top | item 20138384

(no title)

powercf | 6 years ago

The car analogy would be:

  He saw a car
  He tried the doors until he found one that was open
  He climbed in and searched everywhere until he found personal information about other users of the system

Even though the security of this system was poor, he still (probably) broke the law. There are plenty of opportunities for people with some knowledge of IT to abuse their power, but it's our responsibility not to do so.

discuss

nfoz|6 years ago

He looked in the window of a car and saw tons of users' personal information -- visible through the window! Any criminal could walk by and copy the info, privately, without anyone knowing. Maybe some criminals already have.

I think the important thing we miss with car/physical crime analogies is that cybercrime can be so invisible. Nothing is missing, nothing is taken... but users private data is lost. So if an organization is doing something terribly naive like publishing passwords to userdata in plaintext... it's disgusting for our society to punish the wrong people, the people pointing out the flaws rather than the ones who cause them. All the really malicious entities came and went and will never be caught.

They put private information into a JSON file accessible by an HTTPS GET, the only password being one that they put in plaintext onto everyone's phones.

My analogy: They put the private information onto a billboard, but you can only see the billboard from a particular vantage point in a public park.

treis|6 years ago

>He looked in the window of a car and saw tons of users' personal information -- visible through the window!

The information was still behind a door that you had to unlock. They just unwittingly sent keys to everyone.