Hacker News new | past | comments | ask | show | jobs | submit login

Why would we not blame the hackers? You can criticize someone for having bad locks but the burglar is still the one that belongs in jail.

I mainly blame the market because there's been highly-secure technology for a long time, including some NSA pentesting didn't break during evaluation, that they refuse to use for even their most sensitive stuff. Security is like an after-thought or non-thought in the markets. Many concerned about I.P. thieves even outsource R&D or manufacturing to countries with high, I.P. theft mainly to help executives hit short-term goals for personal profit. They also keep buying and using stuff that's shown to be horribly insecure. They also don't follow good security practices despite being billion dollar businesses. That part will lead to most hacks.

Given this market, anyone developing high-security solutions has to loose money on them constantly or charge exorbitant prices to recover their investment. Pretty much only Defense and regulated sectors will buy those. So, the number of high-security products goes down or stays minimum while easily-hacked garbage grows in number. That's all people see to the point that many buyers don't even know something better is possible. Situation keeps reenforcing itself with the buyers all getting what they're paying for or not guarding against.

So, I blame them as much as the attackers if not more than the attackers when it's the same preventable stuff happening. Especially the times it didn't cost extra or what they bought cost more than secure stuff.

> some NSA pentesting didn't break during evaluation

Which ones? Are any open-source?

They're in my Lobsters link in this comment:


Not open source given only proprietary sector made high-assurance security most of the time. There are some groups that open-sourced stuff after the fact. One whose methods some might emulate is Muen separation kernel. They use SPARK Ada to prove it can't have all kinds of problems. It's also smaller than most things like it.


The only time-proven one that I know of is pulling the plug. And even this could be hacked.

If a burglar robs your house and steals a gun it’s your duty to report that it was stolen.

Not necessarily to the public though.

Perhaps a more apt analogy would be your house is burgled while you are away, do the authorities have an obligation to tell everyone in the neighborhood or just you?

Did the burglarized house contain copies of the keys of all their neighbors? We're abusing the metaphor by now, but there's clear interest of the clients of the companies in the matter...

Abusing the analogy: instead of a house you have apartments and the burglar broke in to the building and now might have access to the other tenants' homes, don't you have to report that to the landlord, police AND your neighbors?

Still, are you going to place a majority of the blame on the victim or the burglar? It would seem that a majority of the blame lies with China if the allegations are true (I suspect they are)

It is basically impossible to track the source of a hack. China might just as likely never had anything to do with any attack so far.

Not every hack are related to your personal data.

Only to law-enforcement. Not to the public.

They are blaming "China" for doing what NSA's burglars (or "America") do all day.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact