Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

The Doxing Trend

posted by cmn32480 on Thursday October 29 2015, @03:21PM   Printer-friendly
from the need-a-penalty-box dept.

fliptop writes:

Bruce Schneier's blog talks about the recent hack of CIA director John O. Brennan's AOL account (among others) and says when it comes to social engineering attacks:

The problem is a system that makes this possible, and companies that don't care because they don't suffer the losses. It's a classic market failure, and government intervention is how we have to fix the problem.

It's only when the costs of insecurity exceed the costs of doing it right that companies will invest properly in our security. Companies need to be responsible for the personal information they store about us. They need to secure it better, and they need to suffer penalties if they improperly release it. This means regulatory security standards.

Schneier goes on to suggest the government should establish minimum standards for results and let the market figure out the best way to do it. He also partly blames consumers because they demand any security solutions be easy to use, ending with:

It doesn't have to be this way. We should demand better and more usable security from the companies we do business with and whose services we use online. But because we don't have any real visibility into those companies' security, we should demand our government start regulating the security of these companies as a matter of public safety.

Related: WikiLeaks Publishes CIA Chief's Personal Info

Original Submission

 
This discussion has been archived. No new comments can be posted.
The Doxing Trend | Log In/Create an Account | Top | 39 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Gertlex on Thursday October 29 2015, @04:05PM

    by Gertlex (3966) Subscriber Badge on Thursday October 29 2015, @04:05PM (#256079)

    Apparently Bruce Schneier doesn't actually know what doxing [wikipedia.org] is... I even RTFA and all he's talking about is account hacking via social engineering via email/phone customer service (key step missing, or at least not described for his examples: broadcasting the info obtained).

    That said, absolutely true that the problem described needs fixing.

    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Total Score:   3  

  • (Score: 2) by DeathMonkey on Thursday October 29 2015, @05:53PM

    by DeathMonkey (1380) on Thursday October 29 2015, @05:53PM (#256132) Journal

    (key step missing, or at least not described for his examples: broadcasting the info obtained).
     
    From the Article: Brennan was lucky. He didn't have anything classified on his AOL account. There were no personal scandals exposed in his email. Yes, his 47-page top-secret clearance form [wikileaks.org] was sensitive, but not embarrassing.

    • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @08:10PM

      by Anonymous Coward on Thursday October 29 2015, @08:10PM (#256209)

      They probably already had his clearance form from the OPM hack.