[mdlug] UFO excuse fails as hacker is sent to US to stand trial

[Jeremy Bowers]

Wolfger wrote:
> I believe he will hang, for embarrassing our military so. The real 
> news story, of course, is how he managed to access 97 of what *should* 
> be the most secure computers in the world. But that bit gets hushed.
If the military was ten times more secure than the average corporation 
of equal size, which I will define as "having 1/10th the 
vulnerabilities", just to be concrete, they'd still be riddled through 
with holes. And military targets are just about the only things that can 
draw more hacking resources to it than credit card databases.

Ultimately, this doesn't prove much because unless the hacked computers 
were supposed to be physically unconnected to the internet, even if 
everybody performed perfectly competently he still might have gotten in, 
via unpublished vulnerabilities, or even ones he found himself.

(Note this is in the form of a conditional statement; it does not 
actually contain any claims about the actual security level of our 
military.)

The real story here is and remains that our software is so insecure, and 
perhaps equally that our brains are so insecure (people do bad things 
like giving out their passwords for chocolate all the time),  that even 
an organization with all the motivation you could want and pretty much 
all the resources you could want still can't seem to secure their 
systems. At some point, the question of whether somebody "screwed up" 
ceases mattering; even if your admin was 99% perfect (unrealistic), the 
number of opportunities for screwing up guarantees that at least one 
screwup will occur.

*Of course* the actual entry techniques will be hushed. Very few 
commercial companies come completely clean either, even without national 
security excuses/reasons. I don't think this justifies any particularly 
unusual responses because it's the dreaded military.