Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
acdha 5 days ago

This is like saying it’s not Ford’s fault that they didn’t put in seatbelts and safety glass because people knew driving was unsafe. When bad outcomes happen at scale, you need a system-level fix.

EDIT: to be clear, the fix has arrived: had he used passkeys, this attack would have been impossible and every login would’ve been faster and easier. There are edge cases but this is literally the reason why U2F was created a decade ago.

blindriver 5 days ago | parent [-]

The author knew that the scam existed and he even was skeptical. Then chose to rely on it being true despite all the red flags. That’s his fault.

At some point people have to accept responsibility for their own stupid actions.

acdha 5 days ago | parent [-]

Yes, they made a mistake. They were honest about that.

A little secret which will help you in life: everyone makes mistakes, even people who don’t think they will, even you. Looking all the way back to last week and 2 major NPM hacks ago, you can get access to a lot of systems simply by hitting someone when they’re busy and distracted.

blindriver 5 days ago | parent [-]

There's a difference between taking accountability for your mistake and blaming other people for your mistake. Blaming others when you are clearly in the wrong is reprehensible.

acdha 4 days ago | parent [-]

That's a very harsh position to take and one I struggle to find support for in the post. I hope that you are never in the position where you make a mistake and others apply that standard to your response.

arx_ 4 days ago | parent | next [-]

Per TFA

Title: I Was Scammed Out of $130,000 — And Google Helped It Happen Heading: Google failed me in two ways Body: Google has become the vault of our digital lives — and that vault had cracks.

If Ford adds seatbelts and you decide to take them off because they annoy you; when get into a crash you can’t claim Ford failed you since the seatbelts weren’t forced upon you more.

acdha 3 days ago | parent [-]

Here are the two specific criticisms in the article:

> Phishing emails from “@google.com” made it into Gmail.

> Google enabled Authenticator cloud sync by default.

Both of these seem like fair points where one could reasonably expect one of the largest companies in the world to spend a tiny amount of money on security improvements which would make it harder to attack their customers. Not following Apple’s lead on security for Authenticator is especially disappointing since they have no shortage of good security engineers.

blindriver 4 days ago | parent | prev [-]

It’s weird that you think blaming other people for your own self-admitted mistakes is acceptable.

acdha 4 days ago | parent [-]

Good thing neither I nor the author did that, then.