Slashdot Mirror

← Back to Stories (view on slashdot.org)

NBC News Confuses the World About Cyber-Security

Posted by samzenpus on from the think-of-the-athletes dept.

Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."

30 of 144 comments (clear)

  1. And these are supposed to be professional media by SuperKendall · · Score: 4, Interesting

    This NBC thing is why I treat blogs and traditional media with equal amounts of respect and skepticism. The "real" media is actually far more prone to making things up wholesale than any blogger, who lives and dies by reputation, ever did.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  2. Not Watching by Anonymous Coward · · Score: 2, Informative

    FYI, the world doesn't watch NBC.

    1. Re:Not Watching by jmac_the_man · · Score: 2

      The World Series is so-named because the best baseball players in the world come to the United States to play because US teams will pay them more money than teams in their country.

  3. The word "cyber" is so 1999. by j_presper_eckert · · Score: 4, Insightful

    No one here gives a shit about that lame "o noes hax0rz in mah cup of coffee" NBC article.

    The real news is that, after having read tonight's even *more* lame, unhelpful, patronizing and disappointing Slashdot Beta feedback thread, it's now clearer than ever that this ship of ours is sinking. At long last, I think that Netcraft really HAS confirmed it. :/

    Soulskill and the other Dice weasels may indeed be "listening" to us, but they've still got a righteous hard-on for destroying this website regardless of how many times we've rubbed their noses in the beta's odiferous offal. I don't believe their calculated, faux-caring, used-car-salesmen spiel for one moment.

    The question now is: Exactly when do we take to the lifeboats, and to what safe harbor do we start rowing towards?

    ~JPE

    --
    Can't stop the Beta? Time to evacuate to ##altslashdot at webchat.freenode.net - Slashcott in effect.
  4. Sochi by Anonymous Coward · · Score: 4, Insightful

    It's not hard to believe there might be a lot of attacks on wireless devices in Sochi. The place is pretty fucked up. Whether these reporters and their consultants know their ass from a wifi antenna or not.

    From a story I've linked below:

    Dmitry Kozak, a Russian deputy prime minister in charge of preparations for the Olympics, complained about water being wasted by hotel guests when said; "We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day,"

    It didn't occur to Kozak that someone might have a problem with being surveilled in the shower until after he blurted this interesting bit of knowledge.

    You just have to wonder what sort of pay-offs went into this Sochi Olympics deal. Russia is a deeply fucked up place to begin with and Sochi is a special level of fucked up within that.

  5. I use a better tactic by SuperKendall · · Score: 4, Funny

    My computer is password protected, and I simply don't give the password to NBC reporters. So far, no viruses yet! :-)

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  6. comp.misc on Usenet is the new Slashdot by RocketRabbit · · Score: 2, Funny

    Comp.misc on Usenet is the new Slashdot. It is a totally abandoned group, and I have already inaugurated it. Nobody even uses it, so we won't be offending anybody.

    Come one come all, join the Slashdot exodus on usenet! Eternal September is a free Usenet provider, and you can read news with Seamonkey, MS Outlook, Opera, Unison (pay product), or the classic Unix programs such as tin, rn, slrn and so forth.

    Usenet is free, distributed, uncensored, and allows you to shit-can offensive posters. While it doesn't have moderation per se, the number of replies a topic gets can indicate how interesting the topic is. Additionally, a conversation can go on for months or years (or decades as some have) so you can keep that flamewar going, and with the handy killfile feature you don't have to worry about spamming other people!

    Join me there!

  7. Re:It's almost too easy by Guy+Harris · · Score: 4, Interesting

    I'll admit Slashdot has serious balls to link to a news site that just got its own redesign, with the exact response that this site's beta got (and deserved just as much).

    No, it deserved it more. Next to nbcnews.com, beta.slashdot.org is a masterpiece of clean Web design. (Hell, the new nbcnews.com makes buzzfeed.com look not too bad.)

  8. Re:Yay! Beta moderation at last by phantomfive · · Score: 2, Insightful

    but it does have a few interesting features.

    Like what?

    --
    "First they came for the slanderers and i said nothing."
  9. Re:beta.slashdot.org by hcs_$reboot · · Score: 3, Insightful

    I don't know where all of this (beta) thing is going. But this is currently impossible to read a story at /. Not only everyone digresses into "beta", but also no relevant "mod" is performed. I just hope it all gets fixed quickly - whatever the solution is - that starts to be annoying.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  10. not even in Sotchi by tero · · Score: 2

    ..they were in Moscow..

  11. Funny.. by Adult+film+producer · · Score: 4, Interesting

    How all of the comments about Beta are being moderated to ZERO or worse since that recent story.

    Stay strong people... uprate slashbeta comments despite this blatant attack on the userbase.

    1. Re:Funny.. by Thanosius · · Score: 4, Insightful

      Shit, you're right. There's no way the entire Slashdot community has immediately decided to down-mod fuck beta posts so quickly after the official discussion topic.

      It's amazing DICE and associated fuckers honestly think we wouldn't notice this. They REALLY think we're dumb fucks.

      --
      Account abandoned. I can't fucking spell for shit and Slashdot doesn't even allow time-limited edits of posts. Plus you'
    2. Re:Funny.. by Anachragnome · · Score: 2

      "Stay strong people..."

      Can I be in your next movie? I want to be as FUCKed as BETA. /.

      Since I cannot add this much to my signature, and the fact that signature isn't visible unless you are a logged-in user, this will have to do...

      US5722418
      +
      US5644363
      +
      GoogleGlass
      +
      Acceptance
      =
      ????

      If history is any sort of an indicator, any rights we sell today, our children must buy back with blood tomorrow.

    3. Re:Funny.. by Anonymous Coward · · Score: 3, Insightful

      The off-topic posts about beta annoyed me before there was a story about them, but I understood their reason. While there's a story on the front page where they're on-topic, I'd like to be able to find the on-topic comments on other stories.

    4. Re:Funny.. by VortexCortex · · Score: 3, Insightful

      Well then go bitch about it to the beta overlords. Seems you need a USEFUL FEATURE: A filter option with boolean logic. It could run in JS so as not to consume server cycles.

      In other words: FUCK BETA. If it was useful YOU WOULDN'T BE SEEING THESE COMMENTS.

  12. Re: beta.slashdot.org by Anonymous Coward · · Score: 2, Insightful

    Hi, it's called a "boycott."
    Think of the "f beta" posts as picketing.
    Also, this is pretty much a non-story.
    Clueless reporter doesn't know what he's talking about - news at all damn day long on every news channel.

  13. Wow, what a circus! by jones_supa · · Score: 2

    I don't like the beta either but I didn't expect this kind of chaos to ensue. No proper discussion can be had in any article as they are filled only with beta comments. Interesting situation indeed. I'm grabbing the popcorn.

  14. Same everywhere by Tom · · Score: 4, Insightful

    It's the same everywhere you look. The current state of IT security is horrible, utter and total crap, and the main reason is that most of the people who work in the sector have no clue, starting from journalists like those and consultants and... well... almost everyone else.

    The reason is that much like cryptography, real security is hard. It's not something you pick up in a week course when your boss decides someone in the team needs to specialize on security. There are a great number of actual experts and over the years I've had the pleasure of meeting or working with many of them, but it's a small world and the total number of experts available world-wide is far smaller than the demand for manpower in the security "industry".

    Plus it's a bikeshed problem. Lots of people know a little bit about security, so focus is given to the parts that people believe they understand, instead of the real problems. When I do consulting (I don't very much, I dislike it, but I occasional take jobs because I enjoy the problem, or the company) my metaphor for that is that in IT security, it is very easy to find someone who will sell and install you a 3-inch solid steel door with military level security locks for your front door, but very difficult to find someone who will walk around the house with you and point out the easily broken windows and the open basement door.

    Here's a free business hint: When you hire a security consultant, ask them for a quick suggestion for a password policy. If you get the two decades old "at least x letters, at least 1 special character, at least 1 number", don't hire them. That bullshit was adequate on Multics systems in the 70s. Today, it will weaken your password security if you programmatically enforce it. (and yes, I have the data to back that up, but that's a short presentation and not a comment field).

    So yes, these journalists are spreading bullshit. They are like the power users in a company - the nightmare of IT support. They probably know a little about security, just enough to get it wrong.

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:Same everywhere by magamiako1 · · Score: 2

      I disagree with you on the "most people who work in the sector have no clue" statement. People have long known about IT security issues. It's not like things like "sub7", "winnuke", "nimda", "code red", etc. weren't issues.

      We've long known about NTLMv1 issues and it was strongly recommended as a hardening practice as early as 2001/2002 when Microsoft implemented it.

      The issue has never been "nobody having a clue", but more like, "Management not giving a shit". Yes, the state of information security is atrocious. But that doesn't stem from the IT guy so much as it comes from having to approach management, "Hey; we need to upgrade to this system to improve our security and reduce our risk."

      Blame IT for not being able to put it well, or blame them for not being able to play the social game well enough to get the boss to want to listen to them over their friends. But in some cases, you really don't have much leg to stand on. Even if you were logically correct, even if you were on the boss' good side; the reality is the guy who says "NO DON'T UPGRADE JUST STICK WITH WHAT YOU GOT AND THROW THIS LITTLE BOX IN FRONT OF EVERYTHING!" is going to win--all of the time, for the simple fact that he appeals to the boss' wallet.

      Telling business leaders they need to not only spend money in IT, but spend it repeatedly and regularly, is something that is almost never going to go over well. And it's something that's needed to keep up. The "bar" itself is constantly moving.

    2. Re:Same everywhere by aaarrrgggh · · Score: 2

      A very low percentage of IT people understand security issues to a sufficient degree to be able to act on them in the abstract. Talking to the director of IT at a very large defense contractor a few years back about a new proposed SCADA network, I showed him the plan for our isolated network, and the proxy/firewall connection to his corporate network, and asked him how they wanted to treat it. He was prompt to ask who needed access, how much throughput would it need, and if we needed more than one IP address.

      I then went into my laundry list of bigger issues, so he suggested they just get a dedicated DSL line for it so it didn't need to be connected to the corporate network, and just make the SCADA vendor responsible for security!

      People want to put security issues into buckets. The problem is that issues today are substantially more complicated than that.

      Just look at slashdot beta... That is what "news for nerds" is trying to be now. Lowest common denominator only, please.

    3. Re:Same everywhere by Tom · · Score: 2

      I disagree with you on the "most people who work in the sector have no clue" statement. People have long known about IT security issues. It's not like things like "sub7", "winnuke", "nimda", "code red", etc. weren't issues.

      I should've been more clear:

      There are security experts, and there is the security industry. The two occasional meet to compare notes, most of which are beyond the understanding of the later.

      The security "industry" is exactly the snake-oil job you describe, for most parts. Business people with just enough understanding of security to fuck it up really well, and well-meaning techies who know just enough to complete the mess. They package security into nice products... sorry, "solutions" and sell it at incredibly inflated prices to PHBs who want nothing more than putting something with a nice name on the expense sheet and reporting to their bosses that the security problems are all solved.

      Real security is a lot dirtier, less sexy, more work and more complicated than that.

      Also, it includes a lot of fields that are not very technical, like cognitive sciences to understand why users act the way they do.

      --
      Assorted stuff I do sometimes: Lemuria.org
  15. Re:Yeah, yeah, we get it now... by pitchpipe · · Score: 5, Insightful

    But can we please just keep on enjoying Slashdot too?

    But that's the point isn't it? I want to keep enjoying Slashdot as I have for years, but that is most likely going to change, and well, there isn't a really good alternative out there. So I'm trying to communicate that in the one way that will make them reconsider: fucking up the comments. For some reason the Dice clones think that this site is very similar to a tech section from HuffingtonPost.com, and that all they need to do is tweak the UI to drive up traffic. If they can see that the fucked up comments are actually hurting traffic maybe they'll get the message that Slashdot really wasn't what they thought, and that it really is all about the moderation system and comments like everyone has been trying to tell them.

    I'm not hopeful though. The sheer arrogance in corporate board rooms today is breathtaking. Look at the Xbone. They had lots of people shouting at them that they were headed for disaster, people who really cared. They told those people that maybe they ought to get with the times. Those people did: they bought PS4s.

    --
    Look where all this talking got us, baby.
  16. Welcome to our world by Lord+Kano · · Score: 5, Informative

    You know that angry "What the fuck?" bubbling up in the back of your mind?

    That's how gun enthusiasts feel when news people start making nonsensical claims about guns.

    When some dumb ass says "military style" or "assault magazine clip" or someone ridiculous nonsense, we feel the way you do watching this story.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  17. Re:Dice, are you listening? by thegarbz · · Score: 2

    Who gets their business intelligence from a site that has managed to set off a new record in pissing off the largest number of people in one go?

    Seriously though this has got to be a world record. They say they inflicted 25% of users to this? Well this is a website which cripples servers all over the internet just by linking to them. 25% of that bandwidth is a metric fukton of pissed off users.

  18. Re:Classic Slashdot by amn108 · · Score: 3, Interesting

    I thought people come here for content, not stylesheets?

  19. Re:Yay! Beta moderation at last by hmckee · · Score: 2

    How did I get marked as a troll? Probably should have turned off the karma bonus. Oh, well.

    The redesign is less cluttered. I like the static (always at the top) header. The comment widget is nice.

    I only said there are a few things I like, there's a lot more I don't.

  20. Re: beta.slashdot.org by dreamchaser · · Score: 2, Insightful

    A boycott would be people not using /. at all. At best all the complaining and 'fuck beta' posts are unproductive protests.

  21. Re: beta.slashdot.org by runeghost · · Score: 2, Insightful

    A boycott would be people not using /. at all. At best all the complaining and 'fuck beta' posts are unproductive protests.

    That's coming. The complete boycott is Feb. 10th to Feb 17th. In the mean time, keep up the good work with the Beta comments everyone!

  22. Supervisors at the London Olympics monitored nobod by pigsycyberbully · · Score: 2

    Hi, I was one of many supervisors at the London Olympics. All the Routers that were put in every single athletes room had backdoors they were specially designed for the Olympic village. After the games they were destroyed. All mobile phone messages was monitored from a temporary prefabricated building which monitored mobile telephones, and any form of wireless communication. The reason given for monitoring everybody was in case somebody from within the village used a computer, or so on to communicate with somebody outside the village to get them inside the village to kill Olympic athletes. These stupid U.S. propaganda stories are just ridiculous. after the Olympic Games are finished and have been successful the U.S. will forget all about homosexuals and spying. The U.S. doesn't give a dam about homosexuals, it is just using them for propaganda purposes that and this spying nonsense. For security reasons all Olympic Games, are heavily monitored nobody wants to see athletes being murdered by any political groups it has happened before that is why the Olympics is heavily monitored when ever the Olympic Games is held. Being paid to spread anti-Russian propaganda: Benjamin Cohen.. https://en.wikipedia.org/wiki/...