On the other hand, when AT&T leaves its doors and windows open 'in the web' they get a free pass from the general public because the technical aspect is lost on them.
If a bank used someone's first and last name as the 'access control' to their money, sure someone breaking in and stealing things is wrong, but should the bank be punished for negligence? Probably. When companies have security breaches 'on a computer' why is this different? Why the free pass? Why is the person that 'broke in,' or that that pointed out the flaw without breaking in the bad guy? Why aren't the companies themselves held to task for creating shoddy controls, and not following best practices when it comes to computer security?
A better example to demonstrate what's going on to the public would be to have a web form that says "Enter your SSN#" and a submit button. People understand that. Changing the terms in the URL bar is voodoo to many people, and this unfortunately leads to the belief that someone exercised nefarious skills to pull off an attack.
If a bank used someone's first and last name as the 'access control' to their money, sure someone breaking in and stealing things is wrong, but should the bank be punished for negligence? Probably. When companies have security breaches 'on a computer' why is this different? Why the free pass? Why is the person that 'broke in,' or that that pointed out the flaw without breaking in the bad guy? Why aren't the companies themselves held to task for creating shoddy controls, and not following best practices when it comes to computer security?
A better example to demonstrate what's going on to the public would be to have a web form that says "Enter your SSN#" and a submit button. People understand that. Changing the terms in the URL bar is voodoo to many people, and this unfortunately leads to the belief that someone exercised nefarious skills to pull off an attack.