Slashdot Mirror
Author Says It's Time To Stop Glorifying Hackers
First time accepted submitter Geste writes "Diane McWhorter pleads in this NYT Op-Ed piece that it's time to stop glorifying hackers. Among other things she rails against providers' tendencies to 'blame the victim' with advice on improved password discipline. Interesting, but what lesson are we to learn from someone who emails lists of passwords to herself?"
glorifying actors, sports figures, politicians, generals, soldiers, writers, artists, architects, Canadians, cooks, race car drivers, the old, children, dogs, accountants, spies, computer programmers, cowboys, drug smugglers, and the disabled.
Note to the press: "Hackers" doesn't mean what you think is means.
Is it just my observation, or are there way too many stupid people in the world?
Stop falling for the clickbait, Slashdot.
And yea, that's spelled right. In all 57 states.
Next thing you know we'll stop teaching kids to look both ways before crossing the street because we're teaching people not to drive drunk. But this just isn't how the world works.
Why the hell is there a trend nowadays to call it "victim blaming" to give people advice on protecting themselves? Is it really such a bad idea for people to do things to protect their passwords?
I guess telling people to run antivirus is now "victim blaming", too.
FC Closer
So she emailed a list of passwords to herself, didn't bother encrypting it, and kept it in her on-line email account for 9 months, then she's actually surprised when she gets hacked?
I look forward to the day when America gets back to the point where people start taking responsibility for their own actions again, instead of always looking for someone else to blame (and sue) for their own stupidity.
He *emailed* himself his own password list then whines when his account gets hacked.
NO SURPRISE HERE.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
See Adrienne Brown, who really was victim blamed.
Or the poor woman in the Steubenville Rape case.
excitingthingstodo.blogspot.com
Author Diane McWhorter identity was stolen 6 times today
Coder's Stone: The programming language quick ref for iPad
but what lesson are we to learn from someone who emails lists of passwords to herself?
That real-world security is very disconnected from the clean and nice scenarios in your books and head, because real users think differently than geeks and do different things for different reasons. Some of them we gloat over and call them Lusers and other deragatory terms, but that's mostly to cover up our own insecurity because most of the Lusers out there have had ten times as many and twice as beautiful women and don't live in their mothers basements anymore.
Yes, I know that's also untrue. The point is that different people have different skills and while many of the non-techie people do stuff that we techies consider stupid, they could laugh just as much about us in other areas of expertise. Maybe not women, maybe for them it's sports or marketing or making friends.
So stop gloating and calling people stupid and look at what they can, in fact, teach you. In this case, there's quite a bit to be learned, not the least of which is that passwords are a moronic concept and need to die.
Assorted stuff I do sometimes: Lemuria.org
Hacker says it's time to stop listening to authors. Especially if they think hacker=computer criminal. It's got as much integrity as saying white people=bankers.
Things I learned in reading that blabbering op-ed.
Earthlink is still alive. (shocking, but meh...)
Author likely uses same password for multiple publically known email accounts. (lacks even the least amount of personal information security training)
Seems to think Gawker is a respected, um, network. (HAHAHA!)
Thinks pepole hacking celebrity accounts or high-profile public figures is equivalent to what Snowden and similar whistleblowers do, at least as popularity is concerned. (Err...)
Mentions term 'white hat' like it's a mythical unicorn. (turtles all the way down....)
This is like a nail beutician, commenting on the security of a cars CAN bus. I want my 5 minutes back!
There seems to be no end to pinheads like this who run around and pontificate about crap they know nothing about. And, oh, hey, nice try impressing us with how sophisticated you are..."Oooh, look at me! I was at the museum of modern art! I'm ever so much better than you!" And, of course, she is part of the media class which spends a considerable amount of time glorifying violence to bring in entertainment dollars. The reality is that dumbshits like her owe most of their modern existence to "hackers" such as the Royal Society and others who refused to accept what they were told as conventional wisdom of the day and began "hacking" science and the natural world, producing great advances and inventions, and so on. I'll stop the rant now, and just say that useless flapjaws like her are the reason I ignore the major media...reading virtual fish wrappers like her column just wastes time I could spend doing more productive stuff which will actually help improve the lives of people instead of just making me look stupid in front of a national audience.
A badly written rant containing ill-informed opinions, even when accounting for the author being no `geek', as she puts it.
The problem is not the `glorification' of hackers (seriously?). The problem is that laws remain outdated to cope with this digital age. The problem is that governments rely on badly protected and badly regulated technologies.
The problem is not having enough hackers.
Anyone with a lot of money and little computer security knowledge needs to hire someone to set up their computers and teach them safe practices. It would be worth several thousand dollars to a milliionaire to avoid the sort of problems Ms. McWhorter encountered. Perhaps she is not rich, but she has won a Pulitzer prize for writing. I think she could afford to try harder to be safe. Ideally an operating system should protect the user, but it is practically impossible to write complex software with no errors. People should be suspicious when their operating system comes with a time trial of anti-virus software. The fact that such software exists, makes it pretty obvious that the system is fragile. Ms. McWhorter writes well, but is clearly not a computer security expert. She needs help with her computer and on-line affairs.
Ray Seyfarth, ray.seyfarth@gmail.com, http://rayseyfarth.blogspot.com
If you want to see what real hackers are about, come on down to H.O.P.E. this year, http://www.hope.net./ We're just a short walk away from the New York Times at the Hotel Pennsylvania.
See you there!
"To those who are overly cautious, everything is impossible. "
...should not pontificate about "hackers". OK, I'll spot her the inept use of the term, but aside from that, when it comes to cyber security, Diane McWhorter is clearly an idiot. She uses a public mail server to send her passwords to herself, across the Internet, unecrypted, and it's somebody else's fault when such idiotic stunts result in compromised security?
Ms. McWhorter, It has nothing to do with "glorification". Criminals and miscreants will steal your shit if they can, often just because they can. The motivation doesn't matter. What matters is that they will. What matters even more is that one can, with a few simple steps, drive the likelihood of such a theft down to near zero. So when you fail to take those steps, you are being stupid. Its like never locking your house or your car and then crying foul when someone points out your negligence to you.
everyone to get off her lawn.
I'm a hacker,
I'm a snacker,
I'm a mid-night wacker.
I get my lovin' on the net.
Ooh, ooh, ooh, ooh
Ok, we're going to snicker at someone e-mailing password lists, because we all probably understand that e-mail, by default, is sent in the clear, and is therefore not secure. It's hard for tech geeks to properly empathize with "normals" who just want to get some work done, or surf around on the net and not worry about getting their computer taken over by some malware.
Honestly, though, it's hard to blame normal users for this. Should a user have to be a computer expert in order to actually use a computer? Some might argue yes, but that doesn't seem too realistic. The fault lies with software developers who blindly rushed features out the door without giving proper thought to the security implications. Microsoft had a really bad habit of this until they made security a significant corporate priority - it's time for Apple to catch up now, as proven by the recent "goto fail" fiasco. The focus has since shifted to softer targets, first Javascript and browser exploits, and then third party plugins as those closed up, such as Adobe products or browser-based Java exploits, and the good time for hackers (no, I'm not going to call them "crackers") is still rolling on.
Honestly, I'm not sure what the answer is: Probably most casual users should actually move away from fully-powered computers and move toward safer, more locked-down systems like tablets and phones (like they have been). For people not doing serious work or creating actual content, these are more than capable, and are certain safer systems in general. Alternatively, getting set up as a limited account in an operating system with a smaller attack surface like Linux would be fine too. BTW, I don't buy the notion that Linux is inherently safer than Windows (granted, that definitely used to be true) - it's a combination of fewer threats (because it's a less rich target) and configuration options - Windows is also very safe as a limited user account). We've seen plenty of serious security holes in very popular FOSS software, even recently. But people buy computers because they actually want to do computer-like things with them, including running popular software. Limited accounts / locked-down systems are not always feasible.
One thing I'd love to see is the death of standard login-password mechanisms. It's too much of a burden for both a normal user to both create and remember a secure password, and for the website to keep that valuable user information secret. We've demonstrated again and again and again that eventually a crack will be found and the info will leak. That's why I'm hoping that something like SQRL will eventually see widespread adoption. It's biggest strength is that it doesn't require trusting ANY second or third party with secrets of any sort in order to keep your identify secure (granted, associated data can still be compromised, but your identify can't be stolen at least). It's a very promising system, but we'll see if it catches on - it's sort of a long shot. But for the time being, something like LastPass is the next best thing. Someone needs to tell the author of this article about it so she can stop e-mailing herself password lists.
Irony: Agile development has too much intertia to be abandoned now.
NOT ON THE COMPUTER!
For work passwords, WRITE them down (pen) on a piece of paper and keep that piece of paper in your wallet.
For home passwords, WRITE them down and then that piece of paper like any other important piece of paper for your home.
If you do it on the computer you do not know that the system has not saved it to a temp file or something that a cracker will find.
People who will physically break into your house and steal your computer are a different threat than people who will break into your computer via the Internet. Protections against one will not help against the other.
I don't think I have seen one comment that "Guccifier" did was wrong. But, there are plenty of posts calling McWhorter an idiot, a pinhead, a shithead, etc. and telling her to shut up and that it is her own fault she was hacked.
Most comments on here are verbally abusing the victim while completely ignoring the person who compromised her account and posted her personal details on line. And, I am willing to bet that if that happened to any of those posting said comments, the victim would want to kill the perpetrator.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Disclaimer: I didn't RTFA, and while I agree with the headline and summary, it's not for the same reasons and I actually have a lot of respect for real hacking.
I agree that it's time to stop glorifying hackers. Not real hackers that find SSL vulnerabilities, or who hack the mainframe, or who embed assembly in their compiled programs. No, those people deserve all the glory they get (which is very, very little). No, I'm talking about the "hackers" that are always stealing peoples' passwords.
A figurative 99% of security breaches happen because a password got stolen. That is not hacking. That is stealing a password. It requires no more technical competence than the average user possesses. If you write your password down and throw it away, the garbage man can find it and log into your email. Does that make him a hacker? No, it makes him an unethical, opportunistic garbage man.
Password security is not equal to computer security. Real hackers compromise computer security, possibly resulting in a stolen password, or possibly resulting in access that renders the stolen password irrelevant. And if someone steals a banker's password and uses it to do things the banker is allowed to do, then there wasn't anything wrong with the computer security.
That's not to say the user is automatically at fault for the password security. I mean, sure, the user could have handled the password better, but if that user understood that in the first place then there never would have been a problem. Password security is a policy detail. That's probably why it's usually the weakest link. Only the geeks understand enough to design an effective policy, but the geeks don't usually design good policies for non-geeks.
I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
So you would stand idly by and allow misinformation by a group who clearly and chronically has absolutely no grasp of the field they are discussing ruin your language?
It's not my language. I didn't invent it. I don't own it. I also am not so arrogant as to think other people are stupid and do not grasp the meaning of the word. And even if I have an opinion about it my opinion doesn't mean much. The word hacker, for better or worse, now means someone who breaks into computer systems. Intent doesn't play into it although usually the term isn't used with positive connotations. You may not like this but that is the way it is. Get used to it. That battle was lost a LONG time ago.
Protip: Words can have multiple meanings.
Thank you Dave Raggett
... we don't glorify hackers, we glorify good people doing good things that benefit the common good. It just so happens that some of those people accomplish that goal by hacking.
I would rather they say 'A criminal hacked into...
The Kruger Dunning explains most post on
We glorify much worse in society.
Our top artist, Jay-Z is a man who made a career spanning over a decade rapping about being a criminal(gangsta rapper), and glorying a life soaked in drugs, loose women, and crime.
On the other hand, we have movies like zero dark thirty which glorify torture.
We glorify politicians who lie, cheat, and steal, and we encourage eachother to lie cheat and steal for them.
When a kid is bullied in school they are generally blamed for being weak, socially unfit, or making themselves a target.
Most celebrities, the people who we all mimick, do drugs, drive under the influence, sleep around, and act without a care for the rest of us. If we admit we don't like them, something is wrong with us. We re-adjust our social values around them.
We glorify the press and the news, and when they get caught lying to us, often to assassinate someones character for either social or political reasons, strut around as if their position makes them nobility, and violate each and every rule they tell us they abide by with enough regularity its safe to say they don't exist, we extoll them as the saviors of democracy.
But yes, its hackers. Hackers are making society a terrible place. If computer break ins where any other field besides computers, it would be socially accetable. If you get take advantage of financially, or make a silly mistake, well its proof the capitalists are smarter than you. If the bank takes advantage of your lack of time to fight them, its because they deserve to prey on the weak. If you break into the bank computers because the same smarty pants bankers are to daft to learn your field, your a terrorist.
Somehow hackers are glorified? Another shitty op-ed from the NY Times, a fine publication with a long history of clueless op-ed writers, and hideously snobbish double standards.
I've said this before, and I'll say it again, the NYT is a fine publication, but the opinion editorials are run by a bunch of smarmy yuppie shitheads without any real vantage point in society.