> Wow. That must be why half the posts on here are about security
really? so those discussions are all held amongst programmers eager to use these security vulnerabilities to illegally exploit systems?
Or are they entirely groups of programmers dedicating their careers to being very worried about the prospect that our systems might not be secure enough? Is that not an ethical position?
> Case in point, some groups of no doubt talented and extremely ethical programmers hold companies at ransom for bitcoin payments or they'll be DDOS'd into the ground.
We're talking about the prospect of an industry being held as globally unethical, not that people will become aware that software can be used to commit crime. Many crimes are committed with guns - is there an outrage against gun owners as a group, that they're all just criminals ?
> No, we're doing just fine as a profession. I'm sure my bank has its warts but they don't hold a candle to some of the stuff I've seen in the programming world.
> so those discussions are all held amongst programmers eager to use these security vulnerabilities to illegally exploit systems?
No, that's the other half of the equation. But you need both, people that are the 'bad guys' and people that are the 'good guys'.
> We're talking about the prospect of an industry being held as globally unethical, not that people will become aware that software can be used to commit crime.
Well, what if it's both. Software can be used to commit crimes and the software professions is at least actively helping in many crimes where software needs to be written in order for the crime to be perpetrated.
> Many crimes are committed with guns - is there an outrage against gun owners as a group, that they're all just criminals ?
Depending on the country, yes, people tend to frown at gun owners in some places and even though not all of them are criminals some of them are. Whether or not the %age of criminals that legally own guns is larger than the %age of people that do not own guns and that are criminals is something I don't have statistics on but it would not surprise me depending on the location where you polled.
> I think you're grossly underestimating the scale of crime being perpetrated by banks even very recently.
Yes, and they ALL needed software to do that, by themselves these bank dudes would be about as able as a general without an army.
> Start with worldwide currency manipulation:
Very bad stuff. So who got charged? Anybody go to jail yet? Still wondering why they feel that they can get away with it in the next round?
Society has checks and balances and those tend to fail if enough money is involved.
The point of having some rules of ethical conduct is that you try to take the money out of the equation and focus on the actual deed, and the responsibility flowing from that.
> really? so those discussions are all held amongst programmers eager to use these security vulnerabilities to illegally exploit systems?
Those discussions tend to occur on different forums. Their absence here is no sign of their absence elsewhere. And for many of us, our biggest issue with Aaron Swartz is not what he did, but how he was treated.
> Or are they entirely groups of programmers dedicating their careers to being very worried about the prospect that our systems might not be secure enough? Is that not an ethical position?
That's a nice, positive view of security researchers. For what it's worth, it's one I hold myself.
But we don't exactly hear a lot about those who skipped the whole "ethical disclosure" debate, of if their specific position is indeed ethical, and went straight to selling exploits to the NSA or criminal enterprise.
Meanwhile, global botnets are common enough that we don't hear about most of them in the news - because they're not newsworthy - except for the rare occasions some security researchers manage to put a dent in one of the larger ones. And everyone gets pissed at Microsoft for mishandling no-ip.com's domains in an effort to fight malware. Not to mention the number of times I've heard of account details of services I use being compromised.
Meanwhile...
> More than 5% of people visiting Google sites have at least one ad injector installed. Within that group, half have at least two injectors installed and nearly one-third have at least four installed.
> Thirty-four percent of Chrome extensions injecting ads were classified as outright malware.
The only reason Superfish was newsworthy wasn't from potentially injecting ads into your banking website... but from completely fucking up the security of your browser to the point that anyone could MitM anything.
really? so those discussions are all held amongst programmers eager to use these security vulnerabilities to illegally exploit systems?
Or are they entirely groups of programmers dedicating their careers to being very worried about the prospect that our systems might not be secure enough? Is that not an ethical position?
> Case in point, some groups of no doubt talented and extremely ethical programmers hold companies at ransom for bitcoin payments or they'll be DDOS'd into the ground.
We're talking about the prospect of an industry being held as globally unethical, not that people will become aware that software can be used to commit crime. Many crimes are committed with guns - is there an outrage against gun owners as a group, that they're all just criminals ?
> No, we're doing just fine as a profession. I'm sure my bank has its warts but they don't hold a candle to some of the stuff I've seen in the programming world.
I think you're grossly underestimating the scale of crime being perpetrated by banks even very recently. Start with worldwide currency manipulation: http://www.nytimes.com/2015/05/23/opinion/banks-as-felons-or...