Slashdot Mirror
How Safe are Government Computers?
KingOfBLASH asks: "Recently, when I was in the local City Court to protest a parking ticket, I noticed that all of the computers were running Windows (some as old as Windows 95!), and there were definitely network cables snaked around them. The City Hall suffers from the same affliction. Given that some of these computers have passed the End of Life for support, and there are a number of known exploits, how safe our government computers? What damage could be done if they were attacked?" It would be interesting to note if it's just local governments that may be running lower-than-expected tech or regional governments, as well. It would also be worthwhile to hear how governments outside the US compare to their American counterparts.
Reports Third Quater Profit of $200 Million,
Revnues up 19%,
Profits Before Investment Gains up 43 percent
By GNAA Business Systems Development director, rkz
East Midlands, United Kingdom -- Today, GNAA announced financial results for its fiscal 2004 first quarter ending April 1, 2004
For the quarter, the Company posted a net profit of $200 million, or $.55 per diluted share. These results compare to a net profit of $203 million, or $.60 per diluted share, achieved in the year-ago quarter. Revenues for the quarter were $1.825 billion, up 17 percent from the year-ago quarter, and gross margins were 29.8 percent, up from 27.4 percent in the year-ago quarter.
International sales accounted for 46 percent of the quarter's revenues.
"Strong earnings combined with superb asset management resulted in positive cash flows from operations of $234 million," said timecop , GNAA's CIO (Chief Information Officer). "GNAA finished the quarter with $3.8 billion in cash and short-term investments."
"We're pleased to report our eleventh consecutive profitable quarter, with net profits up 43 percent," said Penisbird, GNAA's CEO (Chief Operation Officer). "We had a strong quarter for our pro products, especially Gay Nigger erotic literature."
About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!
Why not? It's quick and easy - only 3 simple steps!
First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it. (You can download the movie (~280mb) using BitTorrent, by clicking here.
Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website
Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!
If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.
If you have mod points and would like to support GNAA, please moderate this post up.
________________________________________________
| ______________________________________._a,____ |
| _______a_._______a_______aj#0s_____aWY!400.___ |
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
| _j#'_.00#,___4#dP_"#,__j#,__
On the other hand it would be easy to fit goverment with the latest in secure systems. Just pay more taxes.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
In reality Windows 3.1 was a pretty secure OS - after all there was no networking built in (it was an add on) so very few remote vulnerabilities. That said - there were a LOT of vulnerabilities in the add on software to get them on the network. The other thing going for them is if they are old enough a lot of the vulnerabilities (various scripting flaws etc.) weren't built in to the level that they are today - making the current crop of random Trojan horses a lot less effective
I have mod points and I am not afraid to use them
how much information on these is machines is public record? how much of government records should be confidential? what i would worry more about is people tampering with the records, doubling my property tax and so on.
:) don't get me started about identity theft! (like why is SSN used for anything OTHER THAN social security?)
also, what if any liability does government have for misuse of information? an infamous case was a state (CA?) that gave out auto licence plate information promiscuously enabled a stalker to locate and kill a woman. for a time state governments were selling driver's license information to marketers, all the way down to the height and weight info. i worked on a proposed "violent gang database" collecting officer intelligence on alleged gang members, such as nicknames, residence, and so on -- i asked, what if the data falls in the hands on an enemy gang?
i would suggest that government should be held liable for negligent dissemination of private information, and that some sort of comprehensive plan regarding what is "private" and what is required to access private data. right now i can apparently find out how much my neighbor paid for her house, how much she gave to poilitical campaigns, where she's lived for the last 20 years -- questions i would hesitate to ask to her face (and she's nice!). what's going on here?
this touches a nerve, as you can see.
Public computer, public toilet. City Hall *says* they are clean. Who am I to argue?
Don't blame Durga. I voted for Centauri.
City officials are scared shitless of workers who don't do much anyway doing stuff like surfing porn and gambling online.
Because of this, places with a nonexistant or weak IT staff don't allow internet access to most employees, leaving the computers less vulnerable.
The worst offenders IMHO are large agencies with multiple branch offices. Things like agricultural extensions, social services and DMV offices.
Also, Federal IT is a joke. The military is or was too busy adhering to insane specs to update computers. Medicare and VA networks in particular are worm breeding grounds.
I recently had one fall on me and it bloody hurt!
-psy
As a county DBA / Network Technician, I can tell you that most government computers are secure and often more secure then some of the vendors/businesses we deal with. Unlike corporations, we have mandated audit processes. Our agency just went through an extensive IT audit conducted by a legally seperate internal auditor who hired out much of the audit work. From a technology stand point we are very secure (biggest problem was lack or written policy). We take great strides to make sure our network and systems are secure and most other local government IT people I talk to do the same thing.
We as taxpayers/employees take great pride in protecting the public's information. And while one respondent asked about public record, yes most are public but we MUST control the way in which the public gets access.
When aquisitions are written into a contract or pre-set by an annual budget, this means they probably left out long-term maintenance, upgrades, and funds to pay anyone do to maintenance and upgrades. Welcome to basically every bureaucracy large and small on the whole planet.
For example, wasn't it the good ol' Department of Homeland Security that scored an 'F' for network security this last year? Wasn't the Department of the Interior that was ordered off-line for gross negligence? Large and small, they all fall.
Have a nice day.
Vote in November. You won't regret it.
snaked around them.
So what? Just because they have a network card and some cabling does not necessarily mean they are hooked to anything but another computer in the building.
I don't believe the question here is 'how prone to hacking are these computers' I believe the question is, 'how strong is the firewall protecting them.'
That is of course assuming they are 1 connected to the internet, and 2 firewalled.
The county government here has one computer on the internet, and it's isolated from the other computers, i.e. not networked in with them.
Nice move. Somewhere deep in the dungeons of the White House, your name has just been added to Bush's big black book labeled 'terrorists'.
Everyone knows that speaking out against the government's insecurities are terrorist actions.
Does anyone but me think this terrorism scare is borderline mcarthyism?
Try asking federal employee a few simple questions and you will find the majority of them know next to nothing about security (other than how to log on to their workstation).
...we are from the government - we are here to help...
What damage could be done if they were attacked?
If anyone wants to take the chance of finding out how secure they are, can you get rid of those pesky parking tickets in my name?
Through a convoluted connection, I got asked if there was a USB driver for Win95 (apparently if you've done SP2 there's a quasi-working driver - thanks to 30 seconds of googling). People in city offices apparently needed to connect "modern contrivance" like Palm sync cradles which are no longer serial, but got the standard "that's not supported, get stuffed!" from city IT.
The bizzare part was I was working for PG&E as a contractor and somehow *I* was the one who got asked the question! Don't ask! Given how anti-business and anti-tech the city (despite being the center of the dot-com boom), it's not surprising city employees use *other* connections for support rather than actual city employees!
Is the city secure? Maybe only because so few people could actually make do regular work let alone something nefarious - security through malfunction? Strictly the networking security has got to be truly scary.
Government as a whole is an organization where incompetence is promoted over skill. No were is this more evident than in IT management. Political connections are useless when you are trying to secure a network especially one connected to the internet.
The local government that prints my paycheck (dot matrix) uses a combination of hardware that ranges from way out of their league equipment (High End Sans) to software that is ten years out of date (citywide financials). The city manager wants to offer web services, but does not understand that the backend is still all paper and there is no money/hope/will to fix it. The network is open and unrestricted (some windows 2k security, but no current patches). For the record, I do not work in the IT department although I interact with a lot of very skilled, hamstrung people that do.
Virus scanning joined our network a couple of years ago after some huge e-mail virus infections gave the IT folks a couple of black eyes. Now there is so much network traffic from the AV Management Software checking in every five minutes that everything else runs slow (so often, that users have learned to disable it).
My social security number sits in a database that until 3 months ago could be accessed by a citywide community password. Want to know what your supervisor makes? Click a few buttons and you are gold.
Physical security is pretty much non existent in most government facilities. Recreation facilities, Libraries and meeting rooms all have unprotected drops that lead straight to the network core. Wear a phone company T-shirt and you can walk into a police station or fire house no questions asked. Drop a WAP access point and hack from the car if you don't find an open access point waiting already.
Government computing is open, but not on purpose. I fear more for my personal information being pillaged from government than from any private source. My only consolation is that the poor quality of government records will limit the data's value.
There have been everything from machines that run only 5.5 inch flopies (elemenerary school) to Windows 98 Beige boxes to fast Windows XP Dells. I think the oldest ones are all gone now. It seems that nearly all of the Windows 98 boxes are infected with malware. That's probably because no students are allowed to use the XP boxes regularly, and all the teacher's grading and attendance software is on the 98 boxes.
Interesting thing about the school's method of preventing data theft/corruption: store all sensitive data on 3.5 inch flopies and clone a new hard drive if the box won't boot at all. There's also some no-name antivirus software. All the attempts at cracking by students that I have observed ended in miserable failure, mostly because the 98 boxes don't have the Microsoft Visual Studio runtime installed.
Simon's Rock College
I write computer security policy for a federal agency. For the most part we have good and conscientious people who know what they are doing, and we have the money to buy stuff, at least once a year.
We also have ridiculous requirements imposed by Congresscritters and others who think they know something about cyber security, but they don't. These requirements consist mostly of endless paperwork.
There is one Congresscritter who makes a big show of complaining that government computers are terribly insecure, in the same manner and tone as the Joseph McCarthy red scare about finding alleged Communists in the State Department in the 1950s. His remarks tend to cause Federal managers to panic and do dumb things.
After we have wrestled our way through the paperwork shuffle du jour, we get back to doing our real work protecting the computers.
I work for a state Govt agency finally got an upgraded pc this winter (promised last summer). It has xp. However, I am one of the few that have xp. My PC they just replaced was still on Win98 which is mostly what we run. I don't work in IT (I'm in marketing), but I can safely bet any of you that there's only ONE member of our IT staff (7 members) that is more qualified for the position than I am. Reason: because I am a geek at home, and my SO works in the industry. This is just the cabinet/department I work in. Now our state gov't has an entire IT department under the governor's office that the cabinet/department level IT staff report to, and they aren't much better. Governments can do a lot with the money that have, it is just they don't always hire the best people for all the reasons you've probably heard...and the dedication of the staff. It is the same with private and public businesses, it's all about who you know...