Comments on: Hacking and the real world http://aranea.zuavra.net/index.php/96/ The Web, the way we make it Sat, 17 May 2008 17:42:36 +0000 http://wordpress.org/?v=2.5.1 By: Skippy http://aranea.zuavra.net/index.php/96/#comment-104983 Skippy Tue, 18 Mar 2008 13:49:54 +0000 http://aranea.zuavra.net/index.php/96/#comment-104983 Hackers are not more ethical or noble than common thieves and I did say they should not be treated any better. [i]Yes in an ideal world doors cannot be broken, cars cannot be started without their keys and servers are correctly secured.[/i] I do not want to lump these things together. In the first two examples the burden of security is placed primarily on the user. That is largely unfair to them and a major disruption of normal life. We cannot live our lives in fear, and that is why societies have moved away from prevention and focused on punishing and recovery after the fact. The digital world is different. It is possible to do security properly before anything bad happens. This is in fact how digital security should be done. Prevention and security by design are possible and should be enforced. And the burden on the user should be minimal. It's a myth that proper security is harder or more expensive to do than the kind of half-assed "security" we get nowadays. It is in fact often easier and cheaper, both up front and in the long term. Those that would like you to believe otherwise are either self-interested, incompetent, or have to deal with legacy systems which were not designed properly to begin with. Hackers are not more ethical or noble than common thieves and I did say they should not be treated any better.

Yes in an ideal world doors cannot be broken, cars cannot be started without their keys and servers are correctly secured.

I do not want to lump these things together.

In the first two examples the burden of security is placed primarily on the user. That is largely unfair to them and a major disruption of normal life. We cannot live our lives in fear, and that is why societies have moved away from prevention and focused on punishing and recovery after the fact.

The digital world is different. It is possible to do security properly before anything bad happens. This is in fact how digital security should be done. Prevention and security by design are possible and should be enforced. And the burden on the user should be minimal.

It's a myth that proper security is harder or more expensive to do than the kind of half-assed "security" we get nowadays. It is in fact often easier and cheaper, both up front and in the long term. Those that would like you to believe otherwise are either self-interested, incompetent, or have to deal with legacy systems which were not designed properly to begin with.

]]> By: Adrian http://aranea.zuavra.net/index.php/96/#comment-104969 Adrian Tue, 18 Mar 2008 09:02:06 +0000 http://aranea.zuavra.net/index.php/96/#comment-104969 Why is the hacker penetrating a server more "ethical" than a common burglar entering a home ? Just because he's smarter ?!? Yes in an ideal world doors cannot be broken, cars cannot be started without their keys and servers are correctly secured. But we do not live in an ideal world, we live in a real one where we have to juggle with variables like cost, time, business competition, available human resources. PS Banks' vaults get broken, too. Why is the hacker penetrating a server more "ethical" than a common burglar entering a home ? Just because he's smarter ?!?

Yes in an ideal world doors cannot be broken, cars cannot be started without their keys and servers are correctly secured.

But we do not live in an ideal world, we live in a real one where we have to juggle with variables like cost, time, business competition, available human resources.

PS Banks' vaults get broken, too.

]]>