Blaming the Victim

Printable View

September 29th, 2008, 06:04 PM
phernandez

Blaming the Victim

Sort of an offshoot of a heated thread from a little while back. This article gets to the heart of the matter by asking if the victim of a hack, (however loosely defined) had it coming...

Is suggesting improved security the same as blaming the victim? - TechRepublic

Quote:

...Any suggestion that one should protect oneself, that developers should take responsibility for the secure design of their software, and that taking a position of willful ignorance on matters of security only enables security crackers, may encounter accusations of blaming the victim dismayingly often. The most common case, in my experience, is someone reacting to the suggestion that Microsoft is too lax in its vulnerability handling policies by demanding that everyone stop “blaming” Microsoft for the behavior of malicious security crackers.

Discuss!
September 30th, 2008, 12:40 PM
MrLinus

I'm sorry but I have a hard time not blaming the victim. In this day and age, where computer security is no longer a fad but a requirement, the victim cannot really cry, "I didn't know". The article is correct in that Palin cannot be blamed for the behaviour of the security cracker but the reality is that she is responsibility for the security of her email account and what goes on it. If she was truly security-minded, then she'd know that email is a poor choice, particularly webmail, for secure discussions.
October 1st, 2008, 05:43 AM
fourdc

I'll take it a notch further....

As a state employee, state business should be handled through the state's email system so it can be archived in case it has to be reviewed later for things that might not be legal.

By conducting public business on a private email system we can get around the legal discovery process.

How wonder how many other pols are doing this?
October 2nd, 2008, 03:02 PM
nihil

Hmmmm,

I am not dead, just had a little job for a .gov org (away from home).............. and there were NO outside internet connections allowed at all.

On the other hand, my wife works for local gov and can use private e-mail systems. It is "sports for schools" so they have to accept stuff from yahoo, g-mail and the like. The mainstream employees cannot........ I guess that her section have their own server, as she has to use a separate machine to connect to the mainstream?

As I see things, part of the problem is that people are sold PCs like microwaves, so they really don't understand that there actually is a security issue?
October 2nd, 2008, 03:20 PM
11001001

We can always take three times the length of time to do it twice... Why would we take twice the time to do it right the first time?

The real answer: sheer laziness.

A little old now, but this was my thread on the wardrive from a few years ago: http://antionline.com/showpost.php?p=818834&postcount=1
October 2nd, 2008, 05:33 PM
nihil

Over the years I have made this suggestion several times on this forum:

Don't tell the truth with the password recovery crap.............. either don't fill it out, write your password down and stick it to your monitor............. yes I did say that............ if some dipshit can read what is stuck to my monitor then I have a bigger problem than the security of my e-mail accounts?

Or lie:

Pet's name = Gordon Brown
First teacher = Atilla the Hun ( Gordon Brown on one of his better days?)
Date of Birth = 01-01-1900 (I am Lotus 1-2-3 and thou shalt have no other spreadsheets before me :p)

Just a thought?
October 2nd, 2008, 07:24 PM
fourdc

I worked for a town committee and we were warned not to discuss content in email, private phone calls or even in the grocery store if we met each other.

We have an open meeting law where the public is supposed to have access to our discussion, content etc. We can go "executive session" and lock the public out. Minutes have to be taken for possible legal review.

By having a private, undisclosed email accounts, newsgroups, listservs etc you subvert the public process, legal discovery efforts. Its like a cop having an anonymous "throw down" gun.

Nihil....you're spot on about how to answer those security questions... nobody would know my favorite teacher was Medusa Gorgon.

Of course the bottom line with email is don't put anything in an email you wouldn't post on a postcard.
October 2nd, 2008, 07:43 PM
morganlefay

Somebody one told me that the best password is "someone elses"

It is amazing how many people will tell me thier passwords....when I really dont need to know.

and I have come across some very interesting ones\ideas\themes in my travels...all stored in the brain for use at a later date.

I use Nihils approach...lie or be very very vague.

MLF