drivingmenuts used the word "burn" in a comment in this thread, which for some reason brought an apt metaphor for this whole debacle to my mind.
It seems to me that the group behind this are not much different from arsonists: They light a torch to someone's property for the sole pleasure of watching it burn.
A lot of the commentary around this incident has focused on Gawker's poor security practices (and rightly slow, there really isn't an excuse for many of them). But how many buildings in real life are totally immune from being burned to the ground by someone with a match and a can of gasoline and the will to use them?
What prevents arsonists from running amuck in our society is not technology for 100% fireproofing every last building, but rather astute law enforcement and effective legal system.
It's interesting to me to observe that many people seem to think the fault lies with the victim, when perhaps the "fault" lies with a law enforcement system that is seemingly incapable of investigating and prosecuting people for these kinds of crimes.
That's a nice metaphore, but I think it is wrong wrong at a very critical level. If these crackers had went after a single user and decided to trash his webpage, release his emails, and ruin his life, then yes, I would agree with you -- they would be like a bunch of arsonists.
Let's assume a different metaphor. LargeBank offers people the option of storing their personal antique items there -- items which have significant emotional value to them. One day, the bank is robbed because the robbers smashed through glass doors to get in, encountered no security guards, and the bank never changed the default pin on the bank vault. Yes, it is the fault of the bank robbers for taking the money. But seriously, these people had entrusted the bank with their property. It is the banks fault for not doing even attempting to secure it properly.
EDIT: I do agree that by releasing their passwords, they have opened their users up to possible attacks which release their emails and trash their websites. And in this way I agree with you: the attackers have done this for the joy of attacking. However, I still place a large portion of the blame on Gawker.
What you're basically saying is, to stay with the arsonist metaphor, that if an arsonist burns a house down to the ground he should be prosecuted but if he burns down the whole village it's as much the villages fault as it is the arsonists - they should have fireproofed the thing.
I strongly disagree. Crackers should be prosecuted, whether they had an easy job or not.
To complete your metaphor, the village government would've had to have provided all of the building materials, which would've all turned out to be highly flammable.
So yes, prosecute the crackers, but Gawker is to be faulted for poor practices here as well.
So it's the old short-skirt-leads-to-rape argument again? On one hand, rape is entirely the fault of the rapist. On the other hand, it's still not a good idea to walk alone down a dodgy alley late at night wearing a short skirt or to go back to Julian Assange's hotel room. Discussing one point shouldn't detract from the other.
So it's the old short-skirt-leads-to-rape argument again? On one hand, rape is entirely the fault of the rapist. On the other hand, it's still not a good idea to walk alone down a dodgy alley late at night wearing a short skirt or to go back to hugh3's hotel room. Discussing one point shouldn't detract from the other.
It's sad that they took it to this level, but Gawker hopefully learned a lesson from this and in the process and so did pretty much every other big content publishing site. I would say this is an overall good event so that people know they have to change their passwords to something more secure and hopefully more sites implement a single sign on solution. I'm going to change my twitter password to something way more secure and use that as my passport for sites like this in the future and probably will push my sites to move in that direction too.
I don't endorse 4chan's actions in any way, but a little common sense should tell you:
Don't ---- with 4chan! They will retaliate. Brutally.
It's like walking up to the biggest kid in school and spitting on his shoes. The teachers will not save you in time. Yeah, eventually the bully will get his... But by then, the damage to you is already done.
After reading the logs they posted, I'm amazed at how much smack they talked about 4chan. Not bright.
Gawker uses a really outdated hashing algorithm known as DES
(Data Encryption Standard)[...] Because DES has a maximum of
8chars [...] If your password is longer than 8 characters you
only need to enter the first 8 characters to log in!
[...]
PEOPLE USING PASSWORD AS THEIR PASS!!!!!
I never saw the DES' 8-character-limitation and the 8-character-password password so clear before.
17 comments
[ 3.6 ms ] story [ 43.5 ms ] threadIt seems to me that the group behind this are not much different from arsonists: They light a torch to someone's property for the sole pleasure of watching it burn.
A lot of the commentary around this incident has focused on Gawker's poor security practices (and rightly slow, there really isn't an excuse for many of them). But how many buildings in real life are totally immune from being burned to the ground by someone with a match and a can of gasoline and the will to use them?
What prevents arsonists from running amuck in our society is not technology for 100% fireproofing every last building, but rather astute law enforcement and effective legal system.
It's interesting to me to observe that many people seem to think the fault lies with the victim, when perhaps the "fault" lies with a law enforcement system that is seemingly incapable of investigating and prosecuting people for these kinds of crimes.
Let's assume a different metaphor. LargeBank offers people the option of storing their personal antique items there -- items which have significant emotional value to them. One day, the bank is robbed because the robbers smashed through glass doors to get in, encountered no security guards, and the bank never changed the default pin on the bank vault. Yes, it is the fault of the bank robbers for taking the money. But seriously, these people had entrusted the bank with their property. It is the banks fault for not doing even attempting to secure it properly.
EDIT: I do agree that by releasing their passwords, they have opened their users up to possible attacks which release their emails and trash their websites. And in this way I agree with you: the attackers have done this for the joy of attacking. However, I still place a large portion of the blame on Gawker.
I strongly disagree. Crackers should be prosecuted, whether they had an easy job or not.
So yes, prosecute the crackers, but Gawker is to be faulted for poor practices here as well.
Ahem, just correcting your assumption.
The difference I am trying to make is people have trusted (maybe wrongly) Gawker to protect their information. Gawker failed to do so.
Don't ---- with 4chan! They will retaliate. Brutally.
It's like walking up to the biggest kid in school and spitting on his shoes. The teachers will not save you in time. Yeah, eventually the bully will get his... But by then, the damage to you is already done.
After reading the logs they posted, I'm amazed at how much smack they talked about 4chan. Not bright.