Hacker News new | past | comments | ask | show | jobs | submit login

There are still too many computer illiterate people, it's a matter of how people view things.

Blaming the existing systems instead of blaming the hackers, it's like being an astronomer in the middle age. Deciders and business owners will scream and tell their systems are fine, and that the ones who think differently and prove otherwise are at fault.

No it isn't. These people weren't publishing white papers about the lack of security at Nasdaq and other companies, they were using their knowledge to steal money, and the costs were passed back to you, the (presumably) law-abiding customer/credit card user.

Suppose you went out and came home to find your window smashed and your most valuable possessions gone. Would you be happy to have received an unscheduled visit from a private security consultant who decided to pay himself a handsome fee in the form of your stuff? No, you'd call the police to report a burglary.

Just because these guys were using computers and you also use computers does not mean they're basically the same as you and would be your good friends if only those mean old suits would get out of the way and let you run everything.

If those people were not "publishing white papers", maybe it's because computer security sucks everywhere, maybe because there is no true incentive to make things better at all.

I was answering to the question "why were those guys using their skills for criminal activity instead of working on protecting against those crimes ?".

The thing is, I doubt company deciders really care about real computer security at all, and even if they do, the security market is very slim. OSes are not really designed with security first in mind, while they should be the first ones to do research on it, and apply it steadily.

I can find many reasons why the computer security market is still weak: there are not that many crimes because we don't use computers for many important things (even if it's on the rise), intelligence agencies prefer to let those vulnerabilities in place so they can have the upper hand to investigate or spy other countries (not talking about PRISM), and programmers are still a rare supply, and I don't really see any open discussion in university about computer security theory, it's mostly black hats/white hats folks, it's not really productive.

If those guys committed those crimes, either they are not good enough, but that also means nasdaq systems were weak, or that they were actually good enough, but the computer security job market did not propose them enough money, which is why they risked 20 year prison sentences, because it paid more.

You could compare it with the drug market. Right now those substances are illegal, which allows criminals to make huge amounts of money, but the DEA people will also make money, and are often found to work with criminals. That's an example why most of the time, crime pays, while it would be wiser to make those substance legal, and try to help drug users instead. For computer security, it could be a good idea to stimulate the security market by asking universities to create degrees, and maybe make some government programs to work on computer security, instead of letting it rot like that.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact