I'm sorry. Is this Slashdot? This articles reads like it was written for the idiots, by idiots.

I've only skim read this dross, but it doesn't seem to make any concrete points. It draws attention some stupifyingly obvious security considerations (I wouldn't go as far as to call them bugs), babbles on about Windows spyware and then has a short excerpt from the GoDaddy help (what the fuck?)

What a waste of text, this boils down to 4 things:

1. User chose an easily guessable user/password for FTP.
2. User left user/password for FTP somewhere world readable
3. User got spyware which stole FTP details stored on his machine.
4. MITM attack on FTP session, stealing user/password over the wire. (this one I assumed because it's recommending SFTP without tellings us WHY)

Let me cut this craptastic essay down to size:

Easy to crack passwords get cracked easily.
Spyware steals login credentials.
Hackers can use MITM attacks to intercept data.
People are stupid and sometimes leave login credentials in a public page.

Frankly the editors should be embarrassed.

Guess the OpenSSH bug is real...

...is misleading. New summary:

Bayesian filtering.

NEXT PLEASE.

...Blame?

Where did you get that from?

...what the US tells us to, don't we?

*sigh*

"I guarantee you are being exceptionally naive."

Can you give us some idea of why?

I too am a software developer (and project manager), and "I'll build it for half the price" was the first thing that popped into mind. I could hire a team of world class coders for a year and still have a tens of millions left for the beer money.

FTA:
"The project requires much more extensive planning and analysis than we originally predicted and we are committed to a very thorough planning process," he said. "We know that is key to success."

This sounds like Software Engineering 101, ie. don't start coding until you know what the fuck it is you're trying to produce.

Also FTA: "Moreover, a company fired over subpar work creating Wisconsin's statewide voter database in 2007 is working as a subcontractor on the project."

So to me, the obvious problem here is they hired cowboys to do the job. Have I missed something? I could start and run a consultancy firm for 3-4 years, off the inital investment alone.

I'm perfectly willing to be proven wrong, so can you give us some idea of the pitfalls that could occur (bearing in mind that I have $28m to throw at any potential problems)?

"...but the idea is you can't inflict a fatal wound. Nobody could just grab one out of the kitchen drawer and kill someone,"

Bollocks I could.

Tilt the knife a quarter inch up when you thrust and he's dead.

Pointless, remain in Idle....

So, the whole bloody thing is total waste of time.

Thank god.

And what percentage of the wealth did that 3% inherit relative to those who made their own money?

Not even trying to be a smart-ass, genuinely interested.

Mod parent up + 1 Funny.

Just for the record: Fuck Aptitude.

apt-cache search *expr* | grep *exp* #if needed
apt-get install *package*

How is that not much easier?

Some rather unpleasant comments coming off of you lot.

The poor chap sounds like he'd had a bad decade, and this just topped it off.

When your business collapses overnight (which is what happened here), you're facing god knows how many lawsuits (which is what would have happened here) and the people you'd turn to for support are dead... Well, I'd imagine what follows are some rather sobering thoughts.

My heart goes out to his remaining family, and those of you modded "Funny" should go gargle some engine coolant.

By the way I agree entirely with you on the subject of voting machines, and on probably 99.9999% of other devices, but I understand the fraud "community" better than many others here, and while it would be nice to have openness, we're talking about motivated people who know what they're doing.

They don't give a shit about your idealism, they see weakness, they exploit it.

There are very few known ATM scams out there apart from skimming, that didn't require fairly intimate knowledge of the systems involved.

And as an idealist, I'm there with you. But as a pragmatist, this was a total fuckup.

Looking at it from a malicious perspective, if i knew a certain ATM brand ran Windows, I'd have a field day.

Why? Look online, anybody can learn to code for an XP machine, all the nooks and crannies where you can hide malware are easy to research, methods for bypassing anti-virus software are all public domain.
The ways INTO a windows machine are well known (we can assume this is running on standard hardware), be it via USB, CD, over the network (and remember, ps tools). All the tools for extracting/cracking windows password hashes are freely available, and was it up to date? Plenty of public exploits out there in the wild.

So Windows is out, because it's too well known. You can plan in advance how you'll attack the box, you can set up your own test bay (after all everybody can get their hands on a copy of windows), you can write the malware in your own time, and then, quickly infect the ATM when the time is right.

Are you telling me a different, fully open sourced and freely available, OS, would mitigate all these issues?

I will not get into the obscurity or security debate. Suffice to say this particular issue is not about transparency, this is about keeping the bad guys out, and by giving them the blueprints to your system, you make their lives infinatly easier.