

What it’s like to get hacked - zacharye
http://www.bgr.com/2012/06/07/hacked-insider-account-atm-black-hat/

======
tptacek
There is ZERO SIMILARITY between having security research done on a product
you sell to the public and having your website hacked by a "hacktivist" group.

Security research is usually a public service, usually done for free,
virtually always done with full attribution (that's part of the point) and
almost invariably legal.

Website hacks are virtually never a public service, are done anonymously,
often involve financial gain for the participants, and are invariably
criminal.

Barnaby Jack isn't part of a "hacker group". At the time this post was
written, he was a researcher for Juniper Networks. Drawing a parallel between
his ATM research and "Hacktivism" is shamefully stupid linkbaiting. Since that
bogus comparison is the only thing this article contributes beyond the actual
blog post it linkjacks (which is excellent, but appeared on the site and was
discussed yesterday), I flagged this post.

~~~
johnvjr
Actually, as someone who has had to respond to Website breaches in the past,
my experiences and feelings are very similar to those described by the author.
The main difference is I did not have the opportunity to discuss matters with
my attackers — oh, how I would have loved that opportunity — but the
experience and response protocols are very similar on a broad level, I'm sure.

And I didn't see this yesterday. I also thought the addition of Jack's video
was very helpful to paint a more complete picture. But nice tirade.

~~~
tptacek
Oh. Well, if it _feels_ similar, then there must really be a similarity
between testing products for flaws and breaking into websites.

Sheesh.

~~~
tptacek
I'm sorry for being so snippy about this. It's one of my snippy topics.

