Jordan BrownAugust 5, 2011 5:50 PM

It's true, but on the other hand it means CIA did a poor job of handling the security of one of its properties.

If a painter's house has a bad paint job, it may not mean anything about how the painter will do on your house, but it's certainly not a good sign.

Richard Steven HackAugust 5, 2011 6:52 PM

Exactly. There's a reason hackers attack Web sites - frequently they can use them or the information gained by trying to bring them down to gain access to more secure sites. While this is less likely with the CIA, who can say for sure unless it's tried? HBGary Federal was a computer security site and it broke fairly easily.

This isn't some porn site or some individual's site. It's the CIA which would presumably have a budget and motivation to not allow this.

Would this comic say the same thing if it was Al Qaeda that hacked the site? At the very least it's embarrassing.

me2August 5, 2011 9:16 PM

Thank you for posting that XKCD link. I especially liked his circuit diagram. One of the best I've ever, ever seen.

I think that and I don't even know what they are!!

You rock Bruce :)

blueskyAugust 7, 2011 5:09 AM

It's not even that the poster was torn down; a more accurate analogy would be that lots of people went and sat in front of the poster so no-one else could see it for a while!

(I'm assuming this was a DOS attack)

Clive RobinsonAugust 7, 2011 4:49 PM

I think the last box in the commic was wrong...

Instead of "CIA!!" it should have been "CIA zzz zzz zz..."

Chris ZweberAugust 7, 2011 9:01 PM

Facebook just changed default settings to browse unsecured. What is the economic motive behind not defaulting https? How much more expensive is https to administrate?

camcoloAugust 7, 2011 10:57 PM

As always with XKCD comics the true joy is in the images alt-text. Go back and hover your mose over the strip and enjoy the cutting sarcasm and insight that shows the author really gets it. Beware L.A.D.D.E.R.

kog999August 8, 2011 2:27 PM

"Facebook just changed default settings to browse unsecured. What is the economic motive behind not defaulting https? How much more expensive is https to administrate?"

Running https puts additional load on the servers reducing the number of simultaneous connections a server can handle. While it’s not much additional load per connection with operations the size of facebook this can add up quick. Setting SSL as default would require facebook to purchase, maintain, and administer more servers or more likely separate devices to process SSL connections (SSL Offloaders).The exact amount of expense that would be incurred by adding this would depends on a number of factors, but its greater then $0

Clive RobinsonAugust 10, 2011 3:59 AM

@ Keith,

No no no...

Read the last frame it's "Horse battery staple correct" 8)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.