On Sat, 24 Dec 2016 06:38 pm, Chris Angelico wrote: > weak passwords are ultimately the user's > responsibility
I suppose that's true, in the same way that not getting sewerage into the drinking water supply is also ultimately the user's responsibility. You forget that weak passwords don't just hurt the user who choose the weak passwords. If I break into your system, I get the opportunity to steal your identity, which not only hurts you, but also those I steal from using your identity. I can use your account to send spam, which hurts everyone. I can use you as a springboard to attack others, to launch ransomware attacks or shutdown the electricity grid[1] or DOS people I don't like. Poor security eventually hurts everyone. I think that, eventually, one of two things will happen: - Our entire computing infrastructure (the web, email, the IOTs, banking systems, etc) will collapse under the accumulated weight of zero day attacks, malware, ransomware, cyber warfare and 24/7 surveillance by both the state and corporations. The IOT is an especially bad idea: http://www.geekculture.com/joyoftech/joyarchives/2340.html - Or governments realise that computing security (including privacy) needs to be treated as a public health measure. We're already aware of the virus metaphor when it comes to malicious code. (It's more than just a metaphor -- one can argue, correctly I think, that self-replicating code is the same kind of thing whether it is interpreted by a Word macro, compiled machine code, or DNA.) We also need to think of personal data as toxic pollution: https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html https://www.schneier.com/blog/archives/2008/01/data_as_polluti.html We need to be thinking about security vulnerabilities as a health issue. That includes the backdoors more and more governments will want us to install, under the false claim of protecting us from terrorists/ paedophiles/whatever villain is being demonised this year. Exploitable software needs to be treated the same as building a sewer system that empties directly into the city's drinking water supply. It's *everybody's* problem when somebody can hack into your vulnerable system. That's the ultimate externality. But of course, unfortunately, we know what most governments and corporations and even individuals think about pollution and toxic waste. "If it saves me 5 seconds, or earns me $1, I don't care how many billions in damages it does to others." Merry Christmas. "My light switch is currently downloading a software update from the Internet so I can't turn my lights off. What. A. Time. To. Be. Alive." https://twitter.com/TweetsByTSD/status/655297659381661696 [1] If any country is foolish enough to put control of the electricity grid on the Internet. Of course nobody would do that. Right? -- Steve -- https://mail.python.org/mailman/listinfo/python-list
