Hacker News new | ask | show | jobs
by didntcheck 823 days ago
Yeah, it was insane how long it took for developers to start taking transport security seriously. I can understand people in the 90s or early 00s thinking "well it's not like you have an attacker on your LAN or at your ISP, right?", but Firesheep was in late 2010, properly into the era of smartphones, social networks, and free wifi, and you could just download an Android app or Firefox extension and trivially steal someone's FB account
2 comments
alsetmusic 823 days ago
If you want to truly have an aneurism (wow, I can't believe I spelled that correctly on the first try! I was sure the computer would have to correct me.), read The Cuckoo's Egg, by Cliff Stoll. It might be the first book about hacking; it was published in the 80s. You might recognize the name of a well-known Unix engineer at a government agency as they try to track the hacker's origin.

Anyway, as you alluded, everything was wide open. The author ponders the amount of trust that was accepted at the time. Nothing surprising, but it still made me say, "wtf" to myself as I read it. Very low skill was needed at the time, relative to modern systems. I guess this is why social engineering is such an effective pathway today.

link
HappMacDonald 822 days ago
Holy cow, I never realized that Professor Glass Klein Bottles wrote hacking books 40 years ago. Noice, I should check that one out then.
link
dogleash 823 days ago
> Yeah, it was insane how long it took for developers to start taking transport security seriously.

It's just the way life works.

In 10 years it will be "insane" that your computer ever ran any unsigned code.

10 more years after that it will be "insane" that computers trusting a codesigning key other than the blessed ones were ever allowed to connect to anything useful over the internet.

link
simiones 822 days ago
Not sure if you intended it this way, but it sounds like you believe that it's not a great thing that almost all traffic on the Internet is encrypted today, or that you think it would/will be good to have all computers on the Internet running only "trusted" code.

One can believe it's crazy to run unencrypted traffic while also believing it's crazy not to allow me to run any code I want to connect to the Internet. There is no slippery slope between these two.

link
dogleash 822 days ago
The only thing I believe is that the hypothetical future I describe is a non-zero chance possibility. Everything else is the is/ought problem. I'm just talking about how prevailing attitudes change over time.
link