The title of your article was very clever. It gives the impression that this case would be used by the author to wave the flag of the pro-hacker community. However, a quick read and one can immediately determine that this is not the case.

However, I believe you minimize the level of thought put behind MafiaBoy's efforts. He had to obtain the tools, come up with a plan and execute it. Maybe his goal was simply to see if it would work - maybe he just wanted to finally see the effects of his own deeds played out on the news. That sounds pretty similar to 15 year olds who throw theswitch on the train tracks or throw rocks onto the highway from the overpass. They just wanted to see what would happen and what some one's face would look like if they were nailed by my prank! This is serious and he should be prosecuted - as a juvenile - to the extent of the law. WHat's wrong with that?

Yes the Internet is vulnerable to these (and other) kinds of attacks - but it takes money to be able to mitigate risks. It is a risk management case study at it's purest. The money will not be spent until the costs of the damage done increases, or the costs of controls decreases. So far, it can't be demonstrated that the E-commerce community has lost a staggering amount of money from fraud, malfeasance or theft. Nor have E-Politics sites been particularly splattered by graffiti, defamation or defacing. There have been incidents and acts that have gained attention - but these have largely been an annoyance or an irritant.

It is incumbent upon the Internet security industry to educate users, providers and vendors about the risks that we currently face - and to prevent them. The Internet community needs to be educated toward providing thorough, preventative controls. The Internet security industry needs to be involved with business at the Risk Management level - to speak their language in order to faciltate change - to make the Internet world safer from hackers.

In a large part, this has been the biggest failure of the Internet security industry. The current state is that something really nasty could happen that could reach the level of serious business losses or bankrupcy.

Let's be honest - part of the blame would go to poor technical management, poor architecture and design, and poor education. The poor education portion of the blame pie - to a large extent - sits at the feet of the Internet security industry. We need to delivery the message much more effectively before the Internet community at large will listen.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/22/1494#1494