Slashdot Mirror
Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons
Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.
experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians.
Are their any governments left that DON'T do this as a matter of practice?
SJW's don't eliminate discrimination. They just expropriate it for themselves.
You can use open-source software, in which security is truly a matter of public accountability.
Wait, why? Why does that have to be so black and white? There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.
These companies are essentially arms dealers. Why aren't they regulated? Why are there no export controls on their products? When PGP first came out it was treated as a weapon by the US government because it protected people's digital communications. Now there are companies selling products specifically designed to gain illegal control of other people's computers and monitor their communications and it's perfectly ok? When governments break their own laws they encourage lawlessness. That is the situation we are in today.
This is yet another example why we need to ignore the authorities and form our own communications, encryption and Internet.
Internet 3 needs to be...
A mesh network, so individual companies and governments can't control it.
All communications need to be encrypted.
without any dependence or need of DNS.
Without a need for ICANN or any other registration entity.
Developed by everybody.
There are laws against the use of virusses, exploits, or any other method as a mean to get unauthorized accesses to computers.
"Hacking Team" is then provably a bunch of criminals, which should face justice.
First, the entire idea of cyberweapons is laughable. Exploits are only possible because of flaws in the code. That is no more a weapon than an unlocked door.
Second, you cannot regulate them as they are immaterial. It would be possible to discover a previously unknown vulnerability, and then not record the finding anywhere. Congratulations, you have a cyberweapon in your brain. Good luck regulating that.
Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.
Am I allowed to oppose dumping raw mercury into rivers & streams, if I support freedom to travel by airplane? After all, both are forms of pollution in the same sense that computers and guns can both be used as weapons.
This is nuts. The industry has been working hard on this (and the large quantity of security, firewall, anti-virus speaks to that), but it's a difficult problem. Do you really think the bad actors (individuals, groups, and governments) are going to dissuaded by some regulation?
So, who, effectively, is going to regulate them? They'll just find a place where the regulatory regime will permit (if not actively encourage) their activities. The regulation argument is hilarious.
Help save the critically endangered Blue Iguana
You are allowed to dislike anything you want. What you do about it, however, needs to be consistent. If you want government to fight pollution, for example, you should support governmental efforts to fight all of it. If, instead, you prefer the problem be solved by boycotts and lawsuits by the people actually suffering from the ill-effects, then that too view should, also apply to all kinds of pollution.
That said, could you not have come up with a less contrived example? Raw mercury is too valuable for anybody to just dump it into a river...
In Soviet Washington the swamp drains you.
Are you making a serious argument in comparing people getting shot and the NYSE shutdown? This is the hill that you're going to make your stand on?
Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.
I think you are wrong about that. The ideological stance on gun ownership in the bill of rights had a lot to do with empowering people to overthrow their corrupt government. Guns no longer have that power for the most part. Computers do. When was the last time a Deer Rifle toppled a world power? When was the last time twitter did? The answer is 2011 Or maybe even 2014
Computers aren't the same thing as guns, in fact they are a lot more powerful.
And by "fairly rare" I mean in most places, except liberal run towns like Chicago. If you take out the liberal run towns with the highest gun violence, you'll find that gun deaths are indeed fairly rare. You are more likely to be killed driving home tonight.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
What fight to regulate cyberweapons? What cyberweapons? Jesus are people really that nuts now?
This is my sig. There are many like it, but this one is mine.
Fuck you. YOUR life ain't worth a penny.
Regulation's backers say that "this is an industry that has failed to police itself,"
Would you expect liquor stores to self-regulate and decide the drinking age is too low?
Self-regulation might work for some cheap and easy things, but no industry is going to refuse to sell to a massive portion of the market voluntarily. If you want to stop them you need legal enforcement.
I stole this Sig
Keep telling yourself that when a bunch of thugs break down your door and pepper you with bullets, and shit on your face as you breathe your last. Brawns beats brains every time.
ahem, agenda much?
> You are more likely to be killed driving home tonight.
That's why I tell my employer I have to get home before sunset.
Pull my finger for my public key.
NYSE ... cost billions of dollars. At $10 mln per life, that's hundreds of lives right there.
You could at least read your own citation, which describes "the marginal cost of death prevention in a certain class of circumstances". That's not the same thing as a glitch at the NYSE.
The usual Statism vs. Libertarianism argument. Whichever side you are on, dear reader, you must be consistent: you can not oppose "regulation" of security researchers while, at the same time, supporting "common sense limits" on gun-ownership, for example.
False dichotomy. Go away and work for the media where they will pay you for such logical stupidity.
Consistency is the hobgoblin of a small mind.
Yeah, right, so we form corporations like Hacking Team to do the "dirty work" so you and mi can sit around in your circle jerk and tell us all how awesome the free market is and how pesky things like the Constitution need not apply to them when the company openly admits that their sole customer is the government.
Government regulation on this is complete bullshit, it is clear that neither the Republicans nor the Democrats will ever cut down on this abuse of power. But cheerleading for the "other team" is also bullshit, I fully expect the first thing to come out of the government will be a law to hold Hacking Team completely harmless for the damage they have caused (see also warrantless wiretapping).
They were basically selling zero day exploits in pre-packaged kits to anyone with money. So... is that legal? Because it sounds like a winner.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Nuance, brother! Look into it, it's a fantastic thing.
Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.
This company needs to just be banned from producing any software, period, unless they provide the source code as well.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
> If you take out the liberal run towns with the highest gun violence, you'll find that gun deaths are indeed fairly rare.
Ah, there it is, that's the real reason for your argument. See I was missing how you were equating identity theft (which while a headache is less of a headache than death) with getting shot, but then I realized that this was your opportunity to take a jab at liberals.
You're twisting information to suite your narrative. You've also neglected to mention that (based on whatever uncited source you're claiming to get your information about gun crimes from) that Republican led states have much higher levels of crime than Democrat states. This information was based off of the analysis of the 2008 Uniform Crime Reports. You can find that analysis here: http://editions.lib.umn.edu/sm...
Of course there's also more recent studies (seen here: https://www.americanprogress.o...) that show a link between lax gun laws and higher gun crime rates. More directly it shows that states with the highest gun crimes (which are typically conservative states) have the highest crime rates. In fact Alaska, Louisiana, Montana, and Alabama rank higher (per capita) in firearm deaths than Democratic states. For comparison while all of the above states were at least 4 points above the national average of 10.26 deaths/100,000 people Illinois was ~2 points LOWER than the national average.
I suppose it's easier to just throw out random uncited sources and half-baked facts without researching the overall data. Especially when your entire goal is to slander a political view that you apparently disagree with. But the short of the long is that none of the above discussion is a valid answer on why everything should be black and white. I personally think you're just trolling -- even if it's not a conscious decision to troll.
You do your cause no good when you edit out crucial words.
The actual quote: "A foolish consistency is the hobgoblin of little minds".
"I don't know, therefore Aliens" Wafflebox1
You're twisting information to suite your narrative. You've also neglected to mention that (based on whatever uncited source you're claiming to get your information about gun crimes from) that Republican led states have much higher levels of crime than Democrat states.
That's how he operates. Check out his post history, he has never, once, held a discussion here in good faith as soon as he sees an opportunity to twist it into Us vs. Them. Ironic considering his namesake.
I think he is right to do. Human life clearly has a dollar value. I would argue not an especially high one either. Consider there are 8 Billion of us. You can't get much more commodity than that. The world as a whole would arguable be better off with fewer people too.
Value has a great deal to do with what has been invested in them in terms of education, care, feeding etc. Than you need to consider things like survival rates. Certainly a healthy teenager is more valuable than a newborn. Much of the risk premature death has been removed, as has the possibility for many debilitating conditions being unknown. We can make a lot assumptions about future productivity as well based on physic, intelligence, etc.
While we can never say Bob over there is worth a half a million but we can certainly say in the abstract sense the average 22 year old native born American is worth $X. To that end we can measure the cost of the NYSE being down in lives.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Anyone can kill a person. It takes everyone to kill a government.
There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.
There is not. Shutting down NYSE [slashdot.org], for example, cost billions of dollars. At $10 mln per life [wikipedia.org], that's hundreds of lives right there...
Are you making a serious argument in comparing people getting shot and the NYSE shutdown? This is the hill that you're going to make your stand on?
It's a very poor example but a valid point. A much better example would be fraud [identity theft], ransomware, spam, etc. With computers you can easily steal time from people on an unimaginable scale.
Suppose someone hacks me, and I get off relatively "easy". I may spend 1 hour of my time canceling a credit card, activating the new card when it comes, and changing all the passwords of all the accounts that the credit card number is associated with. That's probably on the very low end of what a hack can cost an individual.
The hacker doesn't stop there. They repeat their act 1,000,000 times. That's a fairly successful and prolific hacker, but not unheard of, espeicially if the attack vector is a business. At just an hour apiece per victim, 1 million victims is 114 total man-years spent cleaning up. Nobody died, but an entire lifetime has been stolen.
The Target hack(s) affected "up to 110 million people". If we take that figure at face value, and each victim spent only an hour dealing with it, that's 12,557 years or roughly 148 lifetimes. Even if I count injured people, I can't find a mass shooting that comes anywhere near 148 lifetimes.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
"High crime in Republican states" can mean high crime in Democratic-run areas within Republican states.
For the people that think my post is a troll:
http://dailycaller.com/2012/04...
http://townhall.com/tipsheet/k...
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
"High crime in Republican states" can mean high crime in Democratic-run areas within Republican states.
Yeah it could. Of course he doesn't know that, because he didn't do even a cursory review of the data before he formed his opinions. Of course I don't either, but that's also because who runs a district is pretty irrelevant to a discussion of whether district, state and federal policy combinations are leading to a particular outcome.
For comparison: mass shootings of the type the US have do not occur in the developed world at anything like the frequency they do in the US. And the US has had to redefine "mass" in the media to mean more then 3-4 people at the same time.
In a leaked Whatsapp conversation, HT systems and security manager Christian Pozzi complained in April 2015 to a friend that he was growing "bored" at work and his boss, noticing this, was going to assign him "something to do" as an alternative to chatting and playing fantasy soccer games. Pozzi is also known for his wide use of passwords such as "Passw0rd". A truly gifted security manager, I must say.
You can't have it both ways, they're Republican states or Democrat states.
The key difference is that if you spend an hour sorting out your credit card you continue to live the rest of your life afterwards with few ill effects.
So-called cyber weapons can kill people. Governments use them to target people they don't like, and sometimes it ends in murder. More often it ends up in lives ruined, people rotting in jail. We don't allow people to supply physical weapons to those governments, so perhaps we shouldn't allow them to supply cyber ones either,
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Any serious economic loss can be compared to lost life(ves). The link I gave you explains, how the value of life is computed — it is done based on our own attitudes.
For example, if you aren't willing to spend $5000 on an airbag, that would improve your chances of survival by %0.1, then you value your own life at less than $5 mln.
For another, closer to home example, consider the horrendous losses of Ukrainian fighters resisting Russia for the last year: a whopping 1/3rd of those wounded in battle have died (NATO's acceptable average is about 3% — 10 times!).
Most of the deaths were due to blood loss. A single doze of Celox would've saved one such wounded man — $10-20 delivered to Kyiv, but many either could not afford it or chose to spend money on something else instead.
In Soviet Washington the swamp drains you.
You forgot to include the usual Illiberal imploration to Please, don't hate.
In Soviet Washington the swamp drains you.
The key difference is that if you spend an hour sorting out your credit card you continue to live the rest of your life afterwards with few ill effects.
Steve Jobs persuaded an engineer to reduce boot time lower than the engineer though possible by making the equivalence argument. It goes something like this:
Average human life expectancy is 71 years.
Humans are on average conscious for 16 hours per day.
Doing the math, this means you would only have to force 414,915 people to spend an hour "sorting out their credit card" before you've effectively done the equivalent time-damage of killing someone.
Hmm, one source cites a 404'd page as their source, and the other doesn't give numbers for gun crime. Try again, with less goalpost-moving.
Shutting down NYSE changes the distribution of some electronic assets, a cost for some and a gain for others ... I wouldn't even be 100% certain the attack decreased GDP.
Why? Because you said so? That's hardly a compelling argument.
Only if you throw out the legal theory of making someone whole. The only reason a court assigns a value to a life is that it doesn't have the option of resurrection. But whatever that value is, you can't tell me honestly that the family of the deceased feels just fine about it if you pay $X for killing Dad.
There are laws in the United States that makes computer hacking illegal. Corporations suffering losses to attacks with these tools are used should sue for damages.
Only if you throw out the legal theory of making someone whole.
Which is a sensible thing to do here. After all, most decisions which harm people are made by people concerning their own health and safety.
Either I don't understand what you're trying to say or it simply doesn't follow.
I think a better example is that money can be used to save lives. There's a whole lot of different ways to save lives using money, a few examples are medical research, medical care, reducing pollution, safety equipment, reducing poverty, reducing stress. Clearly, at least some people value money more than lives -- or at the very least, choose money over lives. And by "some people" I mean "basically everyone, although they wouldn't admit it even to themselves".
Don't worry though -- if our species spent every single moment of our lives doing everything humanly possible to avoid loss of life, we'd be totally worthless and accomplish nothing.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
For example, if you aren't willing to spend $5000 on an airbag, that would improve your chances of survival by %0.1, then you value your own life at less than $5 mln.
Nah, that proves that 0.1% doesn't exist and is really 0%.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
1. Did Hacking Team realize and develop all their own exploits or is any of it 3rd-party?
2. Does Hacking Team surreptitiously gain the fruits of their clients' labor 'by proxy'?
3. Is the person(s) that hacked Hacking Team excluding some serious things from the data release?
So according to you, if you must be consistent than...
Statists must support regulating security research, gun-ownership, gay marriage, abortion and everything else.
Libertarianists must oppose regulating security research, gun-ownership, gay marriage, abortion and everything else.
Or can people support regulating some things and oppose regulating other things?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Viva la beta!
News: New Adobe Flash plugin released!
Response: Sorry guys, closed some backdoors... I mean remote exploitable vulns!
#
News: New Adobe Flash plugin released!
Response: Sorry guys, closed some additional backdoors... I mean remote exploitable vulns!
#
News: New Adobe Flash plugin released!
Response: Hey guys, closed some additional backdoors... I mean remote exploitable vulns!
#
Because who fucking audits their code? I can only imagine what is slipped in under the radar between the rapid version releases.
The real problem here is willingness to fund what is necessary - refactoring all code used in critical systems to ensure they are secure - and to maintain that approach over time in an iterative basis.
We should touch code (at least to review it) - every year - which research indicates is the sweet spot for zero-day exploits. We get more benefits if we refactor the code - effectively resetting the clock for exploit writers to find a new zero day, and develop applications to exploit it.
Working in IT today, I can tell you from experience no one is willing to spend money to constantly refactor code without delivering new functionality (read 'revenue generating functionality'). This approach also is counterintuitive to software engineers trained to value code reuse over rewriting or building new solutions.
Instead, they focus on cosmetic bandaids - such as firewalls, antivirus, patch updates, and policy management. All of these things are important - but in the scheme of things will not stop a zero day exploit - particularly given that most patches for zero days are not available until the zero day is discovered - and then the time it takes the developer/company in question to put out a fix - on average 6 months to a year after the zero day is discovered and reported. Meanwhile the network is wide open to anyone who has figured it out (which is roughly 6 months to a year after a new piece of software is deployed on the network). The problem is related more to how humans learn systems than any particular coding practice. Your code refactor efforts just need to fall inside of that curve - leading rather than following.
Finally - the proposed fixes, such as more regulations, will not fix the problem - and will only serve to drive people out of the business, at the precise time when we need more developers than ever to address the problem effectively.
Steps:
1. Pay for what is needed in IT instead of being cheap. If you get more specific regulation of this - you might not have a choice (e.g. Sarbanes-Oxley)
2. Let your developers as a whole spend some time on evaluating code - the more eyeballs you have the better.
3. Move away from expensive water-fall projects to more flexible agile methods, and adjust your funding protocols to match.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
Follow the facts to the obvious conclusion: Adobe is being *paid* to add exploits to one of the most ubiquitous pieces of software on the net - tellingly even a requirement for some banking and bill paying sites. Given this seemingly endless fountain of suck, the only logical answer: Adobe is an NSA shop.
The presupposition of "gun crime" is one problem. How is a gun murder or violence any worse than any other kind of murder or violence? You do know people get killed a lot of ways, right?
A lot of organizations that exploit irrational fears to further their goals massage the stats to fit their narrative. A good example is "mother Jones'" statistics on "child gun deaths" including people to age 25 as children. (This ensures they get all the gang deaths included for maximum fear factor).
I'd agree this makes some sense if you assume that attempts to refactor software do not introduce new chances for bugs/vulnerabilities.
I'd also like to assume that were I to walk by her on the street, Natalie Portman would immediately turn and jump my bones, in front of my wife, who would loudly cheer me on.
Where I was going was that, individually to the people who care about us we are all priceless. Most of us would spend every last cent we had to save our child or spouse etc. When it comes to civil judgments and the like making people whole is a good enough system. A court can look at the individual situation and do something that is 'fair'.
At the macro social policy level its a different story. We MUST make decisions about how much we are willing to spend on counter terrorism, or social safety net programs, or health care etc. To do that rationally we do need to put some gross value numbers on people.
It really is the case that at least based on my reasoning that society for example has an interest in effecting a stronger security posture at a high school than at an elementary school, because at least to society Teenagers are actually more valuable than young children. Putting quantitative values on people in aggregate is useful and necessary if we want to rationally allocate public resources.
However while I'll believe government needs to act quantitatively and not look at the individual, I am still a libertarian. I believe simultaneously that we need to concentrate as much power and choice as possible with the individual rather than with society, because I know the intangibles are important, sometime more important than anything else. Often the only people who can recognize the true value of something or even other people are those are immediately around it.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I'd argue that its more important that people who chose to code as a profession, are competent in addressing security issues in the design phase. With competent design & practices, it makes the bandaids near irrelevant. A refactor is a way of saying the design stinks.
After all, most decisions which harm people are made by people concerning their own health and safety.
Indeed. Once again, individual freedom is to be blamed for most decisions which harm people. If only people would just let us benevolent dictators make all the decisions. At worst, you get a few bad dictators, but a single bad dictator is a lot easier to remove than trying to convince an entire population to change in a democracy.
Really, why are you guys so anti-dictators? Imagine if America was a dictatorship. You could let 1% of the people have all the nation's wealth. You could help your rich friends get richer by cutting their taxes. And bailing them out when they gamble and lose. You could ignore the needs of the poor for health care and education. Your media would appear free, but would secretly be controlled by one person and his family. You could wiretap phones. You could torture foreign prisoners. You could have rigged elections. You could lie about why you go to war. You could fill your prisons with one particular racial group, and no one would complain. You could use the media to scare the people into supporting policies that are against their interests.
It is a useful tool for finding relative risks and figuring out what we can afford to do, but it breaks down when we try to use it to valuate human death vs. economic losses. It is important to remember that there is a limit to how far the fiction of valuation of life can go.
A prominent example of that error is the rather infamous Ford Pinto case.
It becomes much more problematic when compounded with another thing (in this case liberty) that is hard to place a proper value on.
Personally, while I don't find it hypocritical to support regulating one and not the other, I am a supporter of 2nd amendment rights and the right to own and produce hacking tools. It's the uses of them and knowingly providing them for unacceptable uses I support regulating.
For me, the reason I'm anti-dictatorship is the remote possibility that I might not get to be the dictator.
Not true at all. Georgia could easily be considered a Republican State (Gov & Fed Elections would indicate that). But if you look at the majority of crime, it is in Atlanta, a completely Democrat run area (yes, that's where I'm from). With the highest crime rates in pockets inside Atlanta with the most liberal local governments. The few "safe-havens" around it (burbs/OTP) are typically Republican led. I'm not saying that is the cause, but there is clearly correlation. I think culture and economics play as much if not a bigger role in the cause, and are clearly correlated as well. This is true in much of the South USA.
So to take Georgia's Gun laws and overall crime rates and draw a direct cause and effect is asinine. To get meaningful data you need to look at smaller samples. Remove Macon, Columbus, and Atlanta (ITP) shootings, and the statistics tell a very different story. If anything, all this shows is, over-populated, under-educated, low income areas, tend to have high crime rates, which correlates directly with increased gun violence. Well NO SH1T, and that fact should not drive our gun laws, but rather drive our efforts to improve education, local cultural norms, create meaningful jobs, and renovate depressed areas, etc. Guns magnify the problem, but are not THE problem. I haven't seen any meaningful statistics that show otherwise. Plus there is the whole common-sense thing....
Well, you miss 100% of the shots you don't take.
Do you also reject the free market, because of the remote possibility you might lose in all that competition?
Anyone can kill a person. It takes everyone to kill a government.
[Not the same AC]
Which is why it was incongruous to compare a single deer rifle with (a presumably large subset of) twitter in your prior post. If you can point to a single tweet taking down a government (by itself without other tweets), then you've made a strong argument contrasting its effectiveness with a single deer rifle.
- T
Of course I don't either, but that's also because who runs a district is pretty irrelevant to a discussion of whether district, state and federal policy combinations are leading to a particular outcome.
See Baltimore for demonstrable reproof of your simplistic belief. The results of poor leadership are happening every day. But the idiot mayor won't be held into account by the voters, and the Police Commissioner just got scapegoated.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Hey, just an FYI, two minutes on this thing called "Google" found the exact page that was 404ed, probably due to a website reconfiguration by the FBI (like going to HTTPS)!
https://www.fbi.gov/about-us/c...
So, does this new information change your snarky attitude?
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Do you also reject the free market, because of the remote possibility you might lose in all that competition?
Competition isn't the only game in free markets.
Do you decide to work more or less of your life, or to work riskier or less risky jobs because of the legal theory of making someone whole? And there are a host of risky activities done merely for the thrills, like sky diving or skiing.
I guess the bottom line is that there are a variety of harms you can't make whole just by paying money or other restitution, such as death. It's not possible to spend money to reverse someone's death and make them whole (that is, put them back in the position they were in before the harm occurred). So by that legal theory, human life has value that can't be quantified with money. But in practice, we don't act like our lives have infinite value.
First, the members of the Hacking Team that knew about the sales to embargoed countries should be prosecuted. Then worry about how to regulate cyber weapons. Otherwise, the most evil of the members (i.e. the ones who knew about the selling to genocidal governments like Sudan) might just go into hiding and offer their services to other evil organizations like the mafia.
Yes, but only because you can't be ordered to pay infinite money. We are forced by reality to make the plaintiff whole in the financial sense only.
However, that doesn't make the comparison of financial loss to loss of life correct or proper since the loss of life also carries an irreparable harm.
The law treats willingly accepted risks differently from imposed risks.
Ok, so there are even more possibilities for you to not succeed on the free market. So do you reject free markets out of your fear of failure?
And my point is that the scenario does not.
Ok, so there are even more possibilities for you to not succeed on the free market.
Of course not. I refer instead to the satisfying of wants. You won't fail to buy and eat a hamburger because khallow outcompeted you for your hunger or the money in your pocket.
However, that doesn't make the comparison of financial loss to loss of life correct or proper since the loss of life also carries an irreparable harm.
Huge financial losses are also irreparable.
See subject: I do put where you spend most of your time online in hosts (favorite sites) @ the TOP of your custom hosts file though - this is IN COMBINATION with DNS!
(OpenDNS specifically since they filter out online threats as I do in my hosts file & they are patched vs. the Kaminsky redirect poisoning flaw here @ home (I never could use them as my DNS with ActiveDirectory networks 'on the job', though)).
Thus, DNS & hosts COMPLIMENT ONE ANOTHER for more speed, security, & reliability online!
(I use DNS for rare sub 4% of the time lookups I have to do, the other 95++% of my time online is spent @ favorite sites in my hosts file, which are verified as correct via REVERSE DNS PINGS in APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o... )
Hardcoding your favorites not only increases speed, + security BUT it also LIGHTENS REMOTE DNS SERVER LOADS too (which DNS admins ought to love actually), & also increases RELIABILITY online vs. redirect poisoned DNS servers (of which 99.999% of ISP dns servers are NOT PATCHED AGAINST mind you), OR vs. "downed" dns servers too!
APK
P.S.=> It's great stuff using hosts & OpenDNS in combination for BOTH added in memory cached speed + reliability too!
However/again - even I don't attempt to put "every site under the sun" into my custom hosts file (the BULK of my file is 3,776,625++ KNOWN BAD SITES or botnet C&C servers, & only ~24 favorite sites currently @ the top of it for BEST resolver speed in RAM)... apk
In practice, they sometimes can't be repaid, but loss of life cannot be properly compensated even in theory.
In practice, they sometimes can't be repaid, but loss of life cannot be properly compensated even in theory.
Unless you're not following that legal theory. And "practice" is what you are actually doing.
It doesn't matter what legal theory you're following. The theory of making the plaintiff whole sets policy in a civil suit, it doesn't alter the facts.
The theory of making the plaintiff whole sets policy in a civil suit, it doesn't alter the facts.
I agree. We aren't and can't fully follow the "making one whole" theory however. And I consider that particularly relevant to the discussion of what happens when one destroys actual wealth (if only by making society a bit less efficient).
People are not perfect automatons - therefore you always run the risk, and probably will see new bugs and vulnerabilities. However, that is okay - in the sense that it will still reset the clock (assuming you caught the existing zero days in the process). Now the hackers will have to start over - and it will take them another 6 to 12 months to figure out an exploit to the bugs you introduced - assuming they are actually exploitable. Therefore it makes sense to review and refactor code on a recurring basis. The benefits outweigh the costs.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
Ensuring all developers in the industry are competent is a pipe dream. Take a look at the most exacting careers you can think of - and you'll find varying levels of competence.
People are imperfect (in the sense that they can have a bad day, and let typos slip by from time to time - even the very best of us). Additionally the real software lifecycle is not like frozen water. It is more like all the different states of water - solid, liquid, and gas, changing as its environment changes on a continuum from birth to death.
I agree we should do something. I think that 'something' should be more than just training and hoping they use what they've learned.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain