People Who Suck At Computer Security

I don’t get people sometimes. You try to help them, and all they do is bitch about it and threaten to do something in return. I wonder if these people ever realize that people like me are only trying to help them; case in point, someone on an IRC network (who and where I am not saying) has a very insecure script on their client that has a ‘!page’ trigger to send a message to their pager.

This trigger, of course, is something normal people would only allow trusted users to use. Instead, it is available for everyone to use; unfortunately, I don’t think he realized this could be abused by anyone who didn’t like him. I said that it probably should be fixed before someone does abuse it, and instead of it being fixed, I got a kickban from the IRC channel said user resides in for being a troublemaker.

How does telling someone of a bug in their script equate to being a troublemaker? For normal people, it doesn’t; in fact, helping someone fix a security hole in something before it is used is a good thing. But not all people are normal, and a large number of these people (who are out of touch with the reality of the situation) would rather blame those who found it instead.

I find it depressing there is no way to help these people, and I would hate to see how these people act in real life situations. Its also depressing to realize I probably wasn’t the first person to find this security bug and warn him about it and get punished for it.

Written by
Patrick McFarland
Open Source software architect and technologist. He's just this guy, you know? Follow him him on Google+.
Published in
Ad Terras Per Aspera
Transmissions from the Little Blue Marble

Published December 26th, 2004

Comments

Leave a Reply