People Who Suck At Computer Security
I don’t get people sometimes. You try to help them, and all they do is bitch about it and threaten to do something in return. I wonder if these people ever realize that people like me are only trying to help them; case in point, someone on an IRC network (who and where I am not saying) has a very insecure script on their client that has a ‘!page’ trigger to send a message to their pager.
This trigger, of course, is something normal people would only allow trusted users to use. Instead, it is available for everyone to use; unfortunately, I don’t think he realized this could be abused by anyone who didn’t like him. I said that it probably should be fixed before someone does abuse it, and instead of it being fixed, I got a kickban from the IRC channel said user resides in for being a troublemaker.
How does telling someone of a bug in their script equate to being a troublemaker? For normal people, it doesn’t; in fact, helping someone fix a security hole in something before it is used is a good thing. But not all people are normal, and a large number of these people (who are out of touch with the reality of the situation) would rather blame those who found it instead.
I find it depressing there is no way to help these people, and I would hate to see how these people act in real life situations. Its also depressing to realize I probably wasn’t the first person to find this security bug and warn him about it and get punished for it.