Owned in 4 mintues

[|3lack|ce]

Not that I'm disputing this thread or anything, but...

Statistics can be slanted to reflect just anything. Keep that in mind when reviewing things intended to incite you to action, make you paranoid, or just about any other slant the author wishes to put on them. In truth, even when running barefoot (no protection whatsoever) what my eyes have personally seen completely defrays these stats - hours and hours over years with not one single attack or virus. In fact, I didn't experience my first 'attack' or virus until after I started getting paranoid and adding protections to my system. Good web hygiene is 90 percent of it, the other 10 is common sense. I'm quite sure our '4 minute victim' was either an idiot, or out there trying to get hacked.

I don't know about you guys, but sometimes I think that statistics like these are 'manufactured' by the same companies who want to sell us their 'protections.'.... sound kinda familiar? 3 big goons walk into your business. They tell you how dangerous this neighborhood is... they offer to sell you their 'protection' for a large price... if you don't pay, the crime 'magically' infects your business... hmm.... Don Norton, Capo Macaffee (or however the f it's spelled. sucks anyways)....

"Dan, sales are down for last quarter. We have responsibilities to our stockholders! Get the black ops guys started on a new virus. Yes, wipe at least 2 major servers. I want it by tomorrow."

[MrLinus]

I don't think I said that.

I put forward two concepts:

1. there is a distinction between unethical and illegal. Unethical != illegal.

2. You asked why people did it. So I'm asking you to think about your own reasons why you don't do it. It may shed some light on the why people choose this route. It's almost a "Devil's Advocate" idea.

Good web hygiene is 90 percent of it, the other 10 is common sense. I'm quite sure our '4 minute victim' was either an idiot, or out there trying to get hacked.

BWAHAHAHAHA... I don't think I've seen common sense ever used by a user. I've even had to deal with students who are convinced that downloading software is the safest thing to do.. and they are taking computer studies (!!) (evidentally not paying too much attention to security although the answer "but I have nothing important to steal"is a common one).

Reality is most of the Internet users don't want to be bothered with doing this stuff because it's takes too long to do, it's "too complicated" and can't be bothered.

[fyrewall]

Ah i see where your heading now MsMittens .. my bad heh

I know unethical doesn't mean illegal

[hypronix]

Recently all the machines I had to debug from infections had been owned [though that's not quite the technical aspect of what happened] in under a minute on broadband connections. I also noticed there are some ISPs [like mine] that take care of many such threats by sanitizing some of the traffic that goes through their pipes [but then again I don't have a spare machine to throw into the wild so it's merely a speculation].

[johnnymier]

Black Ice: I totally agree with your view point. Stats like that can be manufactured to certain organizations for their own advantages.
Common sense, for example not clicking on unknown attachments could do a lot more for stopping the spreading of virii/trojans/worms/etc than having an updated AV. Thing is people who know something about computers expect everybody to at least have the basic common sense to not fall for dumb security threats. Truth is there are many people who are just completely computer illiterate and still fall for that type of stuff.

[secure_lockdown]

Originally posted here by fyrewall
MsMittens are you saying that it is fine/right/ok for people to compromise insecure boxes on the net?

i think at this stage in the game - you should have the common sense to patch to latest updates be it *nix or windows. and if you are on windows - definatly have a good updated AV running real time. a clean installed, unpatched, unprotected system does not belong on the internet anymore.

it's like removing the front door of your apartment. do you think a passer by won't peek in?

[MrLinus]

i think at this stage in the game - you should have the common sense to patch to latest updates be it *nix or windows. and if you are on windows - definatly have a good updated AV running real time. a clean installed, unpatched, unprotected system does not belong on the internet anymore.

We would think so, eh? And yet, we see worms all over and abound quite heavily. We see people flooded with spyware/malware. We see people falling for phishing.

Since most of these kinds of systems -- "clean installed, unpatched, unprotected" -- are home user setups (I would hope that some admins have some common sense) how do we get the average home user to pay attention to this? Home users don't do anything until they themselves are compromised ("It will never happen to me.." mentality). Companies have to pay attention usually because of "due care"/"due diligence" issues but individuals don't seem to have to pay attention to that....

Random thought: due care is defined as:

a theory of tort law to explain the standard of care or the legal duty one owes to others; what a reasonable person would do under like circumstances

Since the "reasonable person" isn't doing these activities, can companies be expected to continue to apply due care and thus, due diligence?

edit

I suppose there is a positive side to this: as long as there are boobs out there that setup systems like this, we'll all be employed for a long, long, long time...

[jinxy]

Regarding the ethical issue, anyone come across this:

1. Thou Shalt Not Use A Computer To Harm Other People.
2. Thou Shalt Not Interfere With Other People’s Computer Work.
3. Thou Shalt Not Snoop Around In Other People’s Computer Files.
4. Thou Shalt Not Use A Computer To Steal.
5. Thou Shalt Not Use A Computer To Bear False Witness.
6. Thou Shalt Not Copy Or Use Proprietary Software For Which You have Not Paid.
7. Thou Shalt Not Use Other People’s Computer Resources Without Authorization Or Proper Compensation.
8. Thou Shalt Not Appropriate Other People’s Intellectual Output.
9. Thou Shalt Think About The Social Consequences Of The Program You Are Writing Or The System You Are Designing.
10. Thou Shalt Always Use A Computer In Ways That Insure Consideration And Respect For Your Fellow Humans.

From: http://www.brook.edu/its/cei/overvie...ter_Ethics.htm

[dspeidel]

I think it comes down to people beinging trusting of strangers. I have a prime example of this, my mother. She teaches 3rd grade. She is convinced that nothing bad will happen to her. I have attempted on numerous ocasions to change this viewpoint and I have hit a brickwall. I think the non-technical public is just like her (overly trusting). One the plus side I was able to get her behind a firewall and running weekly virus scans. The way for the lessoon to be learned is a attack but I would not wish that on anyone.

Cheers,
-D

[hypronix]

8. Thou Shalt Not Appropriate Other People’s Intellectual Output.
9. Thou Shalt Think About The Social Consequences Of The Program You Are Writing Or The System You Are Designing.

For #8 I think we've just about established that MS doesn't readily do all these things... them and others, no doubt, but when considering the scale of things...

As for #9 we should therefore stop coding Pen-Testing kits because people can misuse them? I guess the other #s cover the topic of misuse but anyway...

Not putting these down entirely, just that they suffer from the same vagueness as their 'originals'.