| Let's try to find some common ground here: First: If you use a Master Lock (heh or an old pen-hackable Kryptonite lock) on your Bank Vault, obviously you are at fault. Doesn't matter what kind of world you want to live in, you need to secure your wares adequately. Second: It's a dick move of these guys to release all this info. They are hacktivists, or so they claim. (If they wanted to profit off this they'd sell the hacked db to Russians and not release the data) People like MLK and Gandhi also pissed off a lot of people. For example by sitting at white lunch counters, getting spit on, etc. Sorry, that's the idea behind civil disobedience / hacktivism / etc. Third: this has been stated before, but how do you not know that this database wasn't already cracked 2 years ago by malevolent forces who've been using it for evil, but not telling you about it? I think it's safe to say Statfor probably wasn't using a Master Lock, but clearly they didn't do enough pen testing or whatever it would've taken for them to more securely lock down their shit. (Thought experiment: if a YC company got owned, do you think pg would blame the thieves, for their smash & grab kind of job? Or the coders who left a gaping security hole / social engineering attack vector open?) |
not sure what pg would say, but for me (if i were in his shoes) it would depend entirely upon what/how the company was owned. there's a big difference between, say, a hacker exploiting a hole in a well-vetted, well-known encryption api and a hacker exploiting a hole an encryption api that you rolled yourself.