What qualifications would those be? The ability to rapidly spin stories so that they sound less critical of people in power? The ability to tap into voicemail systems and listen in on people's private messages and then later claim they had no idea it was wrong? The ability to take a good, solid beating from the police without complaint? Their ability to ignore hard news that people might find boring, and instead publish full-page articles about someone's cat finding it's way home? Their ability to accurately gauge what amount of bribe money needs to go to which hands so as to not strain their employers 'petty cash' accounting? Perhaps it is their ability to report what the AP already reported about something and pretend they were actually there to personally witness it? ...or perhaps it's their ability to take stories from PR firms and publish them largely unedited as op-ed pieces. ...or perhaps it's their ability to listen to even the most delusional politician's explanations about things which are so counter to common-knowledge that you'd think they were auditioning for a role in a science fiction movie, and not even once ask the interviewee, 'Wait... do you mean to tell me you actually believe this load of horse-shit you're telling me?"

Yes, those are some hard qualifications to meet. Most people would suffer from insomnia, depression, and a host of other maladies just from encountering even a few of those problems.

In pretty much every case lately where certain someones have wanted to stomp on the freedom of the press, it hasn't really mattered whether they're a blogger, a radio news journalist, a television news reporter, or a mechanical-typewriter toting hardliner for the New York Times. The cops haven't made any distinction between these at all and have simply done their level best to completely silence the press.

This is merely a distraction from the actual problem that freedom of the press is as big of a joke as freedom of speech and freedom of assembly. If you want any of those 'freedoms' you basically have to bribe someone for them or you get thrown in jail for daring to use them.

Lieberman Software is in the business of selling IT security products. Is it really that hard to believe that they've sufficient incentive to "creatively restate" the parameters of the their testing in order to sell more product? Bias matters, and that study is not unbiased.

Net-security.org, for their part, are only inflaming matters further by restating things an even more inflammatory manner.

Basically, you need to ask something that this article neglects to question: Did 26% of the respondents merely say they were aware of other employees *using* the shared passwords, or did it specifically detail abuse of a shared password to gain unauthorized access to information that ethically-speaking, they shouldn't be going anywhere near. Both of those are cases are considered felonies, by the way. It's very easy for someone to argue that *any* shared password use is an "abuse" and that any information access from that point is "illicit"--but without knowing specifically what question was asked, these "results" are more likely just a distortion of fact in order to sell products and services.

I am personally aware of shared passwords in many organizations. I am also occasionally privy to information I shouldn't be--specifically, people's emails. The key difference being, I *don't want to know*. I, and thousands of admins like me, wind up seeing your boring little emails while trying to figure out why they didn't arrive in your inbox already. Over time, we develop the ability to be self-redacting and immediately forget what was just on our screens--because not being able to do that means being burdened with other people's secrets that you'd feel better not knowing. This is a far, far cry from the sort of "abuse" this report pretends to show, but vendors loooove to construe one as the other in order to sell service contracts.

Frankly, this doesn't sound any more realistic than the old one about employees giving up their passwords for a candy bar. What you don't get told about those is that the employees are usually being told they have to give their password up to their immediate supervisor, and not being given any guidance as to why they're being directly ordered to violate company policy. In most offices, people who ignore direct orders being given by a live person over something written on a policy paper tend to suffer bouts of sudden and chronic unemployment--so... plenty of reason to "violate policy" there, normally "secure" employees are going to capitulate for that kind of request. Then the people doing the "analysis" stand around later and say "oh my gosh people give up their passwords for no reason!". I've personally, been given such a request in the past, and frankly since I was being directly instructed to do so, I turned over a hand-written copy of my password on the form provided...or at least, what my password was at that specific moment in time. Since I'm a twisted bastard I made up a new password just for them, set it in the system and then filled in the blank. ...and since the one written down was now "compromised", I then made up another password and changed it in the system again. I was unamused to find out later that someone was doing this as a "survey".

Don't be a gullible noob. Trust no "survey" coming from a vendor selling a related product unless you are being shown the exact details of the survey--because they're going to lie about it. Of that you can be sure.

Well... I guess this explains why it was that Facebook was trying to chum the waters about Google's social search features--because they were planning on partnering with Bing to do the exact same thing with social searches.

No, it's PCWorld that's brain dead. I know this will probably be about the zillionth time someone's asked this, but it bears repeating until a decent answer shows itself: Why the hell is Slashdot linking to anything written in a rag that's only of interest to bored secretaries and marketing people? ...especially a jackass article like the one being linked. Using their same logic, literacy is dead because most people are functionally illiterate.

What the hell? The Commodore's BASIC interpreter was not Microsoft BASIC. It was just the Commodore's variant of the BASIC language. Microsoft had not a bloody thing to do with it.

What? Have things now become so gentrified that this question even needs to be asked?

Release it already.

The 90's were great because there were active threats from all sides, spurring people to meet the challenge with actual defenses against the mayhem. By comparison now things are much more secure, but they are also incredibly less exciting, and markedly less progressive. If developers/coders are driven by a need to scratch an "itch" then by all means let's make things itchy again.

The software is non-malicious you say? Great! If nothing else it'll serve as some things for people to think about as they continue to develop their environments, and at the very least it sounds like you may have identified some genuinely soft spots in the current generation of Linux distributions. You would be far from the first person to post non-malicious proof-of-concept code to say, Bugtraq. This is not new ground--no one is going to claim you did something wrong by publishing.

Release it already!

Either we're tough enough to handle it, or we'll get tough enough to handle it.

What I don't get is how this slipped past their attorney without him realizing it actually constitutes a violation of the Computer Fraud and Abuse Act.

Follow along with me carefully here...

The TOS of most of these sites only allows the individual to use their account for their own uses, and generally explicitly forbids sharing the account with anyone for any reason (barring the strange convolutions of minor-guardian relationships). Doesn't matter what Bozeman puts on the form--it doesn't and can't change the existing agreement between the user and the social networking site.

Violating the TOS basically invalidates the account, meaning it's very much not okay for someone other than the actual account owner to use it.

That's absolutely using a set of authentication credentials to exceed ones access knowingly, because it doesn't matter *what* the girl from HR was doing in that Facebook account--it's not their account, the owner can't legally give it to them, and Facebook expressly prohibits anyone other than the account owner from using it. This is rather explicitly illegal and has been for oh, about twenty years now.