WTH is hacking such a seemingly trivial thing to do?

WTH is hacking such a seemingly trivial thing to do?

Lately it seems that any entity targeted for a good old fashioned hack - be it media and other corporate interests, or government bodies including the Pentagon; whether it's websites or phones, hackers have become like the janitor with a master key to all the lockers.

Are these folks really that brilliant at getting past firewalls and password-protected systems, or are News Corp and the Pentagon using '123456' passwords?

Not a tech newbie here, but this one has me wondering.

That is a commonly-held fairy tale that makes it possible for
companies like Microsoft to sell the crap they sell and get away
with it.

Mathematically-proven, hack-proof software can be designed,
deployed, and used. But creating and proving such software
is difficult, time-consuming, and expensive. It's much cheaper
for companies just to provide minimal compensation after our
Mastercards and Visas are stolen. If there were laws properly
regulating the security of data held by corporations, you'd
probably see more difficult-to-hack software.

It would also help enormously if everyone threw away all of their
copies of Windows, Internet Information Server, and everything
else ever made by Microsoft.

Tesha

They want fast and cheap. Half of them want free. The problem is that you can't devote thousands of man-hours to security use-case and penetration testing when you'll only be selling the program for $59. Security testing is expensive, slows down development, and drives the price up. People wont pay for it, and you can't sell software for a loss and stay in business.

We also tolerate a certain amount of crime rather than pay
exponentially more to police the world into perfection.

It all comes down to trade-offs.

But perfection is nearly achievable if that's what is wanted.
You didn't see anybody hack the Mars Rovers and you didn't
see them get stuck because of the software hitting a "Blue
Screen of Death".

Tesha

Firstly, there are companies that specialize in all sorts of hacking systems that can beat firewalls or come up with popular combinations that can crack through security systems. Some companies have master access numbers that circumvent passwords for "maintenance" purposes. In short, anyone who wants to hack into a computer or cellphone can and will. Now a question is if NewsCorp did this on their own or did they do it in concert with others...such as the NSA or the boooosh regime.

The other part is the cover-up...the lies and pay-offs that Murdoch used to try to make this scandal go away and how he's done business. The fact that so many of his former hires ended up in government jobs and in crucial positions involving investigations is what makes this scandal have many legs and could go for a long time. As is always said it's not the crime that does the most harm but the attempts to cover-up.

The Murdochs thought they had bought off the politicians and were bulletproof to do as they please. Yep, this is Rupe's bad hair day...he's pissed that all that money still didn't make things go away.

that is the collusion of the cellphone companies.

As for the hacking of News Corp websites, like FoxNation and the Sun newspaper, I think they allowed it to happen as a distraction from other stories.

How many US politicians and media figures will be implicated?

But even with hard to guess passwords until people start shopping for computer software or electronic
items based on their security rather than cost or ease of use or because 'every one else is using it'
things aren't likely to get better.

Even if you design the most secure system in the world its security is limited by how the cheap
the people who run it are to bribe or how easy it is to get them to be 'social engineered'
(see http://en.wikipedia.org/wiki/Social_engineering_%28security%29 ).

Seriously, it shocks me with how simple most average computer users make their passwords.

Here's a solid general idea - Create a password that is no less than 8 characters, and a mix of uppercase, lower case, numbers and symbols. This will make it tremendously harder to "guess" than if you were to simply use a word, spelled properly all in lower case letters.

then of course your actions would be "trivial". On the other hand, if you are an average citizen, or a whistleblower that exposes government corruption, then your actions are considered treasonous. Personal wealth and affiliations has a lot to do with the "triviality" of your actions.

The consequences, if any, are another thing altogether.

I tell my clients to choose a password that will take more than 10 hours to break when I send them to http://howsecureismypassword.net/.

They are typically 'amazed' at how quickly their passwords can be broken.

I'm not surprised. :)

That's why.

It's really as simple as that.

There are assumptions of "trust" built into the way the internet works.

"Security" consists of ad hoc fixes around those assumptions.