- Jul 20th, '01
With Microsoft (highly insecure, highly anti-privacy) found guilty but left to continue their plans for total world domination, and Adobe (don't question our software or we'll sic the FBI on you) helping government write laws that attack free speech, these are the folks that will protect us. The nerds, geeks and hackers who have been crucified by the media for years.
Microsoft doesn't care about security (if it's not secure, how come everybody keeps using it?) and they are actually planning on owning all of your personal information. Who is going to tell you the truth? The government that is now bought and paid for by big-business? Aging consumer advocates who can't tell telnet from NetBEUI? Lawyers who are trying to cling to old ways so dead they're no longer enforceable?
Can twelve year old script kiddies access and take control of *your* computer? The one you're reading this on? If you don't know the answer then they probably can.
Last year these folks begged us to stop breaking into government computers. They said they couldn't stop us, security was almost non-existent, and they were spending all of their time tracking down nuisance attacks.
Of course several people asked why we should just accept that government computers, which hold *our* private data, be wide open to script kiddies all over the world. What would be the incentive to spend the money to secure these machines if we didn't show them to be unprotected? And if they were going to tell us kids with canned scripts could break into government computer, how paranoid should we be about the privacy and integrity of our data?
This year they did a complete 180. That guy second from the left is from the GAO. It's his job to do security audits on government computers by trying to break into them. He said we were right. The government wouldn't do the work to secure things unless security became such a problem that they had no choice. The congressman agreed.
They didn't ask us to stop, they said we should stay the course and make sure our congressmen knew just how bad the problem was. They said our data was *not* secure, and that without the work of hackers to expose vulnerabilities, no one would know about that until it was to late.
Okay. Whatever. I'm getting too preachy.
More of this needs to happen. It's the only way computers will become more secure. One person sets up a secure box, hundreds of smart people try to break into it, and we all learn what works and what doesn't.
Someone asked a while back if "hackers" had gotten a bad rap. Yes, they have. And it's unfortunate.
All of the dot com trash that were packing the place the last two years had washed out and gone back to flipping burgers or marketing or whatever the hell they did before computers became a get-rich-quick scheme.
All of the people here actually look like hackers and computer people. The NT crowd seems to be avoiding the place. Lots of black t-shirts with silly sayings. The guy in front of me at this panel was wearing a shirt covered with source code and the label "css_descramble.c". Cool. I like it better this way.