Better off? The idea that victims deserve to be victimized because they didn't take enough care is trotted out every time a security issue comes up on HN.
Thr victims are the unaware customers who's data has been stolen because the company wasn't providing security.
If a business left the store open with the customers credit cards details on display. Anyone passing by can go in and copy that info. Someone sees this and burns the exposed records. Perhaps they helped the victim.
Remember no one burned the store down or the table holding the records. They burned only the exposed records.
You don't know who was the storage vendor and who's data was being deleted and you have no idea what that data represents or what the consequences are of having to restore it.
I think it is entirely reasonable to start with the presumption that people have a right to their data and to their property, that it is valuable to them.
If a site/service has a right to allow a person to delete data. The machine can be setup however they like. These are not hacked databases. The system said welcome what do you want to do? You can read everything or delete everything or add anything.
Yes they are. The method of the hack was 'simple' to you, but that doesn't mean it's just magically not a hack any more. These are hacked databases.
> The system said welcome what do you want to do? You can read everything or delete everything or add anything.
I don't understand this. Are you suggesting that the attackers were greeted by the database with an English-language legal directive of what legal permissions they had in the database? What do you mean by this statement? Surely the databases said no such thing.
If you're implying that a private door with no lock is not private but actually shared property that can be destroyed or added to in any way, then I think you're wrong. None of this comment makes sense to me. An unsecured database holding private data, or an unlocked door to a private business or building, is not an open legal invitation for vandalism.
If you attempt to connect to a database the database will greet you. It can be configured to ask for a login. It can be configured to have no login. If it doesn't have a login and gives you a welcome prompt it's not called hacking. In order to hack something it needed to be secured to start with.
Databases do greet users in mostly english. Need help? Type help. On the list of things the system allows deleting data appeared to be one.
If you knock on a door and the door opens and says welcome what do you want to do (delete data, read data) and you pick delete it doesn't mean it's illegal vandalism.
> It can be configured to have no login. If it doesn't have a login and gives you a welcome prompt it's not called hacking. In order to hack something it needed to be secured to start with.
I very strongly disagree with this. Can you cite somewhere that unauthorized database access is not hacking if there is no password? To me and I think the law that is definitely illegal and hacking.
> If you knock on a door and the door opens and says welcome what do you want to do (delete data, read data) and you pick delete it doesn't mean it's illegal vandalism.
Yes it does! If you don’t have authorized access then that database isn’t yours and entering it is illegal.
