Deeper into the Trump Abyss.

[Davin]

BTW I blame the success of Russians hackers on a combination stupidity, incompetence, arrogance and a lack of responsibility of the Democrats.

Given enough time, everything can be hacked. A mark with those things can make it easier, but nothing is completely secure. To blame the victim of a hack is, I think, a shitty thing to do. Just like I think it's a shitty thing to do to blame the victim of a mugging instead of the mugger.

Normally I would agree, but what happened at the DNC was sheer incompetence from both the DNC IT staff as the FBI.

Yes, most things can trace back to incompetence. Hindsight being 20/20, if people just did things right, then there wouldn't have been a problem. While I agree it was a big mistake that should never have happened because the people should have been trained and they should have had better technical staff... but for non-technical people, it's tough to tell what a good technical person looks like (as far as resume and work experience and even at the current job, not cool leather jackets, skateboards, and drinking coke).

Even knowing how easy it was to get into the DNC, blaming the victim is still wrong. I'm a strong advocate for security (more so with more important data), but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

Blaming the victim, sets a shitty precedent.

[Ecurb Noselrub]

Trump is a Russian agent, at least from the perspective of the Russians. They are using him to disrupt American Democracy and make Putin  the most powerful person in the world. An actual Russian spy could not have done a better job.

[Dave]

Davin wrote:

... but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

I think I can see an elrment of logic there where the aggressor is always "at fault" in, say,  child abuse by a priest, being coshed from behind in a street mugging etc, in places where one might have a right to expect safety. In the world of politics, or in commerce, the naïve person who does not take every possible opportunity to ensure security of sensitive information, who does not react appropriately to an advised threat, is incompetent.

They are at least culpable in enabling the breach in security in my view. Those who selected them for the job are also culpable to a degree - like chosing a seven stone deaf asthmatic for a body guard (my appologies to seven stone deaf asthmatics for using them as an example). As I have said before, if you go into any dangerous situation without sufficient knowledge and without taking adequate safeguards you have no right to cry, "Foul," if you suffer injury or damage. And politics is a dangerous game that potentially threatens every individual on Earth - and Earth itself.

I notice that a group has been splintered off GCHQ here in the UK to instruct the political parties in cyber security, bit late but better than nothing at all. I wonder who they will have as students - senior politicians or IT staff? Should be both. To my mind no-one should be employed in that sort of position without graduating from a comprehensive anti-hacking course run by competent specialists, in adition to normal training.

[Davin]

Davin wrote:

... but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

I think I can see an elrment of logic there where the aggressor is always "at fault" in, say,  child abuse by a priest, being coshed from behind in a street mugging etc, in places where one might have a right to expect safety. In the world of politics, or in commerce, the naïve person who does not take every possible opportunity to ensure security of sensitive information, who does not react appropriately to an advised threat, is incompetent. [...]

I'm not arguing those responsible for the security should not hold some blame for a breach, I'm arguing against the idea of blaming the victim for an attack (unless the victim went around saying, "come at me, bro!").

We are all hackable. No one is safe from hacking. All we can do is make it more difficult, but we can't prevent it. Those involved with this one made it easy. However, do you think the Russian hackers would have stopped if this one method didn't work? I don't think they would, I think the Russian hackers would have kept going until they succeeded. Do you think this was the first and only attack that the Russian hackers attempted? I highly doubt it.

[Dave]

Davin wrote:

... but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

I think I can see an elrment of logic there where the aggressor is always "at fault" in, say,  child abuse by a priest, being coshed from behind in a street mugging etc, in places where one might have a right to expect safety. In the world of politics, or in commerce, the naïve person who does not take every possible opportunity to ensure security of sensitive information, who does not react appropriately to an advised threat, is incompetent. [...]

I'm not arguing those responsible for the security should not hold some blame for a breach, I'm arguing against the idea of blaming the victim for an attack (unless the victim went around saying, "come at me, bro!").

We are all hackable. No one is safe from hacking. All we can do is make it more difficult, but we can't prevent it. Those involved with this one made it easy. However, do you think the Russian hackers would have stopped if this one method didn't work? I don't think they would, I think the Russian hackers would have kept going until they succeeded. Do you think this was the first and only attack that the Russian hackers attempted? I highly doubt it.

Not really the place for this but...

Humans have been attracted to the idea of attacking the defences of others, for reasons from defeating them in war through pecunary gain and hatred to simple schardenfreude, since at least the begining of recorded history, but it seems that sone simply do not learn. So, if they are not to "blame" in your understanding of the term then, if they are in a position to safeguard important (to whoever) data they are inadequate for or incompetent in their job and need to be replaced. Retraining in the same field will probably not help them because they have the wrong mindset to start with.

Go back to manual typewriters and paper memos for the really important stuff? There was a story that the Russians did just that. But you might need lots of high security vaults for storage . . .

[Davin]

Davin wrote:

... but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

I think I can see an elrment of logic there where the aggressor is always "at fault" in, say,  child abuse by a priest, being coshed from behind in a street mugging etc, in places where one might have a right to expect safety. In the world of politics, or in commerce, the naïve person who does not take every possible opportunity to ensure security of sensitive information, who does not react appropriately to an advised threat, is incompetent. [...]

I'm not arguing those responsible for the security should not hold some blame for a breach, I'm arguing against the idea of blaming the victim for an attack (unless the victim went around saying, "come at me, bro!").

We are all hackable. No one is safe from hacking. All we can do is make it more difficult, but we can't prevent it. Those involved with this one made it easy. However, do you think the Russian hackers would have stopped if this one method didn't work? I don't think they would, I think the Russian hackers would have kept going until they succeeded. Do you think this was the first and only attack that the Russian hackers attempted? I highly doubt it.

Not really the place for this but...

Humans have been attracted to the idea of attacking the defences of others, for reasons from defeating them in war through pecunary gain and hatred to simple schardenfreude, since at least the begining of recorded history, but it seems that sone simply do not learn. So, if they are not to "blame" in your understanding of the term then, if they are in a position to safeguard important (to whoever) data they are inadequate for or incompetent in their job and need to be replaced. Retraining in the same field will probably not help them because they have the wrong mindset to start with.

Go back to manual typewriters and paper memos for the really important stuff? There was a story that the Russians did just that. But you might need lots of high security vaults for storage . . .

Are you seriously presenting the, "well people have urges, you can't blame them for acting on them" argument?

Because my answer is: fuck yes we can blame them for acting on their urges. Always. You set are setting a shitty precedent by saying otherwise.

If someone forgot to lock their door one day, and their house gets broken into, do you blame them for getting robbed because they are incompetent? Or, like me, do you blame the thieves?

I get the urge to urinate from time to time, that is an undeniable need. However I don't pee on other people and them blame them for it while saying, "humans have a long history of needing to pee..."

Again. Yes, they are in a position of being responsible for safe guarding data. But again, all systems, no matter how competent those responsible for security are, are vulnerable to being hacked. How do you think security vulnerabilities get there? The answer is: the vulnerabilities already there, someone finds it and exploits it. If they are a good person, they'll inform the developer of the thing they found a hole. Some people are hired by the company that develops the software to try to find exploits. If they are a bad person, they will try to exploit it themselves and/or sell it off to others. On your devices, there exists multiple vulnerabilities, people just haven't found them yet.

Also again, while I agree that in this case they made it easier and fell victim to classic social engineering techniques, I doubt that was the first attempt nor would it have been the last attempt if that one didn't work. I would replace them too. But it's the attacker's that get the blame for the attack.

[Dave]

Davin wrote:

... but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

I think I can see an elrment of logic there where the aggressor is always "at fault" in, say,  child abuse by a priest, being coshed from behind in a street mugging etc, in places where one might have a right to expect safety. In the world of politics, or in commerce, the naïve person who does not take every possible opportunity to ensure security of sensitive information, who does not react appropriately to an advised threat, is incompetent. [...]

I'm not arguing those responsible for the security should not hold some blame for a breach, I'm arguing against the idea of blaming the victim for an attack (unless the victim went around saying, "come at me, bro!").

We are all hackable. No one is safe from hacking. All we can do is make it more difficult, but we can't prevent it. Those involved with this one made it easy. However, do you think the Russian hackers would have stopped if this one method didn't work? I don't think they would, I think the Russian hackers would have kept going until they succeeded. Do you think this was the first and only attack that the Russian hackers attempted? I highly doubt it.

Not really the place for this but...

Humans have been attracted to the idea of attacking the defences of others, for reasons from defeating them in war through pecunary gain and hatred to simple schardenfreude, since at least the begining of recorded history, but it seems that sone simply do not learn. So, if they are not to "blame" in your understanding of the term then, if they are in a position to safeguard important (to whoever) data they are inadequate for or incompetent in their job and need to be replaced. Retraining in the same field will probably not help them because they have the wrong mindset to start with.

Go back to manual typewriters and paper memos for the really important stuff? There was a story that the Russians did just that. But you might need lots of high security vaults for storage . . .

Are you seriously presenting the, "well people have urges, you can't blame them for acting on them" argument?

Because my answer is: fuck yes we can blame them for acting on their urges. Always. You set are setting a shitty precedent by saying otherwise.

If someone forgot to lock their door one day, and their house gets broken into, do you blame them for getting robbed because they are incompetent? Or, like me, do you blame the thieves?

I get the urge to urinate from time to time, that is an undeniable need. However I don't pee on other people and them blame them for it while saying, "humans have a long history of needing to pee..."

Again. Yes, they are in a position of being responsible for safe guarding data. But again, all systems, no matter how competent those responsible for security are, are vulnerable to being hacked. How do you think security vulnerabilities get there? The answer is: the vulnerabilities already there, someone finds it and exploits it. If they are a good person, they'll inform the developer of the thing they found a hole. Some people are hired by the company that develops the software to try to find exploits. If they are a bad person, they will try to exploit it themselves and/or sell it off to others. On your devices, there exists multiple vulnerabilities, people just haven't found them yet.

Also again, while I agree that in this case they made it easier and fell victim to classic social engineering techniques, I doubt that was the first attempt nor would it have been the last attempt if that one didn't work. I would replace them too. But it's the attacker's that get the blame for the attack.

OK, I think we are arguing as much about semantics as anything else. I was not talking about "urges" but about humzn psyco-types. But, yes, I suppose if you are a birn sucker then it is not your fsult.

Let's give this thread back to the Trumpian depths. Start another thread if you want to carry the debate on.

[Davin]

Trump is a Russian agent, at least from the perspective of the Russians. They are using him to disrupt American Democracy and make Putin  the most powerful person in the world. An actual Russian spy could not have done a better job.

And we had a confirmed and confessed Turkish foreign agent sitting in on security briefings. Given that, I'm finding it difficult to doubt that Trump and others are Russian agents. I'd feel better with a bi-partisan investigation.

[Davin]

Are you seriously presenting the, "well people have urges, you can't blame them for acting on them" argument?

Because my answer is: fuck yes we can blame them for acting on their urges. Always. You set are setting a shitty precedent by saying otherwise.

If someone forgot to lock their door one day, and their house gets broken into, do you blame them for getting robbed because they are incompetent? Or, like me, do you blame the thieves?

I get the urge to urinate from time to time, that is an undeniable need. However I don't pee on other people and them blame them for it while saying, "humans have a long history of needing to pee..."

Again. Yes, they are in a position of being responsible for safe guarding data. But again, all systems, no matter how competent those responsible for security are, are vulnerable to being hacked. How do you think security vulnerabilities get there? The answer is: the vulnerabilities already there, someone finds it and exploits it. If they are a good person, they'll inform the developer of the thing they found a hole. Some people are hired by the company that develops the software to try to find exploits. If they are a bad person, they will try to exploit it themselves and/or sell it off to others. On your devices, there exists multiple vulnerabilities, people just haven't found them yet.

Also again, while I agree that in this case they made it easier and fell victim to classic social engineering techniques, I doubt that was the first attempt nor would it have been the last attempt if that one didn't work. I would replace them too. But it's the attacker's that get the blame for the attack.

OK, I think we are arguing as much about semantics as anything else. I was not talking about "urges" but about humzn psyco-types. But, yes, I suppose if you are a birn sucker then it is not your fsult.

Let's give this thread back to the Trumpian depths. Start another thread if you want to carry the debate on.

I'm not arguing semantics, I'm arguing about concepts. You are arguing semantics, your not talking about "urges," just people that are subject to their strong impulses... Which are also known as "urges." But then you and blame the victim again by calling them a "born sucker." What a judgment of someone using very little information about them. I'm sure you're not a sucker because you've never made a mistake in your life. If you make a mistake that someone takes advantage of, are you going to call yourself a "born sucker" and not blame the attacker for attacking you?

Off topic conversations happen all the time, at least this one is still close to the topic at hand.

[Tom62]

Yes, most things can trace back to incompetence. Hindsight being 20/20, if people just did things right, then there wouldn't have been a problem. While I agree it was a big mistake that should never have happened because the people should have been trained and they should have had better technical staff... but for non-technical people, it's tough to tell what a good technical person looks like (as far as resume and work experience and even at the current job, not cool leather jackets, skateboards, and drinking coke).

Even knowing how easy it was to get into the DNC, blaming the victim is still wrong. I'm a strong advocate for security (more so with more important data), but even if someone is lax with their security, it's not their fault if someone attacks them. It's the aggressor's fault.

Blaming the victim, sets a shitty precedent.

The hack itself could perhaps not have been avoided, because phishing mails can look quite convincing. I'm not really blaming the DNC for the hack itself. However, the way it was dealt with, is a completely different story. The Russians where stealing stuff for almost 7 months, before the DNC "woke up". Some "Schadenfreude"is therefore justified.

[Firebird]

Some "Schadenfreude"is therefore justified.

Yeah, and now we have a demagogue in place who's planning to pull back from international organizations like NATO and let Russia run rampant. Obama, you may recall, was willing to at least acknowledge that history of interference and chart a different path forward.  Trump's election was a rejection of that saner thinking. I hope that's worth your temporary schadenfreude, because it's going to hurt a lot of people around the world, including in Germany.

[Dave]

There's a new conspiracy theory in a prog on BBC right now, that The Trump, just maybe, has a "special relationship" with arch conspiracy theorist Alex Jones of InfoWars.

Seems they might possibly have cosy chats on the phone, swapping ideas . . .

The Trump Shite House is keeping quiet on the matter.

[This is embedded in a program regarding Jones' behaviour, and the resulting actions of his mindless followers, seriously affecting the lives of the families involved in the Sandy Hook Elementary School shootings and whether Trump will act on this.]

[Dave]

So, is Bannon in or out?

Seems he was dropped from the NSC "principals committee", the cabinet level, but attended its neeting the same dsy. Was he just a minder for Flynn? Or is this another Trump Shite House cock-up?
http://www.cnbc.com/2017/04/06/bannon-attended-national-security-council-meeting-after-his-removal.html

Now another Rep, Devin Nunes, has stepped from the House investigation into alleged Russian involvement in the election after mutterings that he was a bit too close to Trump. He may now have to answer questions about his ethics.
http://edition.cnn.com/2017/04/06/politics/devin-nunes-stepping-aside-russia-intelligence-committee/

The hole just gets deeper and derper.

[Davin]

Bannon is still in the White House but off of the Security Council.

The hole just gets deeper and derper.

Might have been a typo, but I think that "derper" applies.

[Dave]

^ 

Later: actually I did not know of the noun "derp". Now I have looked it up it certainly seems to be a case of true serendifity.