Hacker News new | past | comments | ask | show | jobs | submit login

I sincerely hope that you didn't post this analogy sincerely believing it, as the two are diametrically opposed.



It absolutely was sincere. I'm not sure why you think they are "diametrically opposed". In both cases it is victim blaming.


Except that what grandparent was pointing out what not a case of victim blaming at all; rather, that the response was completely disproportionate to the act.

If you have a really nice sports car and I open the hood to see what engine it has and how it works, yes, I am in the wrong for not asking your permission first. However, if you then try to sue me for $100k because you claim that you had to have expensive maintenance done, you had to get the entire car diagnosed and $20k of repair done, etc. then you are clearly responding in an inappropriate manner.

That's what the whole "NASA had to shut it's systems down for 3 weeks at the cost of $41000 to check and fix it's systems" is about.

I hope you see now how that is very much different from the "she was asking for it" kind of BS.


Securing top-secret facility after a beak-in (where we know keyloggers and such were installed) is a bit more expensive than popping the hood of the car. At minimum, whole OS and all software packages have to be reinstalled from known clean media, and whole software stack needs to be recreated from scratch, without using backups (which could be compromised too). If you're properly paranoid, add new hardware too (most of the current hardware is programmable at some level, i.e. needs to be replaced after a breakin). And then you need to invalidate all passwords on all the systems and have everybody to reset their passwords. And not only user login passwords - all router passwords, domain passwords, service logins, everything.

I can easily see how such work can take, for multiple systems, several weeks and 41K is not an outrageous sum for completely recreating the system. Especially when something controlling life-preserving equipment is involved - which means additional testing, etc. - it's not a website that you can just push into production and if some page glitches the user would tell you.


The difference is that having to avoid certain public places for fear of being assaulted infringes on your personal freedoms. Locking down a server does not.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: