Slashdot Mirror

It is a known fact that you don't have the information needed to determine it is "bullshit."

Precisely right. Just because the US Government says that Kaspersky Lab Software is a risk validates nothing about there being an actual risk. Of course, that by definition makes the evaluation bullshit.

And you never would have it. And the second part of what you said is therefore the whole part that isn't bullshit; it might be an emergency, in which case the network is fucked.

If it's such an emergency and the whole network is fuck, then the US Government position is bullshit for so loudly declaring a problem that leaves over a year of time to be exploited.

Since knowledge of the evidence for the concern is classified, you don't know about it; and even if you had a security clearance, we know your job doesn't involve knowledge of these particulars because then you wouldn't be allowed to tell us. So by definition, you can't know it is bullshit; you either have reasons to believe it is a problem, because there is public information about what the danger is in losing control of a network, or you don't fucking know.

National Security in this context is bullshit when the cat is already out of the bag. If the problem is really that severe, then the US government should revert to other, secure means and Congress should be paying for the switch over. Since none of this is happening, It's business as usual. Business as usual says the US is doing great which is either (1) bullshit disinformation for politicos, (2) bullshit disinformation to hide the cyber security clusterfuck, or (3) possibly an actual accurate assessment of the situation within their assessment abilities. I imagine it's a combination of the 3, which makes it bullshit.

I'll give you a hint: If your opinions about network security are based on your domestic politics, you're a fucking idiot.

If you listen to Aighearach's arguments on what to believe, are you any better?

I honestly don't know what the source is, but I do know that I am seeing "existing" functionality break with much greater frequency on core platforms like this. It just smacks of carelessness...

Got your tinfoil hats on tight? Get ready for a flight of fantasy:
Now what if... what if, hypothetically, the NSA is increasing their efforts and pushing more and more code out the door and forcing it down vendors' throats? All this magic code from the boys at the NSA is bound to have bugs and do all kinds of kooky crazy stuff in comparison to what the actual vendors put out. Furthermore, it sounds like the talent pool at the NSA has been a little drained lately...

Give it a couple minutes to simmer and then you can take your tinfoil hats off and go back to business as normal.

Yes. Amazon sells classified cloud services to fedgov too. https://aws.amazon.com/federal... https://aws.amazon.com/securit... http://www.nextgov.com/cloud-c...

If they can outsource their intelligence and analysis, of course they can outsource their data processing!!! http://www.bloomberg.com/news/...

CIA Chief Information Security Officer Sherrill Nicely: "“Cloud has been a godsend for folks trying to implement systems quickly and for us to secure workloads better. Our agency and other [intelligence community] components are busily working to move their workloads into the cloud, and off legacy and into the new.”

Unless $30K workstation guy is playing the ancient game of 'convince my boss to buy me cool shit I don't really need but want to play around with it'. That I can understand :-)

That is the fundamental problem. Almost no one actually believes that the NSA was acting in an unprofessional manner.

Remember LOVEINT?

What about recent allegations that many NSA workers are child-porn fiends?

When you operate with basically no oversight whatsoever, what's there to keep you within the bounds of basic professionalism?

For a federal judge to hit up Facebook after the "FBI Wants to Exempt Its Massive Biometric Database from Some Federal Privacy Rules" http://www.nextgov.com/emergin...

The problem seems to be not knowing if the clean up will happen or not. Since no one knows how to do the job, that is not too surprising. But, at least there is a promise of compensation for lost property if the clean up is a no go. If the same thing were to happen at Indian Point, the NRC has said there would be zero compensation. http://www.nextgov.com/defense/2013/09/new-york-wonders-where-nuclear-cleanup-funds-would-come/70800/?oref=ng-dropdown And, if you check your home owners policy, there is nothing there either.

It would look something like this .

Bruce Schneier's friendly reminder that distributed/encrypted cloud storage interferes with the cloud providers' business models. It'd be terribly useful, but I'm afraid they will keep on throwing sticks between our legs there for quite a while.

And that's a huge problem with cyber: attribution. Even if an attack appears to be coming from a particular source, that doesn't mean it originated from and/or was ordered by that source. In fact, intentional misattribution or denial of attribution is yet another element of cyber operations. From a US perspective, we still don't have a comprehensive set of rules of engagement for cyber, or even really have consistent, well-understood definitions for what constitutes "cyber war" (though there's certainly a lot of hype...)

Some relevant recent articles:

---

Cyber Command struggles to define its place on a shifting battlefield - Nextgov

The U.S. Cyber Command, which directs network offensive operations for the Pentagon and protects its networks, is becoming more open about the military’s capabilities in cyberspace. Recently, the Defense Department was forced to show part of its hand when leaks surfaced about U.S.-manufactured cyber weapons and cyber espionage missions. Still, since 2011, the department has told the world it stands prepared to protect U.S. national security interests through cyberspace maneuvers.

http://www.nextgov.com/cybersecurity/2012/08/hacker-wars/57438/

---

Confusion Reigns In Cyber Planning - AVIATION WEEK

Pentagon warfighters have for years been asking for a cybercombat policy, rules of engagement, funding and a less-fragmented chain of authority. But those needs remain unfulfilled as bureaucrats, lawmakers and top Defense Department civilian officials thrash about in a pit of indecision while an international complex of digital threats continues to emerge.

http://www.aviationweek.com/Article.aspx?id=%2Farticle-xml%2FDT_05_01_2012_p38-444018.xml&guid=74908

---

'Turf War' Slows New U.S. Cyber Rules - Defense News

Despite the ongoing concern about the escalating pace of cyber attacks, a new set of standing rules of engagement for cyber operations — policy guidelines that would specify how the Pentagon would respond to different types of cyber attacks — is being delayed by a debate over the role of the U.S. military in defending non-military networks, sources said.

http://www.defensenews.com/article/20120507/C4ISR01/305070015/-8216-Turf-War-8217-Slows-New-U-S-Cyber-Rules

---

Pentagon revamps rules of engagement for cyberwar - The Hill

The Pentagon is rewriting the book on how it defends against and possibly responds to cyberattacks against the United States, the top uniformed officer in charge of the effort told Congress on Tuesday.

http://thehill.com/blogs/defcon-hill/policy-and-strategy/218435-pentagon-revamps-rules-of-engagement-for-cyberwar

That's $11.7 million per year. Assume $50 per month per Blackberry, that's about 20,000 Blackberries. There are something like 2 million federal workers (executive branch only, not including postal workers). Seems like more than 1% of federal employees would be well served with a smart phone.

Except they are--presently, and "not sure" for the future.

The Mobile /Handheld CE development kit will be released in July of this year. The Army is whether or not a commercial made phone or government off the shelf model is more appropriate. Regardless, the Army says, the software development kit will be designed for a variety of Android based systems.

"I saw the ability when a soldier is wounded to take a picture of the wound and to pass that to the doctors, so that medics can make sure that they are treating the soldier in the appropriate way, given the wound that he has received. So there are many, many applications of this,"

McCarthy said that to date, the project has been run on shoestring budget, and he'd like to keep it that way. Defense contractors have provided him with proposals that would requrre the expenditure "of a lot of money," he said, but he does not want to pursue proposals that would transform a $200 commercial gadget into a $2,400 Army-unique phone. from

more...

• example
• example
• example

I'm not certain if the you you speak of is directed targeted at me or what you perceive to be people like me, but really, I think there's a benefit to people thinking critically and trying to not simply believe the marketing without due consideration and proper knowledge.

agreed. congress is going to step into siprnet too.
http://whatsbrewin.nextgov.com/2010/05/hill_wants_access_to_secret_siprnet.php
its time for more transparency with more people having access to siprnet and cloud based infrastructure supporting public information access to government stored data.

We have 19-20 year old Privates/PFCs/LCPLs, E1-E3 etc with at least up to top secret clearances, doing their daily, mundane work on the SIPRNET. Did you think PVT Manning's dumb ass was a fluke? The military is a pyramid that is FULL of E1-E3 at the bottom.

Sure, we need more gov't transparency, but putting more people on the SIPRNET is _RETARDED_, unless by transparency you meant more likely to leak. If anything they need to restrict more access to MOSs only available to those who reenlist. I know it's a shit job, but maybe baby soldiers shouldn't be made intel analysts, all I'm saying. I could go on a rant about access controls on the SIPRNET and whatnot, but the simple fact of the matter is that intel analysts are intended to have access to diplomatic cables as part of their job. That's what analysts do, read shit. That's why all those cables were written, for intel ingestion. For all you know, these cables might not have been on the SIPRNET, but on a more classified network. Manning still might have had access as part of his job.

So fix the _real_ problem. Hand all military intelligence duties to the Marine Corps. Float it around congress for a week and that will light a fire under the Army's butt.

Need to look up the best way to get a Humvee out of a mud pit? There's an app for that.

Need to find the nearest supply depot while avoiding roadside bombs and enemy fire? There's an app for that.

Need to see the location of every friend and foe within a 100m radius without any additional devices or infrastructure? There's an app for that.

Defense says monitoring objects in space becoming more urgent

Your solution of investing in the infrastructure is completely correct, but is a completely alien concept in modern business practices. Investment is a cost, and so by not investing you're cutting cost and maintaining profit.

AT&T's behavior is endemic in American business today, and has been for god, 20 - 30 years? The US frequently comes in near the bottom, and all too often, dead last when its infrastructure is compared to the other industrialized nations. If you just compare the modernized coast of China, it's infrastructure is better than the United States. Our broadband is horribly slow. Our cell phone system is antiquated and undeveloped. Our electrical system is overstretched and prone to brownouts. Since everyone else can't be "ahead of the curve," we're left with the unescapable conclusion, that we're behind it. We're way behind it when emerging economies are on par with us.

It's not just infrastructure. The auto makers are in collapse (with the notable exception of Ford) not only due to crushing healthcare costs due to retirees, but also because the lack of will to adapt to new trends and technologies. It's embarrassing that after getting their lunch ate by the Japanese back in the 70s when Detroit was turning out crap (in all fairness, American cars today very well made, and can compete in quality with anyone), that they let it happen again by placing all their eggs in the SUV basket while not just ignoring, but actively fighting fuel efficiency standards and slow walking the development of hybrids and all-electrics. Guess who owns that market now?

With electricity, we're told that our infrastructure doesn't suck, but yet a fucking squirrel can cut off 50 million people. Meanwhile we're told to deregulate to decrease costs, but instead we get market manipulation that actually increases costs. (It seems like we always forget why the regulation was put in place the first time, and then we have to repeated learn that companies will screw over the most people in worst possible way, thus harming all of us, all to increase profits.) Then when we do say that we're going to invest in a new electrical infrastructure, and do develop new technologies, we don't. The US is already lagging the world in green technology development.

We make nothing here, except except "exotic financial instruments," and we know how well those work. Yet, people wonder why this is is the second jobless "recovery" in a row. Real unemployment is at 17%, but hey, the Dow Jones Industrials have been on a steady rise since March, so everything is cool. Wages are down, unless you're to top 1%. The Chicago Fed reported that the US has the most unequal wealth distribution of any OCED country. We have government that won't pass reform that 65% of the public wants, because it would hurt the megacorp that bought politician.

We've been asleep at the switch for too damn long, and now we're over the cliff.

When Obama came in and was talking about reform, and infrastructure investment, and new technology investment, I thinking that it was about damn time. Yet, we're not getting it. Instead we get "too big to fail." None of these promises are playing out like he said, because the entrenched interests, and yet you can't vote for the Republicans, because they simply deny there's a problem.

Goddamn we suck.

TFA seems to be wrong about this including US citizens. While I think fingerprinting anyone, citizen or not, coming into the country isn't something we should be doing, and certainly not when exiting, the bit about fingerprinting exiting US citizens is found nowhere other than in the article from IT News Australia. The actual DHS press release is very specific that this is a planned extension to US-VISIT and, as such, only applies to non-US-citizens:

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=AUSASAIR.story&STORY=/www/story/05-28-2009/0005034173&EDATE=THU+May+28+2009,+01:22+PM

Several additional articles all clearly indicating that this applies only to non-citizens:

http://www.fcw.com/Articles/2009/05/27/Web-US-VISIT-pilots.aspx
http://www.nextgov.com/nextgov/ng_20090528_7835.php?oref=rss

One of the largest stashes of medical data Johnson discovered during two weeks of research he conducted in January was a database containing two spreadsheets from a hospital he declined to identify. The files contained records on 20,000 patients, which included names, Social Security numbers, insurance carriers and codes for diagnoses. The codes identified by name four patients infected with AIDS, the mental illnesses that 201 others were diagnosed as having and cancer findings for 326 patients. Data also included links to four major hospitals and 355 insurance carriers that provided health coverage to 4,029 employers and 266 doctors. File-sharing networks used to uncover thousands of medical records

The law gave the job of enforcement to HHS, including the authority to impose fines of $100 for each civil violation, up to a maximum of $25,000. HHS can also refer possible criminal violations to the Justice Department, which could seek penalties of up to $250,000 in fines and 10 years in jail. Medical Privacy Law Nets No Fines

20,000 violations * $25,000 per violation fine = $500,000,000.00 in totals fines; I don't see the problem! Seriously tell someone they owe a half a billion dollars in fines it's going to get the attention of the whole community.

Try this link for more information.