Hacker News new | past | comments | ask | show | jobs | submit login

Your security is increasing at risk from organisations and corporations whose own grasp of security is appalling. Because instead of dealing with it they externalise risks and consequences onto the public and customers.

Even worse, is where attempts to query that security is actively punished.

This is typical now. Listen here (at 42:20) with an example regarding the UK NHS whose incompetence plays directly into the hands of cybercriminals.

[0] https://cybershow.uk/episodes.php?id=24 (time:42:20)




Since the link to this podcast is in your profile, you're affiliated with it, right?


Yes


Even worse, is where attempts to query that security is actively punished.

like this case: https://news.ycombinator.com/item?id=37250024


My UK bank semi-regularly cold-calls me and ask me to authenticate by providing personal information. When I decline they readily tell me instead to call some number available on the bank website. So they not only are incompetent, they actually know it.


why? isn't getting the number from the website the right action? you can verify that you have the bank website, get the right number, and i presume even go to the bank branch to get the number in person, and then save the number as it should not change.

or are you referring to the call itself? i wonder why they need to do that.


It is the right action, and they should say exactly that when they call: we need to talk to you so call us at the number in our website.

Instead they try to do the wrong unsafe thing, but when pointed out they switch the script. So they can't even claim ignorance of basic security .


Excellent example em-bee, thanks! I'm writing up a blog post on this subject, so more examples welcome plz.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: