Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday October 29 2015, @03:21PM   Printer-friendly
from the need-a-penalty-box dept.

Bruce Schneier's blog talks about the recent hack of CIA director John O. Brennan's AOL account (among others) and says when it comes to social engineering attacks:

The problem is a system that makes this possible, and companies that don't care because they don't suffer the losses. It's a classic market failure, and government intervention is how we have to fix the problem.

It's only when the costs of insecurity exceed the costs of doing it right that companies will invest properly in our security. Companies need to be responsible for the personal information they store about us. They need to secure it better, and they need to suffer penalties if they improperly release it. This means regulatory security standards.

Schneier goes on to suggest the government should establish minimum standards for results and let the market figure out the best way to do it. He also partly blames consumers because they demand any security solutions be easy to use, ending with:

It doesn't have to be this way. We should demand better and more usable security from the companies we do business with and whose services we use online. But because we don't have any real visibility into those companies' security, we should demand our government start regulating the security of these companies as a matter of public safety.

Related: WikiLeaks Publishes CIA Chief's Personal Info


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Disagree) by Rosco P. Coltrane on Thursday October 29 2015, @04:45PM

    by Rosco P. Coltrane (4757) on Thursday October 29 2015, @04:45PM (#256101)

    If people didn't insist on giving companies they shouldn't trust every single details about their real life, they wouldn't be doxxed. These people wouldn't shout their identity and real address in a middle of a restaurant, would they? Yet that's exactly what they do when they send personal information over the internet. Privacy starts at people's ability to keep their virtual trap shut.

    As for the director of the CIA, anyone who has an AOL account deserves to be doxxed. Who the hell has an AOL account since 1995???

    Starting Score:    1  point
    Moderation   0  
       Disagree=1, Total=1
    Extra 'Disagree' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by LoRdTAW on Thursday October 29 2015, @04:57PM

    by LoRdTAW (3755) on Thursday October 29 2015, @04:57PM (#256106) Journal

    I'd say AOL survived well into the mid 2000's until DSL and Cable became prevalent. And even then, people keep using it to keep their email address. I know a local printing business still uses the same AOL email they have had for 20 years.

    I was always thankful for them back in the day because they sent you free floppies. You simply wiped and re-used them. I had a few dozen floppies with scribble around the AOL logo denoting their new contents. I also remember they used to remove the write protect slide so you had to tape the hole.

    • (Score: 1) by Geezer on Thursday October 29 2015, @05:47PM

      by Geezer (511) on Thursday October 29 2015, @05:47PM (#256128)

      And later, all those shiny free plastic drink coasters.

    • (Score: 2) by ilPapa on Thursday October 29 2015, @07:25PM

      by ilPapa (2366) on Thursday October 29 2015, @07:25PM (#256188) Journal

      You simply wiped and re-used them.

      Wait, you wiped with floppy disks? That sounds like it could be uncomfortable.

      --
      You are still welcome on my lawn.
      • (Score: 3, Insightful) by LoRdTAW on Thursday October 29 2015, @07:54PM

        by LoRdTAW (3755) on Thursday October 29 2015, @07:54PM (#256201) Journal

        Yea, my version of the three seashells. The edges are rounded so using a corner wasn't that bad. Just make sure it's not a corner on the door side, you'd get yer butt hairs stuck in the door slide and OUCH!

  • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @05:13PM

    by Anonymous Coward on Thursday October 29 2015, @05:13PM (#256114)

    Security through obscurity!

    Also, people aren't responsible when the services they need require that information. If someone gives non-required info or uses shady service, then sure its on them.

  • (Score: 2) by skater on Thursday October 29 2015, @05:40PM

    by skater (4342) on Thursday October 29 2015, @05:40PM (#256125) Journal

    Not exactly. I had to give my employer a bunch of my personal info, if I wanted to get paid. They subsequently had that information stolen from them. I got free credit monitoring for a year and a half...woohoo.

  • (Score: 2) by frojack on Thursday October 29 2015, @06:28PM

    by frojack (1554) on Thursday October 29 2015, @06:28PM (#256153) Journal

    people didn't insist

    Its pretty hard to order something on line without supplying some information, don't you think?

    People don't INSIST. Its the service providers that do the insisting.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @07:05PM

    by Anonymous Coward on Thursday October 29 2015, @07:05PM (#256172)

    If people didn't insist on giving companies they shouldn't trust every single details about their real life

    I don't give my personal information to companies, they buy it from scam artists [krebsonsecurity.com] who got it from god knows where. You're saying that people should take responsible for others' actions.

  • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @08:23PM

    by Anonymous Coward on Thursday October 29 2015, @08:23PM (#256214)

    > If people didn't insist on giving companies they shouldn't trust every single details about their real life, they wouldn't be doxxed.

    Yeah? Property records are public information - you want to own a house, you either give up the fact that you own that house, and thus probably live there, or you spend a lot of money to hide it behind shells or trusts.

    Same thing with a lot of utilities - they mandate a SS# so they can run a credit check, even if you want to put up a big deposit. Their records aren't public, but they aren't particularly secure.

    Similarly drivers licenses. Some states won't distribute your info if you opt out, but again their systems are not hacker proof.