Results 1 to 8 of 8

Thread: Blaming the Victim

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    Blaming the Victim

    Sort of an offshoot of a heated thread from a little while back. This article gets to the heart of the matter by asking if the victim of a hack, (however loosely defined) had it coming...

    Is suggesting improved security the same as blaming the victim? - TechRepublic

    ...Any suggestion that one should protect oneself, that developers should take responsibility for the secure design of their software, and that taking a position of willful ignorance on matters of security only enables security crackers, may encounter accusations of blaming the victim dismayingly often. The most common case, in my experience, is someone reacting to the suggestion that Microsoft is too lax in its vulnerability handling policies by demanding that everyone stop “blaming” Microsoft for the behavior of malicious security crackers.
    Discuss!

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I'm sorry but I have a hard time not blaming the victim. In this day and age, where computer security is no longer a fad but a requirement, the victim cannot really cry, "I didn't know". The article is correct in that Palin cannot be blamed for the behaviour of the security cracker but the reality is that she is responsibility for the security of her email account and what goes on it. If she was truly security-minded, then she'd know that email is a poor choice, particularly webmail, for secure discussions.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    I'll take it a notch further....

    As a state employee, state business should be handled through the state's email system so it can be archived in case it has to be reviewed later for things that might not be legal.

    By conducting public business on a private email system we can get around the legal discovery process.

    How wonder how many other pols are doing this?
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    I am not dead, just had a little job for a .gov org (away from home).............. and there were NO outside internet connections allowed at all.

    On the other hand, my wife works for local gov and can use private e-mail systems. It is "sports for schools" so they have to accept stuff from yahoo, g-mail and the like. The mainstream employees cannot........ I guess that her section have their own server, as she has to use a separate machine to connect to the mainstream?

    As I see things, part of the problem is that people are sold PCs like microwaves, so they really don't understand that there actually is a security issue?
    Last edited by nihil; October 2nd, 2008 at 03:07 PM.

  5. #5
    All the Certs! 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,230
    We can always take three times the length of time to do it twice... Why would we take twice the time to do it right the first time?

    The real answer: sheer laziness.

    A little old now, but this was my thread on the wardrive from a few years ago: http://antionline.com/showpost.php?p=818834&postcount=1
    Above ground, vertical, and exchanging gasses.
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Over the years I have made this suggestion several times on this forum:

    Don't tell the truth with the password recovery crap.............. either don't fill it out, write your password down and stick it to your monitor............. yes I did say that............ if some dipshit can read what is stuck to my monitor then I have a bigger problem than the security of my e-mail accounts?

    Or lie:

    Pet's name = Gordon Brown
    First teacher = Atilla the Hun ( Gordon Brown on one of his better days?)
    Date of Birth = 01-01-1900 (I am Lotus 1-2-3 and thou shalt have no other spreadsheets before me )

    Just a thought?

  7. #7
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    I worked for a town committee and we were warned not to discuss content in email, private phone calls or even in the grocery store if we met each other.

    We have an open meeting law where the public is supposed to have access to our discussion, content etc. We can go "executive session" and lock the public out. Minutes have to be taken for possible legal review.

    By having a private, undisclosed email accounts, newsgroups, listservs etc you subvert the public process, legal discovery efforts. Its like a cop having an anonymous "throw down" gun.

    Nihil....you're spot on about how to answer those security questions... nobody would know my favorite teacher was Medusa Gorgon.

    Of course the bottom line with email is don't put anything in an email you wouldn't post on a postcard.
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Somebody one told me that the best password is "someone elses"

    It is amazing how many people will tell me thier passwords....when I really dont need to know.

    and I have come across some very interesting ones\ideas\themes in my travels...all stored in the brain for use at a later date.

    I use Nihils approach...lie or be very very vague.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Similar Threads

  1. NMAP Scanning and PortSentry Evasion
    By Striek in forum The Security Tutorials Forum
    Replies: 10
    Last Post: January 17th, 2006, 04:07 AM
  2. Classic Social Engineering Attacks
    By Striek in forum The Security Tutorials Forum
    Replies: 10
    Last Post: December 16th, 2003, 09:30 PM
  3. Am i a victim of flame wars
    By Trust_Not_123 in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: January 28th, 2003, 09:37 PM
  4. Tutorial: Layer 2 switching attacks and Mitigation
    By Networker in forum The Security Tutorials Forum
    Replies: 0
    Last Post: December 18th, 2002, 05:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •