Hacker News new | ask | show | jobs
by madcow2 1842 days ago
> Perhaps a pentester or security person can help answer this

Not one of those but since they are [apparently] inadequate anyway...

I read an analogy that pinning this on "cyber security" is like accusing a mugging victim of having a lack of personal security guards. That's just not how civil society works.

Minimum safety standards: laws and ability to enforce them.

This is a short-term win for the bad actors. Just wait until the next "great firewall." Well gain safety, but we'll lose access to those low cost eastern European dev talent. That's more likely than every single US business being forced to hire private security just to operate.
4 comments
bawolff 1842 days ago
> I read an analogy that pinning this on "cyber security" is like accusing a mugging victim of having a lack of personal security guards. That's just not how civil society works

Civil society does punish businesses when bad things happen due to negligence. Especially when the result of the negligence negatively effects someone else.

link
curiousgal 1842 days ago
I think of it more like someone's house getting robbed because of them having bad or no locks¯\_(ツ)_/¯
link
BitwiseFool 1842 days ago
I don't think the analogy fits because there are so many ways for an attacker to compromise a system besides the "front door". If we want to stretch things, a member of your own family can unwittingly let a guest perform an action that enables the robbery weeks later.
link
wyager 1842 days ago
> That's just not how civil society works.

This is a cope and also irrelevant.

Civil society works a certain way because of its social interaction dynamics. The internet works much differently (namely, retribution is much harder, which rules out most tit-for-tat transgression management strategies, and the scale is much larger than is possible with human interaction).

link
hn8788 1842 days ago
A better analogy would be an armored truck full of cash parking overnight in a bad neighborhood with the doors unlocked, then crying to the media about how they were robbed by criminals. There has to be some level of personal responsibility; it's foolish to expect people to not do bad things just because the law says they shouldn't.
link
emc3 1842 days ago
> it's foolish to expect people to not do bad things just because the law says they shouldn't

The parent comment:

> Minimum safety standards: laws and ability to enforce them.

So it's not just the law but also the potential for repercussions, of which there are currently zero.

link