Cyber crime - There...
 
Notifications
Clear all

Cyber crime - There enough information in the public domain.

12 Posts
5 Users
0 Likes
391 Views
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

In light of the recent incident with the BBC's purchase of a botnet and the BBC's argument that it is in the public interest. Whether it is or not is a complex question.

Part of what I would consider public interest is how much information is available to the public relating to a particular subject, in this case cybercrime, and the quality of the information that is available. By quality I mean is it easily understandable to those who are none experts in the field, accurate and none sensationalist.

My question is, in your opinion is there sufficient quality information abaut cybercrime available to the general public, is it too technical, too sensationalistic or too simplistic?

 
Posted : 30/04/2009 9:03 pm
(@douglasbrush)
Posts: 812
Prominent Member
 

To broad. So many different areas of concern do to the multitude of available attack areas.

 
Posted : 30/04/2009 9:29 pm
(@Anonymous)
Posts: 0
Guest
 

I find people are apathetic until it affects them, such that their computer gets hit by a virus/hacked etc. I've recently been finding computers with no anti-virus or no active firewall. I imagine the perception is that hackers and the like are more concerned with larger, more financially rewarding systems.

I also read that computers get scanned about every minute for vulnerabilities not long ago, which I found a little surprising.

 
Posted : 30/04/2009 9:29 pm
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

To broad. So many different areas of concern do to the multitude of available attack areas.

Do you mean my question is too broad or do you mean the information available is too broad?

If the information available is too broad, has that impeded peoples perception of the risks?

 
Posted : 30/04/2009 10:16 pm
(@douglasbrush)
Posts: 812
Prominent Member
 

Sorry - yes information available is too broad - information overload.

The threats can come in many forms from many directions and often at the same time.

However, my feeling is that it is a matter of people susceptible to social engineering more than anything. Sometimes you are only as much of a victim as you allow yourself to be. I guess I would pose the question in response do you feel that people do risky things and don't educate themselves and become victims or is it a lack of security on those we trust with sensitive information?

 
Posted : 30/04/2009 10:28 pm
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

do you feel that people do risky things and don't educate themselves and become victims or is it a lack of security on those we trust with sensitive information?

An interesting question. There certainly is an element of perhaps failure for people to educate themselves. Having said that not everyone is capable of understanding the complexities of cybercrime, especially when considering how broad it is. Can people really be expected to educate themselves to such a degree that they can make an informed decision on the risk.

Which is partly why I am interested in the perception of the quality of information available. For example did the BBC help the situation with their investigation or make it worse.

 
Posted : 30/04/2009 10:54 pm
(@douglasbrush)
Posts: 812
Prominent Member
 

The BBC situation took a vaild concern and went the wrong direction with it From The Register
"
The exercise, intended to illustrate cybercrime risks, has split security vendors. Many argue that the same issues could have been illustrated in the lab, without interfering with the PCs of innocent victims or sending spam. Kaspersky, AVG, McAfee, FaceTime, Sophos, Sunbelt Software and F-Secure have all come out in describing the exercise as various flavours of misguided, unnecessary and unethical.
"

I think this issue has been around for sometime. There was always that ethical hacker line in the sand of demonstrating weakness vs. plain mutual respect for ones neighbors. ie. I can't just go smash all the house windows in my community, steal things and use a line of defense that they should have had a stronger window.

 
Posted : 30/04/2009 11:20 pm
(@darksyn)
Posts: 50
Trusted Member
 

It is indeed a complex subject you've raised, dngroen… It really depends on who we refer to when we talk about "public"…

I will (to some extent) agree with Zoidberg in that the "public" more-or-less apathetic unless the subject affects them on a personal level (cracked account, cracked pc etc).

There's TONS of information out there on anything network-security related. The problem does not lie with the information, but with people's willingness to sit down and read through the material. If they consider the material too technical, they should educate themselves properly. If they consider the material as too sensationalist, they should seek to verify what they read through other sources.

Cheers
DarkSYN

 
Posted : 03/05/2009 4:42 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I don't think the public, in general, is necessarily apathetic. IMHO, there are too many mixed messages from the media, as well as from security folks, who just sort of expect the public to "get it".

A huge part of our jobs is reporting…we do a pen test or a forensic analysis, and we have to report. Most of do a horrible job of it, even with things like peer review and the "stimulus" of getting paid for the work…having folks who don't like to document anything they do trying to educate the public is a no-win situation.

 
Posted : 03/05/2009 6:19 pm
(@darksyn)
Posts: 50
Trusted Member
 

Hmmmm, to some degree I will have to agree with you, keydet, in that there are many mixed messages, mainly from the media (sensationalism) and from certain members of the the "white-hat" network security scene (snake-oil in bright-colored packaging with big and impressive letters).

The problem with reports and documentation is that both terms differ between network security and digital forensics, both in terms of language and in terms of intended audience.

Regarding the other point about documentation, the willingness (or lack of it) to document things does not have a lot to do with the ability to educate the public. It does have to do with the rather elitistic viewpoint that "coders code, analysts document" (or something along those lines), however, though this attitude is finally changing.

Cheers
DarkSYN

 
Posted : 03/05/2009 8:18 pm
Page 1 / 2
Share: