Stories
Slash Boxes
Comments

SoylentNews is people

At What Point Does Storing Passwords in Plaintext Become Criminally Negligent

posted by Fnord666 on Sunday April 08 2018, @02:07PM   Printer-friendly
from the easier-to-check-that-way dept.

An Anonymous Coward writes:

https://www.privateinternetaccess.com/blog/2018/04/another-day-another-breach-at-what-point-does-storing-passwords-in-plaintext-become-criminally-negligent/

The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?

Original Submission

 
This discussion has been archived. No new comments can be posted.
At What Point Does Storing Passwords in Plaintext Become Criminally Negligent | Log In/Create an Account | Top | 138 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by Anonymous Coward on Sunday April 08 2018, @03:21PM (43 children)

    by Anonymous Coward on Sunday April 08 2018, @03:21PM (#663958)

    Actually what would change things is if CxOs start going to prison for their crimes. Fines aren't really a big problem when in most/all cases it's just the Government taking their cut of the profits.

    Why punish hundreds or thousands of people when you could just punish the people responsible? If you really want to penalize bad behavior it's inefficient and ineffective to kill the company with huge fines and hurt lots of employees. Just start throwing the people responsible into prison and then you'd see changes.

    Even many psychopath CEOs would change their practices in such cases. Especially when most of them can't achieve their objectives as easily from prison. In contrast fining the company might not really prevent them from achieving what they want.

    Starting Score:    0  points
    Moderation   +5  
       Insightful=1, Interesting=4, Total=5
    Extra 'Interesting' Modifier   0  
    Total Score:   5  

  • (Score: 5, Insightful) by Azuma Hazuki on Sunday April 08 2018, @03:33PM (41 children)

    by Azuma Hazuki (5086) on Sunday April 08 2018, @03:33PM (#663965) Journal

    Better idea: make them pay personally, and then when they inevitably go bankrupt, THEN send them to jail, so they get out penniless and have to experience life as working-poor.

    --
    I am "that girl" your mother warned you about...

    • (Score: 2) by Gaaark on Sunday April 08 2018, @04:06PM

      by Gaaark (41) on Sunday April 08 2018, @04:06PM (#663973) Journal

      I LIKE EVEN MORE! :)

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---

    • (Score: 1, Flamebait) by The Mighty Buzzard on Sunday April 08 2018, @04:49PM (36 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday April 08 2018, @04:49PM (#663984) Homepage Journal

      You'd immediately have nobody on the entire planet willing to take a CxO job at all. Things like this are why thinking with your feelz is flat retarded.

      --
      My rights don't end where your fear begins.

      • (Score: 4, Insightful) by Azuma Hazuki on Sunday April 08 2018, @04:53PM (16 children)

        by Azuma Hazuki (5086) on Sunday April 08 2018, @04:53PM (#663987) Journal

        Sounds like the market shifting :) We don't have too many buggy whip manufacturers either. Cry harder.

        --
        I am "that girl" your mother warned you about...

        • (Score: 2) by The Mighty Buzzard on Sunday April 08 2018, @08:25PM (15 children)

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday April 08 2018, @08:25PM (#664057) Homepage Journal

          Call it what you like, someone has to sit in the big chair and make the hard decisions. And they're going to want paid and paid well for it.

          --
          My rights don't end where your fear begins.

          • (Score: 2) by bzipitidoo on Sunday April 08 2018, @11:36PM (1 child)

            by bzipitidoo (4388) on Sunday April 08 2018, @11:36PM (#664083) Journal

            Incorrect. There does not have to be a Big Chair. It is possible for an organization to operate without singling out one person to be The Leader. Airlines have learned that "the captain is God" is not as effective as giving the other pilots more input and discretion. Too many times, a crash happened because there was more going on than any one person, no matter how talented, could handle.

            • (Score: 3, Insightful) by The Mighty Buzzard on Monday April 09 2018, @01:56AM

              by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @01:56AM (#664125) Homepage Journal

              Possible != desirable. Get more than three people together and they won't even be able to decide what pizza toppings to get in a timely manner. One person is best where the job can be done by one person.

              --
              My rights don't end where your fear begins.

          • (Score: 2) by c0lo on Monday April 09 2018, @01:47AM (11 children)

            by c0lo (156) Subscriber Badge on Monday April 09 2018, @01:47AM (#664118) Journal

            Call it what you like, someone has to sit in the big chair and make the hard decisions. And they're going to want paid and paid well for it.

            And you deny this needs to come with the responsibility for one's (CxO) actions, responsibility including jail time for malfeasance and/or gross negligence?
            Seriously, dude? How this plays together with your declared libertarian streak?

            --
            https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

            • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @01:53AM (10 children)

              by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @01:53AM (#664124) Homepage Journal

              It has nothing to do with liberty is how. The board of directors and the CEO are the only ones involved in his employment contract. If the board wants to write shitty contracts without penalties for shitty performance, that's their business. If I were their shareholder I'd damned sure make it my business as well but it's nobody else's.

              --
              My rights don't end where your fear begins.

              • (Score: 2) by c0lo on Monday April 09 2018, @02:22AM (9 children)

                by c0lo (156) Subscriber Badge on Monday April 09 2018, @02:22AM (#664144) Journal

                And if your are their customer? Or a person affected by their "dump of externalities"?
                Like polluting your drinking water [onearth.org] to keep up with the Chinese appetite for spam or delivering it by means that make it toxic [wikipedia.org]?
                Or even lobbying and making a profit from poisoning you [nih.gov]?

                Really, you don't see anything wrong with the CxO's business decisions in those cases?

                --
                https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

                • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @02:57AM (8 children)

                  by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @02:57AM (#664159) Homepage Journal

                  Then you sue. Or press charges. Or both.

                  Illegal acts are illegal acts. Ordering illegal acts is also a prosecutable crime, regardless of the letters by your name (unless those letters spell "Sen.", "Rep.", or the like). If you don't like that some things are not currently illegal, there is a proper process already in place to deal with that.

                  --
                  My rights don't end where your fear begins.

                  • (Score: 2) by c0lo on Monday April 09 2018, @04:08AM (7 children)

                    by c0lo (156) Subscriber Badge on Monday April 09 2018, @04:08AM (#664186) Journal

                    Then you sue. Or press charges. Or both

                    Apart from "Good luck with that", how often you've seen any CxO made to pay over negligent or criminal behavior?

                    Flint water crisis [wikipedia.org]:

                    The legal doctrines of sovereign immunity (which protects the state from suit) and official immunity (which in Michigan shields top government officials from personal liability, even in cases of gross negligence) resulted in comparatively few lawsuits being filed in the Flint case

                    Pig farm pollution cases [chicagotribune.com] - only one example of suits-leading-nowhere, you can find heaps of others:

                    Instead, Irlam let hog muck fill the 8-foot-deep pits beneath his slotted concrete floors until it rose up and soaked the pigs' hoofs and bellies. Then he loaded the portable manure tank farmers often call a "honey wagon" and began dumping waste downhill.
                    ...
                    The Illinois attorney general filed a civil lawsuit to collect penalties and cleanup costs from Irlam but abandoned the case in 2012 after Irlam filed for bankruptcy, saying he was unable to pay numerous mortgage and credit card debts. That decision surprised bankruptcy experts, who said the state could easily have pursued Irlam's $64,000 state salary.

                    Lead plumbing lobby? Never received even a slap-on-the-wrist, they arranged the laws and regulations for ages [nih.gov]

                    Federal guidelines and specifications also sanctioned lead pipes at least into the 1950s. Water system engineers were debating the pros and cons of lead at least into the 1940s. Perhaps most telling was the active campaign carried on by the lead and pipe manufacturers’ trade organization, the LIA. To maintain sales of lead pipe, the LIA lobbied the government at all levels and targeted the people who both designed and installed water distribution systems with outreach and educational material and other resources. The association carried on its promotional campaign into the 1970s.
                    ...
                    Despite a voluminous literature on the dangers of lead water pipes, and based on such knowledge, a national trend to restrict and prohibit the use of lead for water distribution, the lead industry continued its promotion and sale of lead pipes for several decades. Note also that the LIA and its corporate members carried out a similar campaign to promote lead paint long after its hazards became known14,15 and are currently defending themselves against lawsuits by dozens of cities and states. In fact, at least two LIA members, the National Lead Company and Eagle Picher, manufactured both lead paint and lead pipes. Although the use of these products has long since ended, our cities and towns, and society as a whole, are still paying the price.

                    --
                    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

                    • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @04:31AM (6 children)

                      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @04:31AM (#664190) Homepage Journal

                      ...how often you've seen any CxO made to pay over negligent or criminal behavior?

                      That's an "enforce the laws on the books" problem not a "we need new laws" problem.

                      Lead plumbing lobby?

                      Stop voting for lizards just because the wrong lizard might win if you don't. If you want honest, or something that at least looks like honesty in dim lighting, representatives, don't vote for dishonest ones.

                      --
                      My rights don't end where your fear begins.

                      • (Score: 2) by c0lo on Monday April 09 2018, @04:50AM (5 children)

                        by c0lo (156) Subscriber Badge on Monday April 09 2018, @04:50AM (#664198) Journal

                        Good advises.
                        When do you (all) start?

                        --
                        https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

                        • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @05:04AM (4 children)

                          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @05:04AM (#664204) Homepage Journal

                          Reforming the system is not one of my goals. I don't believe it can be achieved. I'm working the "burn it down and start over" angle.

                          --
                          My rights don't end where your fear begins.

                          • (Score: 2) by c0lo on Monday April 09 2018, @05:09AM (3 children)

                            by c0lo (156) Subscriber Badge on Monday April 09 2018, @05:09AM (#664208) Journal

                            I'm working the "burn it down and start over" angle.

                            While angling for fish? Seems quite a subtle way of being subversive

                            (grin)

                            --
                            https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

                            • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @06:26AM (2 children)

                              by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @06:26AM (#664237) Homepage Journal

                              Heh, being able to hunt and fish could very well become valuable skills in the not too distant future. Plus, fishing relaxes me and I don't see any need to get all stressed out just because a shitty government is in need of toppling. If the US government can manage it, anyone should be able to.

                              --
                              My rights don't end where your fear begins.

                              • (Score: 2) by c0lo on Monday April 09 2018, @06:33AM (1 child)

                                by c0lo (156) Subscriber Badge on Monday April 09 2018, @06:33AM (#664247) Journal

                                Heh, being able to hunt and fish could very well become valuable skills in the not too distant future.

                                Or useless skills due to the extinction of any life on the hunting/fishing grounds by the local hog farming baron.

                                --
                                https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

          • (Score: 3, Informative) by archfeld on Monday April 09 2018, @02:09AM

            by archfeld (4650) <treboreel@live.com> on Monday April 09 2018, @02:09AM (#664134) Journal

            So why don't they make the hard decisions ? Instead they make the profit, reap the rewards and deny the responsibility all in one breath.

            --
            For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge

      • (Score: 5, TouchĂ©) by HiThere on Sunday April 08 2018, @05:07PM (1 child)

        by HiThere (866) Subscriber Badge on Sunday April 08 2018, @05:07PM (#663995) Journal

        Actually, with a reasonable interpretation of "due diligence" you'd probably have lots of people willing to be CxOs. Just not quite the same selection, and that would probably be a benefit.

        --
        Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.

      • (Score: 0) by Anonymous Coward on Sunday April 08 2018, @06:50PM

        by Anonymous Coward on Sunday April 08 2018, @06:50PM (#664020)

        You'd immediately have nobody on the entire planet willing to take a CxO job at all.

        Sounds good to me! None of those fuck stains are worth what they're paid anyway.

      • (Score: 1, Insightful) by Anonymous Coward on Sunday April 08 2018, @07:50PM (1 child)

        by Anonymous Coward on Sunday April 08 2018, @07:50PM (#664049)

        You think with your feelz all the fucking time, otherwise you'd be capable of walking back when people prove you wrong. But those feelz have a death grip on your brain, so taxes == theft, etc. Here's a stone bub, try not to break your own house.

      • (Score: 2) by Whoever on Sunday April 08 2018, @11:02PM (13 children)

        by Whoever (4524) on Sunday April 08 2018, @11:02PM (#664081) Journal

        So you are not really a Libertarian, you are an anarchist.

        • (Score: 2) by The Mighty Buzzard on Sunday April 08 2018, @11:17PM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday April 08 2018, @11:17PM (#664082) Homepage Journal

          What gives you that idea?

          --
          My rights don't end where your fear begins.

        • (Score: 2) by Azuma Hazuki on Monday April 09 2018, @02:14AM (11 children)

          by Azuma Hazuki (5086) on Monday April 09 2018, @02:14AM (#664137) Journal

          He doesn't have a coherent political position. What he does have is bits of barstool wisdom like "All taxation is theft." That, and an ego the size of Mt. Rushmore that leaves him with much too high an opinion of himself and his own worldview.

          --
          I am "that girl" your mother warned you about...

          • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @02:21AM (10 children)

            by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @02:21AM (#664142) Homepage Journal

            s/All/Involuntary/

            If you're going to speak for me, do so correctly.

            --
            My rights don't end where your fear begins.

            • (Score: 2) by Azuma Hazuki on Monday April 09 2018, @02:40AM (9 children)

              by Azuma Hazuki (5086) on Monday April 09 2018, @02:40AM (#664152) Journal

              This is the first time I've ever heard or seen you qualify that. In the past it's always been a flat-out condemnation of the entire idea of taxation.

              --
              I am "that girl" your mother warned you about...

              • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @03:17AM (8 children)

                by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @03:17AM (#664166) Homepage Journal

                Fair enough. Like everyone else, I'm not always utterly precise. I have zero issue with voluntary taxation except possibly minor debates on specific rates. My issue is with the use of force to compel anyone to give you money. Done by anyone but a government, that is a crime. Why is it suddenly moral if a government does it? "Government" is not a magic word that makes anything they feel like doing morally correct.

                --
                My rights don't end where your fear begins.

                • (Score: 2) by Azuma Hazuki on Monday April 09 2018, @04:56AM (7 children)

                  by Azuma Hazuki (5086) on Monday April 09 2018, @04:56AM (#664201) Journal

                  You *sure* you're not Mr. Vim? You keep saying basically the same stuff he does.

                  We've been over this road before, and as I recall, last time I brought up the idea of a social contract, you more or less said "I didn't sign any contract" without actually putting it in those words. You have, at least, this time hit on the essential difference between legal and moral, but where do you get your morals from and what grounds them, ontologically speaking?

                  Last time, your answer to that was basically "the natural state of humanity is liberty." Well, perhaps so, but the natural state of humanity is ALSO sleeping up a tree, prey to any horrible murdercat or awful ague that comes along, with a good chance of being dead in your 30s even if you survive past age 5, which you have barely even odds of doing. Taxes may not be natural, but "natural" doesn't define good or evil.

                  --
                  I am "that girl" your mother warned you about...

                  • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @05:46AM (6 children)

                    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @05:46AM (#664218) Homepage Journal

                    Well, I do code entirely in vim but, no, I never post here under a pseudonym of any kind. My nick here is what I've answered to since I was sixteen unless I was doing something official paperworky.

                    Where do you get morals from? I had a couple paragraphs typed up citing Judeo-Christian philosophy, Wicca, Buddhism, and other stuff in answer but really, they come from my bathroom mirror. If I can look in it and be happy with what looks back is what my morals are grounded upon. Basing your morality on anything but an extremely thorough self inspection is the act of a coward. Passing the buck to the writings of dead men is a cop out. By all means take wisdom anywhere you can find it but the responsibility for your thoughts, speech, and actions is entirely your own.

                    The point of "the natural state of humanity is liberty" isn't that natural is good. It was that rights do not need to originate from anywhere. They're what was always there before you started allowing them to be taken away. It's like asking where darkness originates from. It doesn't, it's the absence of light.

                    --
                    My rights don't end where your fear begins.

                    • (Score: 2) by Azuma Hazuki on Monday April 09 2018, @02:50PM (5 children)

                      by Azuma Hazuki (5086) on Monday April 09 2018, @02:50PM (#664459) Journal

                      How utterly solipsistic...or maybe you're just not used to digging this far down.

                      Okay, so you say your morals come only from you and whether or not you're happy with "what you see in the mirror." But what standard are you using to judge that? WHY would doing X or Y or Z make you unhappy? THAT'S what we mean by the grounding of morals. I don't think it's as self-centered as you think, and it's certainly not as much about simple introspection in a vacuum.

                      And, sorry, but *all* of these concepts need derived from somewhere. That is foundationalism for you. These "rights" need to be built on something. What is it?

                      --
                      I am "that girl" your mother warned you about...

                      • (Score: 2) by The Mighty Buzzard on Monday April 09 2018, @04:02PM (4 children)

                        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @04:02PM (#664511) Homepage Journal

                        You seem to feel the need for something other than yourself to base your own morality on. I don't. Basing your morality on something external is just an attempt at pushing a responsibility that is solely your own upon something beyond your control so that you don't have to take responsibility for yourself. Even were there an all knowing/powerful creator who had decreed a set of moral principles in fire across the sky, it would not obviate your personal responsibility to decide right and wrong for yourself.

                        No, they are not. You really can't understand that rights are not something given to you but something you innately possess, can you? You need an authority to point to and say "here is where rights and morality come from". Why? Authority is what needs to be derived, rights simply exist.

                        --
                        My rights don't end where your fear begins.

                        • (Score: 2) by Azuma Hazuki on Monday April 09 2018, @07:25PM (3 children)

                          by Azuma Hazuki (5086) on Monday April 09 2018, @07:25PM (#664616) Journal

                          You don't do logic so well, do you?

                          I am not saying "there needs to be an authority." YOU are. I am saying "show me the ontological grounding of these rights you say we have." It's not enough to stamp your feet and pout and say "They just ARE, so THERE! *prrrrbtphsth*" For once in your goddamn life, stop relying on the stereotypes you THINK apply to other people and use your head.

                          --
                          I am "that girl" your mother warned you about...

                          • (Score: 4, Insightful) by The Mighty Buzzard on Monday April 09 2018, @09:26PM (2 children)

                            by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday April 09 2018, @09:26PM (#664688) Homepage Journal

                            Sigh. You keep thinking of rights as positively existing entities. They are not any more than darkness or vacuum is. They are an abstract name for the the absence of someone else's will conflicting with your own. They need no grounding because they are not an affirmative thing.

                            Any conscious being placed alone in an area has complete liberty (all possible rights) until another entity comes along and wishes their thoughts, speech, actions, etc... to be limited for some reason. Rights are defined when some measure of liberty is addressed that a desire to curtail it exists for. Then and only then can they potentially become the arbitrarily defined, limited subset of complete liberty that we call a "right" to be protected or surrendered.

                            --
                            My rights don't end where your fear begins.

                            • (Score: 2) by Azuma Hazuki on Tuesday April 10 2018, @03:24AM (1 child)

                              by Azuma Hazuki (5086) on Tuesday April 10 2018, @03:24AM (#664802) Journal

                              Okay, NOW we're getting somewhere :) THAT is their ontological grounding. They are an epiphenomenon of who and what we as humans are, as well as our environment.

                              --
                              I am "that girl" your mother warned you about...

                              • (Score: 2) by The Mighty Buzzard on Tuesday April 10 2018, @04:11AM

                                by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday April 10 2018, @04:11AM (#664823) Homepage Journal

                                More a product of interaction with other sentient beings, I'd say. I mean you currently have the right to spontaneously turn bright purple if you so desire. It's just not something that's likely to come up so the right itself isn't going to have its boundaries precisely defined. Or it's like "how many possible arcs are there in a circle?". There are an infinite number that are going to undefined in any given circle simply because they're not currently relevant to anything.

                                --
                                My rights don't end where your fear begins.

    • (Score: 0) by Anonymous Coward on Sunday April 08 2018, @07:00PM

      by Anonymous Coward on Sunday April 08 2018, @07:00PM (#664025)

      Not even jail. Put him on work release. Bring back chain gangs and medical experiments on prisoners, keep them alive forever and put a web cam in their cell. Bathe them in 50F water from the fire hose.

      But seriously, we do need to put these people into the poorhouse and disperse their assets and estates. That should be sufficient. Let them find their own room and board for a while.

    • (Score: 4, Interesting) by Joe Desertrat on Monday April 09 2018, @09:53AM (1 child)

      by Joe Desertrat (2454) on Monday April 09 2018, @09:53AM (#664325)

      THEN send them to jail, so they get out penniless and have to experience life as working-poor.

      Save the taxpayers the expense of jail, just take away their assets and force them to live on minimum wage for ten years or so...

      • (Score: 2) by Azuma Hazuki on Tuesday April 10 2018, @03:25AM

        by Azuma Hazuki (5086) on Tuesday April 10 2018, @03:25AM (#664804) Journal

        I like your thinking and wish to subscribe to your RSS feed :)

        --
        I am "that girl" your mother warned you about...

  • (Score: 2) by Gaaark on Sunday April 08 2018, @04:06PM

    by Gaaark (41) on Sunday April 08 2018, @04:06PM (#663972) Journal

    I LIKE!

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---