty damned easy in most cases, yet the old west economy depended on horses. As such, the importance of protecting the business structure allowed the punishment to grow out of whack to the crime.
Hacking is the same now... It's painfully easy to do, but the economy is becoming more and more dependant on electronic comerce, and more and more damage can be done. Eventualy, this will drive any and all hacking to be targeted as a serious crime, not just hacking that really damages a company or government. Eventually, you will end up going to jail for 10 years for changing your friends facebook page without his permission, so there will no longer be an avenue fo casual hackers to practice their skills, and fewer folks will graduate to serious hacking.
I'm not saying hacking will be eliminated, but that there won't be any casual hackers, just like there aren't any casual murderers, only hard core cyber criminals who need to start in and stay in obscurity. As such, this is the golden age of hacking.
Not really. In a capitalistic environment only the ones that have enough money to have proper security will flourish. So its good with these security breaches because it will cull the cruft. I wouldn't be surprised if lulzsec already has complete ownage of everything relevant on the net. And with that I hope they'll ramp up the disclosure so the rest of us know how bad it really is. My estimate so far is that it is worse than we can imagine.
Way back in the 90s, when people could deface a website and get slapped on the wrist. Hack a dozen corporations and not be investigated.
Now you do any hacking at all, and you get investigated and locked up by the FBI. It's definitely not the golden age. It's the age where hacking is as stupid as selling drugs used to be in the 80s.
* Subsistence ("There are some lovely berries here")
* Gift ("This deer is too big to eat before it spoils, so let's share it, and others will share next time")
* Exchange ("You give me some meat, and I will give you fruit").
* Planned ("You over there will hunt the meat and you over there will gather the fruit and we will divide it up")
* Theft ("Give me your fruit and meat because I'm stronger or cleverer than you")
The balance shifts with technological and cultural changes.
Theft is, sadly, a form of self-employment, or even subsistence in a sense, for desperate people, even if it is illegal (although privatizing profits and socializing costs by big companies often is not, as what is theft and what is legal is relative to cultural norms).
Other options would be improved subsistence through 3D printing and solar panels and local gardening, a bigger gift economy like more of Freecycle and food banks, a basic income to soften the exchange economy, or better planning like to have quality local free-to-the-user public housing and cafeterias and workshops. Each state chooses what balance it is going to have based on culture and ideology and existing power centers.
More on this here:
http://peswiki.com/index.php/OS:Economic_Transformation
(But the "theft" part was insightfully suggested to be added by someone else on slashdot after I wrote that.)
See also:
"The Mythology of Wealth"
http://www.conceptualguerilla.com/?q=node/402
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Anyone can acquire tools. If that were all it took to pull off a successful hack then yes everybody would be doing it but it depends on the nature of the hack.
Hacking a website, DDOSing, anyone can do. Actually infiltrating the entire network, not anyone can do this. This requires a team of somewhat skilled hackers.
And not any programmer can be a hacker either. There are millions of programmers and anyone can learn to be a programmer, but you cannot learn to be a hacker, you need a talent for it.
1) Never before has there been so many things one could hack and in so many different ways. There is more online presence today than ever, thus more opportunity.
2) Many of those online, do not take security seriously, just look are large recent examples. This culture will change eventually, however for now it's the wild west.
Take those two, add the fact that there are more people online with more computer knowlege than ever before (perhaps not as a ratio of the whole, but in shear numbers yes), and all one has to do is pick off the low hanging fruit. Targeted hacking might be tough still if they actually have any security, however Citibank and Sony has shown that even large institutions show a blatant disregard for basic security. Even with great security, it can always be circumvented by insiders either intentionally for gain, or unintentionally through stupidity (bad practices or human engineering).
The golden age started around 1977. In 1977 the TRS-80, the Apple ][ and Commodore PET were all released. In 1978 the Hayes modem began being produced on a mass scale (followed soon by Novation's CAT). By 1980 there were BBSs like 8BBS which were open to the nascent hacker culture (it was raided by the FBI in 1982), and this culture could be seen on Modem Over Manhattan in 1981 and after. There were other hacker BBSs like OSUNY around in 1982. There were also overlooked hacker discussions on Micronet/Compuserve and The Source. Then in 1983, WarGames was released around the time news of the 414 busts were hitting major newspapers. You also had computers like the VIC-20 that could attach to a TV selling for less than $100, with a modem for less than $100, allowing many people to afford to buy these things. So you have an influx of kids onto BBSs, in a young culture which was full of discussions of WarGames and the 414's, with some older, semi-radical technicians who knew about mainframe systems thrown in the mix. You began to have magazines like 2600 in 1984, Phrack in 1985. TAP meetings in the early 1980s gave way to 2600 meetings. Summercon began in 1987.
What happened is what happens with many movements. It began to get more organized, into sophisticated groups (LoD, MoD, L0CK, Phonemasters, The Posse - not to mention European groups like 8lgm and the people around the CCC, Hack-tic etc.) who eventually gained effective remote control of core Internet pillars (Internic, major gateways like MAE-West, corporate computers of Cisco etc.), as well as x.25 (Tymnet, Sprintnet), Baby Bell computers (COSMOS to SWITCH/FOMS, SARTS, TIRKS etc.).
The consensus seems to be this ended in 1995, not with a bang but a whimper. The rise of the Internet killed it off. There are a few reasons for this. One is some hackers or hacker groupies started making a lot of money working for start-ups (a lot meaning hundreds of millions, to less than that). Another is the old BBS culture was killed off and replace by the Internet. It used to be there were thousands of BBSs in kids homes, and then other dialups, the mainframes, that the kids would go raid. It was Manichaeism - the hacker network of BBSs where hackers would talk and go raid mainframe (or x.25) dialups, and on the other side the corporate mainframes, totally closed off, with all of the data and so forth. The Internet blended this all together - our network of our own private BBSs disappeared, and suddenly corporations opened up their computers to a large extent via web pages. Changes in production affected relations of production.
Hacking did not completely stop in 1995, but you have nothing like what existed then now - a network of technologically sophisticated groups who shared information and techniques, who had the capability to get into virtually any system. It's possible things could get to that point again, but I haven't seen sign of it. And it is hard to have the network of people necessary to do something like that and keep it completely secret.
I think the more important question here is: are they (the companies) being attacked more or are they being more honest about being breached?
The average system plugged in today is way more secure than the average system from 5 years ago which was way more secure than the average system from 10 years ago which was way more secure than the one from ... yada yada yada.
Two simple reasons.
1 - Disclosure laws. Yes they're important but because of mandatory disclosures way more of these things make the news than they would of back in the 80s or 90s. So not only do we hear about it more often, but many groups/individuals are more motivated to go after the low hanging fruit because they can get bigger headlines out of it.
2 - There's gold in them there hills. Credit cards, SINs, online bank accounts, whatever. It's all the same thing: Money. And there's a heck of a lot more of it floating around on this Internets thing than there ever was back in the day.
Here's a list of things that I wish the major consumer OS's especially the desktop ones would do, and they'd be fairly easy to implement:
-push hardware vendors to use full disk encryption by default with a hardware managed key
-password manager built into the OS that logs in when the user logs in and "integrates" with the OS/browser well, and automates most of the bullshit picking new passwords and so on, so users actually use it and use it properly that is no longer use weak passwords, reuse passwords etc
-two factor authentication to log in
-update automatically in the background system that requires no user interaction to run updates, doesn't noticeably slow down the system, and doesn't require the software to be installed from the OS's "app store" to work, and doesn't require user interaction to add new programs to the list
-No list is complete without: not run admin by default (but this one has been repeated a thousand times)
Things I wish they'd do that would take a little more work:
-push software vendors to use ASLR (and to really take advantage of that, push them to make 64-bit versions of their programs)
-push software vendors to use DEP, with these two I am specifically talking about, the major web browsers, browser plugins like flash and financial software like quicken
Overall, I guess it's still a young industry and these things take time. I think that security will hugely improve once the hardware underneath stops evolving, at least quite so quickly. OTOH that won't happen for the forseeable future so stuff like this could go a long way towards helping.
Also while I'm asking for diamond studded saddles for my herd of ponies, get the government to abolish the SSN system. Stupid friggin system. And they have the gall to investigate other entities for poor security practices, gimme a break.
Failure formatting five FAQs of financial facts.
Is this the golden age of shitty question headlines?
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!