or Connect
AppleInsider › Forums › General › General Discussion › LaCie reveals year-long security breach at online store
New Posts  All Forums:Forum Nav:

LaCie reveals year-long security breach at online store

post #1 of 37
Thread Starter 
Storage vendor LaCie , maker of a number of accessories compatible with Apple's Thunderbolt, announced on Wednesday that data from transactions made through the company's first-party online store may have been compromised as a result of a security breach that went undiscovered for nearly a year.

LaCie Fuel


LaCie made the announcement on its website. The company was informed of the breach in March by investigators from the FBI and subsequently hired a digital forensics team to conduct its own inquiry.

"Based on the investigation, we believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorized person may include customers' names, addresses, email addresses, and payment card numbers and card expiration dates. Customers' LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords," the notice reads.

Customers affected by the breach should have already received a message from LaCie with additional information. Those with questions can contact the company at 866-236-8208 Monday through Friday between the hours of 9:00 a.m. and 7:00 p.m. Eastern Daylight Time.

LaCie, owned by Seagate, is a major manufacturer of external storage products and is among the most popular providers of such systems to Mac owners thanks to wide-ranging support for the Thunderbolt protocol.
post #2 of 37
Quote:
Originally Posted by AppleInsider View Post

Customers affected by the breach should have already received a message from LaCie... massive orders on their credit cards
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
post #3 of 37
If only they had used AnarchyCoin! /s

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #4 of 37
Is there anyone not using an app like 1Password at this point?

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #5 of 37
Seagate products came from Samsung
post #6 of 37
Quote:
Originally Posted by SolipsismX View Post

Is there anyone not using an app like 1Password at this point?

 

Me. I just haven't gotten around to it yet I guess.

 

The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.

 

I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.

post #7 of 37
Quote:
Originally Posted by SolipsismX View Post

Is there anyone not using an app like 1Password at this point?

Me. Look at how freaking flawed software is, and how vulnerable it is. What's the point? Do I want one central point of failure to lose all my passwords or get them all stolen? They've already admitted to a security breach in the past, and look how secure our entire Internet is, with years-long vulnerabilities and unknown exploitation.
post #8 of 37
Quote:
Originally Posted by Apple ][ View Post

Me. I just haven't gotten around to it yet I guess.

The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.

I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.

Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.

Except for the financial institutions — which are oddly stingy about password length and special characters — Google, iCloud and Dropbox all use 50 character alphanumerics with special characters that I could never remember. On top of that my select questions all have answers that are random strings thereby preventing social hacking techniques. I was able to systematically change them over time and keep track of which ones I changed with their Smart Folder feature so I could 1) see which had a date modified older a particular date and 2) which ones had a note field that wasn't blank (which is where I store that info). Took some time but a couple a day only takes a moment and soon enough potential threats are isolated to a particular site.

I can't imagine that being done well without a password manager which, among it's well known features, also has a security audit feature which 1) tells me which passwords are weak (not an issue for me), 2) informs me which passwords are duplicate (also no longer an issue for me), and 3) which passwords haven't been changed in awhile (6-12 months, 1-3 years, 3+ years).

Quote:
Originally Posted by dysamoria View Post

Me. Look at how freaking flawed software is, and how vulnerable it is. What's the point? Do I want one central point of failure to lose all my passwords or get them all stolen? They've already admitted to a security breach in the past, and look how secure our entire Internet is, with years-long vulnerabilities and unknown exploitation.

1) Sure, nothing is foolproof but I fear more about having some website's server's hacked with my username and password from that site being tested on others than I am from someone stealing my MBP, getting past VileFault2 on said MBP, and then being able to get into my 1Password database that is protected by 256-AES encryption.

2) What security breach has directly affected 1Password?
Edited by SolipsismX - 4/16/14 at 12:57pm

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #9 of 37
Quote:
Originally Posted by SolipsismX View Post


Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.

 

Yes, every password is unique. I just keep track of them manually using secure notes on my Mac. When something gets changed or added, I just open the note and change it. I have passwords for plenty of sites too, but there are only a small percentage that actually gets used very often.

 

And for those sites that are important that I might visit very often, like a trading account, those passwords are remembered in my head, even though they might look like this: #3ab23&ksl78Dd7.

post #10 of 37
Quote:
Originally Posted by SolipsismX View Post

Is there anyone not using an app like 1Password at this point?

No password is secure if it's written down in text which is then taken from a website.

My password for a website selling hard drives would be the least of my concerns if the other data they got is my credit and debit card details.

post #11 of 37

"Modern computers are fast enough and powerful enough to break anything given a chance"  It's not a matter of how long your passwords are.  it starts at "A" or "0" and goes from there."  

I've read that enough times in the past few months to believe it.  I see more issues with Disquis or what ever it's called asking for my email list and "friends" pffft  * gets up wipes hands on pants, crosses room, enters TOR"

post #12 of 37
Quote:
Originally Posted by SolipsismX View Post

Is there anyone not using an app like 1Password at this point?

 

Why even care anymore? With this kind of announcement it becomes clear that your identity is fair game to anyone. What good is a secure password when that password is stolen by a bad guy with apparent ease? Why not just use the age old favorites like “123456” or “password” if the bad guys are gonna get it anyway? Just pass laws that take the consumer totally of the hook for any losses. Make the website operators totally liable for damages. When they lose enough money they’ll figure out a way to make their sites secure. Nothing like losing money to sharply focus a company’s attention to security.

post #13 of 37
I think this is brilliant marketing. The more people will doubt cloud services, the more hard drives they will buy.

/s
post #14 of 37
Quote:
Originally Posted by lkrupp View Post

Why even care anymore? With this kind of announcement it becomes clear that your identity is fair game to anyone. What good is a secure password when that password is stolen by a bad guy with apparent ease? Why not just use the age old favorites like “123456” or “password” if the bad guys are gonna get it anyway? Just pass laws that take the consumer totally of the hook for any losses. Make the website operators totally liable for damages. When they lose enough money they’ll figure out a way to make their sites secure. Nothing like losing money to sharply focus a company’s attention to security.

I am dumbfounded by your comment. Because someone might hack into AppleInsider's servers it means that no online account you have should have a password more complex than 123456? Is that what you're professing?

Does that mean you also don't use any two-step authentication?

PS: The "customer" should not be off the hook if they willfully make foolish decisions that resulted in their identities and money being stolen. Thankfully most sites don't allow easily guesses passwords to be used.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #15 of 37
Quote:
Originally Posted by Apple ][ View Post

Yes, every password is unique. I just keep track of them manually using secure notes on my Mac. When something gets changed or added, I just open the note and change it. I have passwords for plenty of sites too, but there are only a small percentage that actually gets used very often.

And for those sites that are important that I might visit very often, like a trading account, those passwords are remembered in my head, even though they might look like this: #3ab23&ksl78Dd7.

That is impressive password to remember multiple passwords of that type. I only know three, if you don't count bank PINs, hate codes and padlocks. My MBP password, my 1Password password, and my one iCloud ID used only for Find My iPhone; all of which are long phrases that, while possibly well known, have enough variances that they are extremely strong.

BTW, Keychain's Secure Notes are what I used before I had 1Password. I can t imagine going back.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #16 of 37

Talk to anyone that works in IT and buy them enough drinks they will tell you most company websites are unsecure. 

I would say 1 out of 10 are actually proactive in protecting client information. 

People tend to think things are set and forget and dont need updating creating a false sense of security that hackers love to exploit.

post #17 of 37
Quote:
Originally Posted by SolipsismX View Post


That is impressive password to remember multiple passwords of that type. I only know three, if you don't count bank PINs, hate codes and padlocks. My MBP password, my 1Password password, and my one iCloud ID used only for Find My iPhone; all of which are long phrases that, while possibly well known, have enough variances that they are extremely strong.

BTW, Keychain's Secure Notes are what I used before I had 1Password. I can t imagine going back.

 

I didn't know them to begin with, but each time I used them, I would have to look them up, and eventually I just ended up memorizing a few of the ones that get used on a daily basis. I saw that 1password is currently half off, so who knows, maybe I'll eventually switch over from my manual method.

post #18 of 37
Quote:
Originally Posted by dysamoria View Post


Me. Look at how freaking flawed software is, and how vulnerable it is. What's the point? Do I want one central point of failure to lose all my passwords or get them all stolen? They've already admitted to a security breach in the past, and look how secure our entire Internet is, with years-long vulnerabilities and unknown exploitation.

 

Better than nothing. Lastpass, 1password, and KeePass are all great Managers. They can be portable and I think all of them have multiple layers of security. Encryption, Master Passwords, File checks ect....

Quote:
Originally Posted by dreyfus2 View Post

I think this is brilliant marketing. The more people will doubt cloud services, the more hard drives they will buy.

/s

 

Then I'm fully behind them. The less 3rd party cloud I have to deal with the better.

 

(I'm being serious though =D)

post #19 of 37
Quote:
Originally Posted by SolipsismX View Post

Does that mean you also don't use any two-step authentication?
 

 

I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers. If some bad guy empties out my bank account I’ll just sue the pants off the bank. Everybody does it, everybody expects the retailer or bank or whatever to make them whole again. The bad guys are filing fraudulent income tax returns using someone else’s SS number and raking in their refunds. The IRS is too understaffed to do much about it. The bad guys are creating fraudulent SS accounts and redirecting the deposits to their own bank accounts. Crime on the Internet is all over the place, unstoppable, pandemic. So what’s the use? I’ll just make YOU pay higher prices to get my funds back. Oh, and the legal system favors the criminal anyway. The guy who steals my identity gets a couple of months... or more likely probation. 

 

I say this out of complete frustration with the online universe we have created. I’ve had it and I don’t care any more.

 

"The "customer" should not be off the hook if they willfully make foolish decisions that resulted in their identities and money being stolen. Thankfully most sites don’t allow easily guesses passwords to be used."

 

But they ARE off the hook. They DO get their funds restored. And if I leave my front door unlocked the insurance company still pays and YOU get higher premiums to offset the loss. Har, har, what a racket.

post #20 of 37
Quote:
Originally Posted by SolipsismX View Post

<snip> I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. <snip>

 

Huh, I thought I had a lot with over 75 in my password manager.  :-)  I don't hang out in as many forums, I guess. 

 

I like how AppleInsider dodges the whole security controversy by offering no-secure login at all.  I hope everyone out there in reader-land isn't reusing passwords to log into AI!

 

I've evaluated quite a few password apps, and eventually settled on mSecure for iPhone. It has all the features I needed. And this way, my passwords are with me wherever I go, when I need them.  Not quite sure I trust the "in the cloud" password managers yet.  Even Apple's.

post #21 of 37

Quote:

Originally Posted by lkrupp View Post
 

 

Why even care anymore? With this kind of announcement it becomes clear that your identity is fair game to anyone. What good is a secure password when that password is stolen by a bad guy with apparent ease? Why not just use the age old favorites like “123456” or “password” if the bad guys are gonna get it anyway? Just pass laws that take the consumer totally of the hook for any losses. Make the website operators totally liable for damages. When they lose enough money they’ll figure out a way to make their sites secure. Nothing like losing money to sharply focus a company’s attention to security.

 

 

Would you ... umm ... mind telling me where you bank at?   Uh, no reason, just askin'...  ;-)

post #22 of 37
Quote:
Originally Posted by SolipsismX View Post

Is there anyone not using an app like 1Password at this point?

I use pwSafe myself but either way such an app would be of no help here. They effectively have access to the more valuable information so I doubt the theirs even care about your password.
post #23 of 37
Quote:
Originally Posted by dreyfus2 View Post

I think this is brilliant marketing. The more people will doubt cloud services, the more hard drives they will buy.

/s

I only reluctantly use could services. Security is an issue but the bigger problem is the lack of guaranteed access. Probably the third big issue is the bandwidth usage which sucks, especially for mobile devices. This by the way is why I'm holding out for a real capacity bump in the new iOS devices this year.
post #24 of 37
Quote:
Originally Posted by lkrupp View Post

I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers. If some bad guy empties out my bank account I’ll just sue the pants off the bank. Everybody does it, everybody expects the retailer or bank or whatever to make them whole again. The bad guys are filing fraudulent income tax returns using someone else’s SS number and raking in their refunds. The IRS is too understaffed to do much about it. The bad guys are creating fraudulent SS accounts and redirecting the deposits to their own bank accounts. Crime on the Internet is all over the place, unstoppable, pandemic. So what’s the use? I’ll just make YOU pay higher prices to get my funds back. Oh, and the legal system favors the criminal anyway. The guy who steals my identity gets a couple of months... or more likely probation. 

I say this out of complete frustration with the online universe we have created. I’ve had it and I don’t care any more.

"The "customer" should not be off the hook if they willfully make foolish decisions that resulted in their identities and money being stolen. Thankfully most sites don’t allow easily guesses passwords to be used."

But they ARE off the hook. They DO get their funds restored. And if I leave my front door unlocked the insurance company still pays and YOU get higher premiums to offset the loss. Har, har, what a racket.

1) The two-step authentication requires an authenticated device be used to retrieve a PIN to access from another device.

2) Sure, security issues happen constantly but the solution isn't to be even lazier in your efforts. If someone breaks into my AI account they don't know anything about me. They have an email address, username and password, only two of which are used elsewhere and only on other forums. They'd have to hack and monitor many sites and grab IP data which they can then use to figure out my identity. Facebook is another story because that data is personal data but of my 3 accounts each use different data sets, which include emails and. of course, unique 50 character passwords, and completely private. Is it foolproof? Of course not, but making the password 123456 and then using that for all sites is just dumb. At least most sites at least protect you by not allowing you to have such weak passwords.

3) You say the IRS is understaffed and identify theft isn't punished harshly enough but your solution is to do nothing to protect yourself? 1confused.gif

4) The legal system favours criminals? Why would you even write that? 1oyvey.gif

5) No, you're not off the hook. If your credit is ruined because of someone else you have to go through a lot of work to get that resolved and even then it's likely going to cost you money and take a lot of time to fix your credit. If you choose not to do a modicum of effort to educate and protect yourself then you're likely going to be victimized before someone that does use a postal box for all their mail, shreds all documents with their name on it before trashing them, uses a credit monitoring services, uses complex and unique passwords, uses random recovery pass phrases, uses email aliases to set up spam watch lists, and uses two-step authentication when offered, and keeps all their files on encrypted drives. It doesn't mean I can't be victimized but the difficultly compared to you and your everything 123456 password is staggering.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #25 of 37
Quote:
Originally Posted by wizard69 View Post

I use pwSafe myself but either way such an app would be of no help here. They effectively have access to the more valuable information so I doubt the theirs even care about your password.

If the username and password is used at another site where more personal data including additional credit and debit cards are stored then it could be useful. For instance, what if you use the same at Geico insurance. They could then have automobile info. Or what about using that same username and password to get to a common site for mortgage or student loans. Mine all keep the bank's routing and account numbers and account type available for anyone to see that can log into my account. I'd like to limit this access as much as possible. Let the slowest of the herd be more likely to get taken down.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #26 of 37
Quote:
Originally Posted by SolipsismX View Post


1) The two-step authentication requires an authenticated device be used to retrieve a PIN to access from another device.

2) Sure, security issues happen constantly but the solution isn't to be even lazier in your efforts. If someone breaks into my AI account they don't know anything about me. They have an email address, username and password, only two of which are used elsewhere and only on other forums. They'd have to hack and monitor many sites and grab IP data which they can then use to figure out my identity. Facebook is another story because that data is personal data but of my 3 accounts each use different data sets, which include emails and. of course, unique 50 character passwords, and completely private. Is it foolproof? Of course not, but making the password 123456 and then using that for all sites is just dumb. At least most sites at least protect you by not allowing you to have such weak passwords.

3) You say the IRS is understaffed and identify theft isn't punished harshly enough but your solution is to do nothing to protect yourself? 1confused.gif

4) The legal system favours criminals? Why would you even write that? 1oyvey.gif

5) No, you're not off the hook. If your credit is ruined because of someone else you have to go through a lot of work to get that resolved and even then it's likely going to cost you money and take a lot of time to fix your credit. If you choose not to do a modicum of effort to educate and protect yourself then you're likely going to be victimized before someone that does use a postal box for all their mail, shreds all documents with their name on it before trashing them, uses a credit monitoring services, uses complex and unique passwords, uses random recovery pass phrases, uses email aliases to set up spam watch lists, and uses two-step authentication when offered, and keeps all their files on encrypted drives. It doesn't mean I can't be victimized but the difficultly compared to you and your everything 123456 password is staggering.

 

You don’t get it do you.

post #27 of 37
Quote:
Originally Posted by lkrupp View Post

You don’t get it do you.

I sincerely wish you the best of luck because that's truly your only defense at this point.
Edited by SolipsismX - 4/16/14 at 8:23pm

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #28 of 37
Quote:
Originally Posted by lkrupp View Post
 

 

I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers.

 

This is my attitude as well, although I have decent passwords where they count.  Personal info is very rarely stolen by anything figuring out ones password, either by sequential attack or by guessing what the user might use.  It's nearly entirely done these days by getting into the vendor's files or grabbing it during a period of insecure passage, rendering 5ewE909iHts09uQi no more secure than mollyb32

 

 IMHO, there's practically no point in having uber unguessable passwords for anything if that's not where the breach is.

post #29 of 37
Quote:
Originally Posted by Apple ][ View Post
 

 

Me. I just haven't gotten around to it yet I guess.

 

The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.

 

I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.

Why not just use Apple's built-in password generator in Safari?

"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
post #30 of 37
Quote:
Originally Posted by SolipsismX View Post


Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.

Except for the financial institutions — which are oddly stingy about password length and special characters — Google, iCloud and Dropbox all use 50 character alphanumerics with special characters that I could never remember. On top of that my select questions all have answers that are random strings thereby preventing social hacking techniques. I was able to systematically change them over time and keep track of which ones I changed with their Smart Folder feature so I could 1) see which had a date modified older a particular date and 2) which ones had a note field that wasn't blank (which is where I store that info). Took some time but a couple a day only takes a moment and soon enough potential threats are isolated to a particular site.

I can't imagine that being done well without a password manager which, among it's well known features, also has a security audit feature which 1) tells me which passwords are weak (not an issue for me), 2) informs me which passwords are duplicate (also no longer an issue for me), and 3) which passwords haven't been changed in awhile (6-12 months, 1-3 years, 3+ years).
1) Sure, nothing is foolproof but I fear more about having some website's server's hacked with my username and password from that site being tested on others than I am from someone stealing my MBP, getting past VileFault2 on said MBP, and then being able to get into my 1Password database that is protected by 256-AES encryption.

2) What security breach has directly affected 1Password?

iCloud wasn't affected.

"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
post #31 of 37
Quote:
Originally Posted by jlandd View Post

This is my attitude as well, although I have decent passwords where they count.  Personal info is very rarely stolen by anything figuring out ones password, either by sequential attack or by guessing what the user might use.  It's nearly entirely done these days by getting into the vendor's files or grabbing it during a period of insecure passage, rendering 5ewE909iHts09uQi no more secure than mollyb32

 IMHO, there's practically no point in having uber unguessable passwords for anything if that's not where the breach is.

And this is exactly it. The user isn't to blame in most of these cases we see in the media, yet, in true capitalist pass-the-buck fashion, the consumers are given the responsibility for maintaining INHUMAN password demands.

Even if your data is entirely inaccessible to you because you've secured it against yourself and social engineering, it still is stolen. So why are WE letting them put the responsibility on US? I'll tell you why: the tech world THRIVES on blaming the users for all of its shortcomings! That's why computers have remained in profitability. If people believed the computing tech and the companies presenting it were the real at fault party, there would have been a massive crackdown by now. But the conditioning is quite solid.

"All software has bugs"
http://angryartboy.blogspot.com/2012/08/still-no-accountability-in-computer.html?m=1

"Your data isn't secured unless YOU [can't access it yourself]"
http://angryartboy.blogspot.com/2012/10/accessibility-not-just-for-people-with.html

"RTFM!"
http://angryartboy.blogspot.com/2011/02/good-manuals-matter.html

"Users are idiots"... and so on!!

This industry relies on tech geeks maintaining the status quo in assuming that this is how it always was, always will be, and SHOULD BE. I, for one former tech geek, have stood up and said NO. I'm not contributing to the propaganda. It might not be conspiracy or intent, but it is definitely propaganda.
post #32 of 37
Quote:
Originally Posted by dysamoria View Post

So why are WE letting them put the responsibility on US?

Your comment is the same as saying, "It's not my fault he was driving drunk when he sideswiped me so why is it my responsibility to wear a seatbelt?' If you don't want to protect your valuables that's your choice but I hope you're not going to act like a hypocrite and say "Why does this stuff always happen to me?" if your valuables are easily stolen and used by others. It's like choosing to not lock your car when you leave it unattended or keeping your house key under a potted plant or mat by your front door. It's not your fault that someone stole your belongings but it's your fault for choosing to make it easy to have your valuables stolen. I just hope you all don't have kids you're endangering by choosing to ignore even basic safeguards.


PS: I'm still waiting for your link to an article showing a 1Password security breach that would affect my DB.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #33 of 37
Quote:
Originally Posted by SolipsismX View Post


Your comment is the same as saying, "It's not my fault he was driving drunk when he sideswiped me so why is it my responsibility to wear a seatbelt?' If you don't want to protect your valuables that's your choice but I hope you're not going to act like a hypocrite and say "Why does this stuff always happen to me?" if your valuables are easily stolen and used by others. It's like choosing to not lock your car when you leave it unattended or keeping your house key under a potted plant or mat by your front door. It's not your fault that someone stole your belongings but it's your fault for choosing to make it easy to have your valuables stolen. I just hope you all don't have kids you're endangering by choosing to ignore even basic safeguards.


PS: I'm still waiting for your link to an article showing a 1Password security breach that would affect my DB.

I disagree with that reasoning. There was a time when people freely left their doors unlocked. Morals are morals no matter how immoral the age in which we live.

"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
post #34 of 37
Quote:
Originally Posted by Benjamin Frost View Post

I disagree with that reasoning. There was a time when people freely left their doors unlocked. Morals are morals no matter how immoral the age in which we live.

1) What does that have to do with people taking basic measures to protect themselves?

2) The times in which people kept left their homes (and cars) unlocked were in smaller societies where everyone knew each other. It had nothing to do with a shift in morals, but rather a shift in scale.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #35 of 37
Quote:
Originally Posted by SolipsismX View Post


1) What does that have to do with people taking basic measures to protect themselves?

2) The times in which people kept left their homes (and cars) unlocked were in smaller societies where everyone knew each other. It had nothing to do with a shift in morals, but rather a shift in scale.

I was referring to your implication of fault. I think that's incorrect - it may be naive, for sure, but I wouldn't say fault. Subtle difference.

 

Your second point is not true. When my sister lived in Dubai, she never locked her jeep in the middle of town, like everyone else. Nothing to do with how many people you knew. And that was just a few years ago. It used to be the case that you didn't need to lock your front door. Everything to do with morals, nothing to do with scale.

"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
"If the young are not initiated into the village, they will burn it down just to feel its warmth."
- African proverb
Reply
post #36 of 37
Quote:
Originally Posted by Benjamin Frost View Post

I was referring to your implication of fault. I think that's incorrect - it may be naive, for sure, but I wouldn't say fault. Subtle difference.

What is wrong with saying people have a responsibility to protect themselves? I clearly stated that being attacked or robbed is not their fault but to say you bear no blame from purposely putting yourself in harms way is just passing the buck. I'm getting sick of people not taking any personal responsibility for what transpires in their lives.

Louis Pasteur's "“Chance favors the prepared" fits well here.

I knew someone that got pulled over for having an expired license plate. He also had a suspended license from not paying a speeding ticket and he didn't have insurance. He only saw it as bad luck that he got arrested because he wasn't speeding that day and "it's not his fault that cop happened to just get behind him on that day and run his plate". He didn't see how he set himself up for failure.
Quote:
Your second point is not true. When my sister lived in Dubai, she never locked her jeep in the middle of town, like everyone else. Nothing to do with how many people you knew. And that was just a few years ago. It used to be the case that you didn't need to lock your front door. Everything to do with morals, nothing to do with scale.

it's absolutely true. A single anecdote from one person in one location does not mean that scale has no effect on security.
Edited by SolipsismX - 4/17/14 at 3:08pm

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #37 of 37

  LaCie's willingness years ago to keep shipping bad drive power supplies long after it was clear there was a problem there painted them to me as a company who would stick their head in the sand and hope a problem would blow over soon because it's too much effort and expense to properly attend to in the most timely fashion.   I'm not surprised by the calendar of events with this issue and have little faith in how they respond to anything.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › LaCie reveals year-long security breach at online store