The True Cost of Hacking

[Riot]

Some people say it's the duty of the vendors and software companies and even the resellers (HP/Gateway/etc) to ensure that Windows is more secure because getting patches is hard, not user-friendly, a long download for those on 56k, etc..the list of excuses goes on and on. For a hacked system that a homeowner has that could've been prevented had it been patched, the cost is very little. When you consider how many get taken every day, that cost exponentially increases. One would think it'd be prudent for said homeowner to "learn" something, but hey, that might be asking too much nowadays.

I think that it is microsofts duty to make it more secure and the buyers duty to update their systems and i agree that people think that it is to much to ask if them to do so which is totaly rediculas.

[secure_lockdown]

i am gonna be very blunt. you can show them all the numbers in the world and you can preach doomsday scenarios until you go blue in the face - you still have your basic same problem.

NO ONE CARES!

no one cares until it happens to them. no one cares until *they* get burnt.

let me ask you a question. how much extra life/disability insurace do you have? do you even have any? it's no different than a life insurance salesman trying to convince you to get extra life/disability insurance. he can show you all the facts, all the figures and all the worst case scenarios - you won't care. it hasn't happened to you!!

my point is - unless it's forced upon you by the goverment or police or something similar - you won't do anything about it unless/until you *have* to.

to make my case in point - car insurance. if it wasn't forced upon us and regulated - tons of people would be driving around without insurance - until the day they get into a crash and get seriously burnt financially. then they will go out and buy insurance.

today one of my clients demanded MSN be on their company computers. i told them it's probably not a smart idea to use that app in a business environment and it detracts from the enterprise security effort. they didn't give a rats ass.

all you can do is let them know about it and document it. the rest is up to them.

[karmine]

id like to make a point, and i will most likely be looked down on by a few for saying it. people tend to forget what a true hacker is, a computer enthusiast. then you got your other "hackers(script kiddies)", who wish they were real hackers, and download proggies and junk just to cause problems for people cause they were called a newbie or something. i see everywhere "hacker does this" and "hackers do this", when in reality they arent hackers, they are script kiddies who know of a 10 year old exploit. people tend to forget true hackers have ethics, and if you break those ethics (which are set in stone IMHO) you are not a hacker. but i guess its an endless war to try to teach people what hackers really are when we have the media that labels anyone who knows how to use a computer a hacker.

[Riot]

id like to make a point, and i will most likely be looked down on by a few for saying it. people tend to forget what a true hacker is, a computer enthusiast. then you got your other "hackers(script kiddies)", who wish they were real hackers, and download proggies and junk just to cause problems for people cause they were called a newbie or something. i see everywhere "hacker does this" and "hackers do this", when in reality they arent hackers, they are script kiddies who know of a 10 year old exploit. people tend to forget true hackers have ethics, and if you break those ethics (which are set in stone IMHO) you are not a hacker. but i guess its an endless war to try to teach people what hackers really are when we have the media that labels anyone who knows how to use a computer a hacker.

I think that that is a very good and true statement.

[karmine]

hmmm, thanks...not the response i expected. but all in all, its very true. the way i look at it anyone who follows the hacker ethics are "31337" from the start.

[Riot]

well one of the biggest reason I agree with you is because that is how i started off learning about comps from different people and tutorials that wear aimed at those with less than good intentions and it used to and still dose annoy me when i am reading a news article or watch a news cast and it says how this great 13 year old hacker with no knowledge of comps at all did a Dos with a friend of his with some progs they found on the internet. cuz I look at that and see them say that these people are these hackers who know nothing but are being called these hackers cuz they can use google and it was like all the work I did and all the stuff I read didn’t matter cuz why learn when you can just use.

[karmine]

hehe, i must be getting old. back in my day we didnt have google. i was on aol with a 2400 modem programming proggies then i started reading on real stuff. then i got into true skill, which i still dont have but i try. i dont have the math skills to be a good programmer to a point. i know how to do things after rep's but some people can just look at code and BOOM they can use it in a bad way. btw check ur private messages

[[the]Punisher]

just to put in my $0.02:

I started reading the tutorials and books that had "skewed" view of hackers. the ones where you learn how to break into computers. it wasn't until i ran accross the writings of Eric Raymond, that i was enlightened. I learned that not only is it my duty to make the companies, or individuals aware of their security holes, but the world. This goes for Microsoft, Apple, MandrakeSoft, etc. Any security hole should be reported to make the world of software a better place. It was said in The Matrix Reloaded, that "we need them and they need us." Them being the machines. During the past few decades we have formed a sybiosis with computers. They need us to provide them with security updates and such, and we need them to do everything.
the point i'm trying to make is that malicious hackers will mature. if you need proof, google Ian Murphy. Yes, malicious hacking costs a LOT of money, but the world all about balance. White hats need black hats to set a balance. just like network security administrators need hackers, so that they have a job. I can say that luckily i was able to reach Eric Raymond in time. Who knows what could have happened otherwise.

[secure_lockdown]

Originally posted here by [the]Punisher
just to put in my $0.02:

I started reading the tutorials and books that had "skewed" view of hackers. the ones where you learn how to break into computers. it wasn't until i ran accross the writings of Eric Raymond, that i was enlightened. I learned that not only is it my duty to make the companies, or individuals aware of their security holes, but the world. This goes for Microsoft, Apple, MandrakeSoft, etc. Any security hole should be reported to make the world of software a better place. It was said in The Matrix Reloaded, that "we need them and they need us." Them being the machines. During the past few decades we have formed a sybiosis with computers. They need us to provide them with security updates and such, and we need them to do everything.
the point i'm trying to make is that malicious hackers will mature. if you need proof, google Ian Murphy. Yes, malicious hacking costs a LOT of money, but the world all about balance. White hats need black hats to set a balance. just like network security administrators need hackers, so that they have a job. I can say that luckily i was able to reach Eric Raymond in time. Who knows what could have happened otherwise.

the problem with your thinking is that if (when!) you get caught - you won't get slapped on the wrist for being naughty.

you might get prosecuted by the full force of the law and you (or your parents!) might get penalized so badly that you might never recover from the unfortunate event for the rest of your lives. that's a worst case sceranio.

bottom line! the goverments are employing some pretty *extreme* security obsessed individuals - who are not playing games. these guys also have access to ISP's and law enforcement and they are itching to make examples of people to better their careers and increase their income --> all in the name of national security.

[GandalfTheGray]

Originally posted here by secure_lockdown
... bottom line! the goverments are employing some pretty *extreme* security obsessed individuals - who are not playing games. these guys also have access to ISP's and law enforcement and they are itching to make examples of people to better their careers and increase their income --> all in the name of national security.

Could be those extreme folks are trying to protect the rest of us from some of these costs. This points out the most expensive part of malicious hacking -- the cost to society as a whole in terms of loss of privacy and limits on freedom. For example, I think ISPs would have been more sucessful in resisting Government access to their data if there were not so many compromised computers, etc. to overcome concerns about privacy. The more a free and open system is abused, the greater chance that someone will limit the freedom and openness to protect the innocent, even if they are innocent and stupid.