One Article Review
| Source |  UncommonSenseSecurity |
|---|---|
| Identifiant | 360988 |
| Date de publication | 2016-06-14 19:31:09 (vue: 2016-06-14 19:31:09) |
| Titre | Bad analogy, bad. No biscuit. |
| Texte | If you use the “If I leave my door unlocked you don;t have the right to walk in…†analogy when discussing web disclosures, you really need to stop. Bad analogies are bad. You know the cases, folks find things on the Internet that people didn't mean to make public, and a storm ensues and all kinds of people say all kinds of naïve stuff, including people who should know better. Your website is not a house, and not just because of the physical vs. virtual difference. If we have to use this analogy, let's at least get it more accurate. You live on a road, it may be public, or it may be private, but either way it is open to the public- in fact public use is encouraged. That's why you put your house there, because of good access in and out to the rest of the world. You put sensitive data on signs in your yard, visible from the road. There might even be a sign that says “only read your own dataâ€, but it is all visible. Someone drives by and reads someone else's sign from the road. Maybe they take pictures of the signs. Still imperfect, but much more accurate. And so convoluted it doesn't help make any point. These issues are not simple and misrepresenting them and oversimplifying things does not help. Note that I have not made any judgements about who exposed what where, and who drove by and looked at it. If it is your house and you post my data in an irresponsible manner, you are being irresponsible. If someone feels the need to copy everything to prove a point, that causes problems, even when their intentions are good. Without picking any specific cases, most of the ones that make the news are a combination of errors on both sides. You should act like sensitive data is, I don't know, sensitive. And when you stumble across things like that (and you will if you use the Internet and pay attention), you should think about how folks will react, and keep the CFAA in mind. Right or wrong, that's the world we live in. I think the CFAA is horrible and horribly out of date, as is the DMCA- but while they are the law and enforced, ignore them at your peril. It is worth considering that when people find stuff that shouldn't be posted publicly, it generally doesn't require downloading the entire dataset to report the problem, in fact that is likely to create problems for everyone. And yes, that's a gross oversimplification from me in a post where I decry gross oversimplification. Literary license or something. And because I actually care about this mess we're in, I'll make an offer I hope I don't regret: if you stumble across things which are exposed and you really don't know how to handle it please pause and reach out to me. I'll ask friends in law enforcement for guidance for you if you wish to remain anonymous, or I'll try to help you find the right folks to work with. If you are outside of the US, I'm unlikely to be if much help, but I'll still make inquiries. Note that if you are on any side of one of these situations and act like a dumbass, I reserve the right to call you a dumbass. I'll still try to help, but I'm calling you a dumbass if you deserve it. That's as close to idealistic as you'll get from me. Jack |
| Envoyé | Oui |
| Condensat | about access accurate across act actually all analogies analogy anonymous any are ask attention bad because being better biscuit both but call calling care cases causes cfaa close combination considering convoluted copy create data dataset data†date decry deserve didn difference disclosures discussing dmca does doesn don don;t door downloading drives drove dumbass either else encouraged enforced enforcement ensues entire errors even everyone everything exposed fact feels find folks friends from generally get good gross guidance handle have help hope horrible horribly house how idealistic ignore imperfect including inquiries intentions internet in…†irresponsible issues jack judgements just keep kinds know law least leave let license like likely literary live looked made make manner may maybe mean mess might mind misrepresenting more most much naïve need news not note offer one ones open out outside oversimplification oversimplifying own pause pay people peril physical picking pictures please point post posted private problem problems prove public publicly put reach react read reads really regret: remain report require reserve rest right road say says sensitive should shouldn side sides sign signs simple situations someone something specific stop storm stuff stumble take that them these things think try unlikely unlocked use virtual visible walk way web website what when where which who why will wish without work world worth wrong yard you your “if “only |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.