Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It really is only in the world of IT security is this attitude so pervasive, where you constantly blame victims. While defense is a great offense it can't hurt to be an annoyance to bad actors.


Can you tell me where in my words you read that I blamed victims? I think you're reading something into it that isn't there.


You are very insistent that people are doing "defending" wrong, and I can see how someone could read victim blaming into it, the industry does have a bad habit of loud hindsight bias. But it's also entirely beside the point, since no one here is claiming that this is real security, it's just a small nostalgic hack, and it comes off a bit grumpy to be so adamantly against it.


>You are very insistent that people are doing "defending" wrong, and I can see how someone could read victim blaming into it

that's so absolutely ridiculous.

"Hey bud, you're wearing your helmet backwards." "Oh, so it's MY fault when I run into something on my motorcycle, HUH?!"

"Oh ok, well, have fun. I'll be safely over here. "

a zip bomb will only serve to hinder teenage/kid 'hackers' -- next you're going to tell me if I don't implement a zip bomb somewhere that it'll deprive the next generation of hackers of a valuable life lesson -- please.

At what point can we point out a flawed methodology without being accused of being 'the bad guys' ourselves? It gets to be that when you see someone making a mistake you feel like just letting them dive in and do it ; otherwise you'll be labeled the worlds' worst victim-blaming monster -- eh, easier to keep your mouth shut at some point .. that's a dangerous condition.


> a zip bomb will only serve to hinder teenage/kid 'hackers'

And that is literally what the blog post says - it will mess with script kiddies who don't change their user agent. Author acknowledges that it is not an actual methodology to protect their server, so pointing out that it's a flawed methodology is a weird flex. I have not seen anyone suggest using zip bombs instead of hardening the server.


From the article: "This script obviously is not - as we say in Austria - the yellow of the egg, but it can defend from script kiddies I mentioned earlier who have no idea that all these tools have parameters to change the user agent.".

Perhaps consider reading the article thoroughly before you start claiming it to be more than what it is.


For real

I definitely blame the "oh we should do nothing" approach to the current security situation

Yes, if you want to be the lame duck and get scanned leisurely by the bad actors and diligently serving 404s etc be my guest.

Then we wonder why email became useless outside of the big providers, and every site needs to behind a CDN, etc


unless it paints a target on your back




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: