Slashdot Mirror
Democratic Convention Computer Security Threat?
Hiawatha writes "Excuse me for tooting my own horn, but check out my story in today's Boston Globe about a possible security problem at the Democratic convention next week. If visitors plug insecure laptops with wireless connections into the convention's wired network, there could be trouble..."
Hm. Taking over the Jumbotron is probably the ultimate "Capture the Flag" contest.
---- join dshield.org Distributed Intrusion Detec
Don't all democrats run linux?
Boxing Equipment Reviews
From what I have heard, they are not allowing wi-fi of any kind. Not because its a security risk but because it can interfer with the equipment they really care about. the mic's and cameras and radios used to make sure everything goes smoothely.
I don't think there will be too much trouble with this. Just another company spreading the FUD trying to make a buck.
ummmmmmm... is that your real name?
Your hybrid is not saving the environment. Its purpose is to make you feel good about buying something.
The internet is so conjested with other systems trying to get into my system right now, what makes this any different?
Well at least it would, but I wound up disabling all that so the CEO could get on E-Bay.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Who in their right mind would want to hack into the democratic convention? The only ones I can think of are Republicans, and we all know they never do anything illegal like that...
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
the article doesn't contain any new info. Everyone know how unsecure network connections can be at conventions. everyone know they can cause havoc.
Even the SANS conference, with all the security gurus, had issues with providing network connectivity. That is why they longer provide network connectivity, WiFi or otherwise, in classrooms.
Consensus is good, but informed dictatorship is better
The Democratic convention will use a standard wired network rather than WiFi. But according to Maggio, this won't provide any extra security. That's because many visitors who'll plug into the network will have computers with built-in WiFi capability. The WiFi feature is automatically switched on when the computer is running. In effect, the laptop can connect to a wired and a wireless network at the same time.
So... let me get this straight... they are going to connect to my laptop's wireless NIC, and then piggyback onto the wired connection? Riiiiight... This would be tough to accomplish... even in Windows.
Maggio said that an attacker with a high-powered WiFi access point could set up shop outside the FleetCenter, and communicate with WiFi laptops on the inside. If these laptops haven't been protected with the latest security patches, a skilled intruder will be able to gain access to the laptop. He could then leapfrog onto the Democrats' network, allowing him to steal information or vandalize computers. ''By being on both networks at the same time," said Maggio, ''that can compromise the entire network security."
Odds are, these laptops have already been 0wn3d..
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Let the oxymoron jokes commence!
SteveM
Ah the consumer Internet appliances. Trying to make network engineers out of people that can't program their VCRs.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
It seems to me, even if you got into a laptop, the network should have enough security that, well, you could get to other laptops, but not to the main servers.
And I don't know about you guys but every time I've tried to work with connection sharing, it has required intervention on the machine that I was using to bridge the networks. It seems to me, if the servers are set up correctly this is more a case of chicken little.
=================
Unix is very user friendly, it's just picky about who its friends are.
QUOTE: "But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp." Yeah, I trust them.
How can they get hacked when it was AL Gore who invented the internet...
Easy solution. Change the wallpaper.
--
Are you a Chipotle Fan?
<snicker>
Why would they allow public access on the same network as sensitive info. I really can't believe that's true.
GETPKG - Package Management for Slackware
Maybe this is an issue that my little engineering brain can't understand (and if so, I would appreciate knowing why), but why can't they just have all laptop users disable their WiFi connections? Why would they have to block all computers with WiFi from participating at all?
Live free or die
Insecure laptops probably just need reassurance from their mother. Unsecure laptops, on the other hand....
http://networks.silicon.com/lans/0,39024663,391215 01,00.htm
--
Are you a Chipotle Fan?
Anti-Bush fanatics are so cute when they're foaming at the mouth....
"But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp."
We all know how competent those Microsoft security experts are. So, how many unpatched holes are still in IE?
You teach a child to read and he or her will be able to pass a literacy test. - George W. Bush
Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Nothing to see here. Move along.
"with their freedom lost all virtue lose" - Milton
Why don't they just use a PDA equipped with wireless network-clogging ability to disable all wireless networks?
...A huge faraday cage...
Repeat after me: "I am not a party. I am a person. I will cast my vote for the person who is most likely to represent me even though it may NOT be the choice of my employer, my friends, nor my family's historical voting record, nor anyone else's interest. I will vote for myself. It's why I walk into the voting booth alone instead of sending someone else to vote on my behalf."
If you have the priviledge to vote, don't just throw it away on the lesser of two evils when other choices are available.
Maybe somebody at the DNC has compromising pictures of George Bush getting wads of money stuffed up... oh wait, that wouldn't be news. (Same applies to Mr. Kerry) Just what sort of top secret information does anybody expect to snag? This is a planned media circus, not a cigar smoke-filled warroom meeting.
I don't see how the security vulnerabilities at the DNC are any different than any business, convention, or hotel on any day in any city.
Any decent IT manager knows that wireless networks pose a security threat, but precautions can be taken to eliminate these threats. Just some thoughts: 1) Anyone with a wireless laptop gets placed on a completely different subnet, 2) use WEP to keep out the idiot hackers 3) place a firewall and other security devices between the wireless portions of your network and anything important 4) etc. Point is, wireless is only a major issue for morons.
What is your penile percentile?
"I don't think it's selfish, to eat defenseless shellfish." -NOFX
...and of(I believe, hard to judge from the one photo I've seen of him) of African decent, so stop trolling.
Oh, and he has posted both stories and comments before on slashdot, and written articles for the globe on topics slashdot has brought attention to.
I think he dumbs down his articles too much for the Globe(or it would be nice to see some high-level articles, not just simple stuff), given that the Boston area is the technology center of the east coast- but otherwise, I like what he does.
I have zero respect for reporters who simply watch the wire and rewrite AP/Reuters articles, and I've seen some pretty bad(ie, barely qualifies as a "rewrite") articles from tech reporters.
Please help metamoderate.
They're going to use "free speech" zones for anti-war protestors. So much for being any different that bush. For a party that supposedly is Liberal they do seem to have a very distorted notion what liberalism is. Here's a lively discussion on it. http://www.peopleforchange.net/forums/index.php?sh owtopic=14871
Activists United
Don't bash on the democrats. This has been a problem ever since wireless networking has become ubiquitous in every convention, company, and private network. The democrats are no more or less susceptible than anyone else...
I am disrespectful to dirt! Can you see that I am serious?!
As long as Globe writers are reading Slashdot, perhaps someone could clarify this mystery:
- Yesterday's paper claimed that "11% of Boston businesses" believe they'll make more money as a result of the DNC, with 78% expecting the same or less>
- Today's paper featured the Causeway Street pizzeria owner who put up a pro-Bush banner and is closing his store for the week and going to Canada, expecting more trouble than business if he stays open.
Excuse me? If a guy who owns a freaking pizzeria across the freaking street from the Fleet Center doesn't think the convention is worth any money, who the hell are those 11% of business owners who think they'll benefit?What I'm listening to now on Pandora...
In a similar light, I was wondering what kind of mayhem will ensue at Quakecon. I'm sure there will be a ton of virus/worm spewing boxes plugged into the byoc lan.
"He's lost in a 'floyd hole"
Somewhere Karl Rove is twirling his mustache and recruiting neocon script kiddies.
If you think
Red Hat Linux to be precise. You can apply as an admin if you want...
That way, sure someone can hijack a laptop, but all they get to do is piggy back on the Democrat's internet connection or target other machines on the untrusted network.
Sure it's possible they haven't thought of this, but it's such a basic precaution I find it hard to believe. If they're letting any untrusted computers on to their network they have to treat the physical network like the internet - untrusted jsut like the guest PCs.
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp.
I always rely on Microsoft for all my security needs!
If you'd like to vote for one of the outside candidates, make sure the party you would have voted for can afford to lose. I hate the two party system, but voting third party is just going to help the guy I don't want to get (re-)elected.
Is it just my observation, or are there way too many stupid people in the world?
"[W]e are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Well, I'm certainly glad they'll be enlisting the crack security experts at Microsoft.
$ whatis themeaningoflife
themeaningoflife: not found
It's a shame that the NSA does not purchase airtime (I'm sure an argument could be made that this is in the public interest) to ensure that for every M$ commercial telling you how great Microsoft products are, there is one commercial from an official government body that specializes in these matters stating all the known security problems with Windows and other Microsoft products.
Of course M$ has plenty of kickbacks^H^H^H^H^H^H^H^H^H lobbyists, so I don't see this ever happening.
It is a miracle that curiosity survives formal education. - Einstein
If it is such a threat couldn't they just flood 2.4 and 5.2ghz frequencies with packets and in effect cripple the whole thing?
don't they make devices to do this?
Or just use materials to block the signals.
convictushome.blogspot.com
I don't give a hoot about their wireless network. What I care about are the massive road closures. Virtually every major route in and out of Boston, and several arteries, will be either completely or effectively closed down, starting as early as 3pm.
I-93 is being completely shut down through Boston, despite being a major interstate. The secret service is to blame for inventing imaginary truck bombs and placing the possible risks to security of the privileged few over the livelihoods of hundreds of thousands, if not millions, of people- workers in Boston were essentially told to fuck off and take a vacation during the convention. Menino and the DNC are to blame for ignoring obvious potential "security considerations" inherent in the Fleet Center; the new convention center would have done nicely, except it wouldn't have gotten the delegates their precious stadium seating, nor would it have given the press their precious skyboxes. Oh, and it would have meant a longer cab drive to the hotel. Boo hoo, poor rich politicians.
I can't see Kerry doing very well at all in working-class neighborhoods in eastern MA. In fact, I'd be willing to bet he'll loose them in a landslide. Virtually everyone I've met who has to commute into boston is unbelievably -PISSED- at the convention.
Oh, and then there are the random package searches on the MBTA, the closing of North Station (which is IN the Fleet Center), the mandatory searches on the Orange Line...what else? Oh, the Boston Patrollman's Association is going to be picketing ALL the DNC parties, which has hurt the few local businesses which were lucky enough to get some DNC business; losses were estimated at $80M statewide, but will most likely be higher thanks to BPA.
Let's see, what else? Ah, yes. The "internment camp", oops, I mean, "free speech zone", which is a fenced-in pen topped with barbed wire. Yeah, great idea- let's put right-wing nutjobs(Christian Coalition) in with extreme left fruitcakes into a TINY little box, with ONE entrance and ONE exit. Nah, they won't fight with each other!
Please help metamoderate.
just surround the convention center with microwave ovens. They do a great job of jamming my wireless networking.
Granite Island Group has already one-upped this story. Fuck wireless security, we're talking about actual bona fide security problems here.
[o]_O
Those wily hackers will find out who Kerry's running mate is going to be! Or even worse, they'll find out the key planks in the Democrats platforms! What, exactly, does Hiawatha think the hackers are going to steal, anyway? Are there any secrets of interest at this convention?
Have you read my blog lately?
If I could toot my own horn, I'd never leave the house!
Now, instead... Don't vote at all. Did that help the guy you don't like at all? No. It didn't. Admittedly you didn't hurt him either. You also didn't help/hurt the other "lesser of two evils". Starting to see my point yet?
OK, now then: Vote for an alternative candidate: You didn't help either of the "lesser of two evils" and you've demonstrated that you didn't like either of those two choices. Future candidates will look into that and modify their position on issues to better reflect what the public wants.
Of course if Diebold is right, voting would be illegal if it actually made a difference.
No one man knows what's best and true for all mankind. Don't be afraid of a polititian who is brave enough to change their mind because they've gained a different perspective. Fear the ones that never will because they have no perspective at all.
This story bugs me. Its the kind of thing that sounds like something important, but there is no real meat to it. It's a non-story. The only hook is the political angle, which turns out to have almost nothing to do with the real issue.
First, any large collection of people with laptops will have the same problem. It could happen at a comic book convention. There is no mention of security problems like this at the GOP convention, though that is more likely because it is not coming up so soon. The point is: large numbers of laptops + WiFi = trouble. Why? Because of the wide target selection.
Second, if the laptops were secure themselves, there would be no problem. Why are they worried about insecure laptops? Because they are probably all running some version of Windows. The subtext is that Windows is so insecure that you really need to pay attention to it when you are in a crowd. I wish the writer was more direct about this point.
Anyway, no real story except to say that large numbers of insecure mobile computers are, gasp!, not secure when they are all in the same convention hall.
The news has all kinds of stories like this, designed to make you afraid for a couple of minutes, until the next scary "story" comes along, and you can forget all about this one.
On the local news here (Portland, OR) the other night, there were a couple of drownings in the river. A tragedy, I know. But one of the followups was about the dangers of water. Frankly, the biggest danger is trying to breathe it in, but the news never gets to the nub of the issue like that.
The news sucks. I hate TV news more than print news, but this one makes me start to hate the print news as well.
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp.
Ahh... Ok.
BTW:Interesting Article.
"If you have done 6 impossible things this morning, why not round it off with breakfast at Milliways" -- hhgg
I am sure there is a likely threat, however, since we all know that Al Gore will be there (The inventor of the Internet) we are assured that this technologically savvy group of people will over-come any security obstacle.
In any case, doing something about it now would result in the creation of a formal commitee, multiple meetings, a voting of some sort, or some introduction of a new bill. There is no doubt that this new security commitee would require additional funding, so I am sure that they would vote to increase some tax (more than likely petroleum, or tobacco) and as a rider to the bill, all members would receive additional pay increases.
you know, the usual...
Har. Har.
It was Republicans who invented that claim. What Gore actually said was "I took the initiative in creating the Internet". Robert Kahn and Vinton Cerf -- two of the people who did "invent the internet" have publicly stated that "Al Gore was the first political leader to recognize the importance of the Internet and to promote and support its development." Repub spinmasters pushed the reworded version hard as part of their successful effort to exaggerate Gore's supposed exaggerations.
(The Repub spin this time around is that Kerry always "flip-flops". That's the script, and they're pushing it hard. I guess this is to distinguish him from Bush, who sometimes flip-flops and sometimes sticks to his opinions ... regardless of the facts.)
The DNC might want to invest in several of these little goodies. Power them up and problem solved.
Wanted: witty unique signature. Must be willing to relocate.
[I'm mostly joking, but it is somewhat interesting that the two major parties don't even agree on web platforms.]
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Uhmmm. I'd be a bit worried if one of my partners that I trusted with security was Microsoft. Just how many times has Windows Update used the word "critical" to describe a patch recently?
Maybe it's just me...
You mean, unlike the electoral college system of electing presidents?
When it seems technology moves too slow, consider that 4 years is a very long time in the computer world.
1981 - start of Reagan 1st term. IBM PC barely exists.
1985 - Reagan 2nd term. Amiga still months from introduction.
1989 - Bush Sr. 1st term. Gopher looks like it's going to be a real winner.
1993 - Bill Clinton 1st term. Most people are stil l having trouble accessing more than 1 Megabyte of memory. Microsoft offers users "himem.sys" as a solution. Linux begins to change all that.
1997 - Bill clinton 2nd term. Everybody's reading about who poked who in the Oval Office - on a computer network that spans the globe
2001 - GWBush 1st term. Cheap computers perform at a more than a billion FLOPS. Hard drive prices crash through the floor. Wireless networking barely alive.
2005 - Wireless networking causes massive chaos in the government, allowing robotic overlords to storm the Democratic Convention. Scene is repeated three weeks later at the Republican Convention. Robots declare martial law, and institute an omnipotent supercomputer and the emperor of the world. Declares Sunday to be free ice cream day. Jaded citizens eat it up.
When you look at the state of the art at 4 year intervals, it seems like a lifetime. When GW Bush was first elected, a nice computer would have been 1 GHZ or less, with 64 megs of RAM. And before that, it would have been a little Celeron 300A, or maybe a Pentium MMX.
Can anyone predict the state of the art in 2009?
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
"Who in their right mind would want to hack into the democratic convention? The only ones I can think of are Republicans, and we all know they never do anything illegal like that..."
They only need to say that it's part of a terrorism investigation, and then the carrier is required to let them snoop the wired network, and the carrier is prohibited from revealing the snooping -- EVER, even long after the fact -- and, oh yeah, I forgot to mention, no judge or warrant required.
They don't have to do it illegally, just invisibly.
We're screwed. It's a chicken and egg problem. We can't get people into power to fix the system because the system doesn't allow it.
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure." [emphasis mine]
And this, my friends, is why Kerry won't be moving into 1600 Pennsylvania Ave next year....
Security and stability have never been Microsoft's defining features. The familiar joke about Democrats being stupid but passionate and Republicans being cold but smart seems to fit this situation rather well, unfortunately.
These guys would have been better off to call IBM or Red Hat, who believe that security is more than just a marketing buzzword.
Hopefully, the Cisco folks will be able to minimize the damage that the Microsoft does.
The society for a thought-free internet welcomes you.
I had thought of the time complications, but (and maybe I missed this in the article) it didn't seem to me that it would take any longer to disable the WiFi than to scan each computer for viruses and WiFi and then block only those computers from the network.
Live free or die
Is this guy dead on or what? All major news sources are almost worthless. After dumbing down the information for the masses and then throwing in the spin and bias of writers and editors, modern news sources spew a lot of nothingness. As this post's parent correctly points out, this is not news. We all know WiFi is a security threat to computer networks (but we also know that can be mitigated).
I want a truly intelligent and intellectual news network/newspaper that sincerely presents news and is not a propaganda machine. I want news that is thoughtful, informative, and really hits the "nub of the issue." However, any media source is out to do one thing.. make money. Consequently, they try to appeal to the largest number of people possible and thus must result to dumbing down their content for laymen. It is truly unfortunate that people are not smarter.
What is your penile percentile?
Yea, but in reality they would have to do the same thing for *nix / *bsd / *everyothersoftwareproductknowntoman. To make it fair and all.
Judging by how reliably my laptop drops its connection everytime I approach it with my 2.4GHz cordless phone, it sounds like a pretty easy approach would be to install some fairly high powered interference generators spreading noise on that frequency in and around the FleetCenter. OH wait, that is probably against some FCC rule. Nevermind. We're doomed.
I fully expect the lan to be well run considering the high geek factor. I know we have occasional problems at our lan group, but we don't have managed switches. Glad to hear things went well last year. This will be my first QCon.
"He's lost in a 'floyd hole"
Ahh the VCR, trying to make video reproduction engineers out of people who can't even thread a quadruplex.
So, after RTFA,we can secure our network by checking for viruses and making sure wireless chips are off? Are they forcing everyone to install special software to check these things? Would all the conventionners really want to deal with that hassle? And who make sures the software provider is really trusted and hasn't been compromised themselves?
Shouldn't the main thrust of the security efforts to protect computers from each other be off of those computers? There are plenty of other ways to compromise computers them without a virus or WiFi, same as always, and they won't necessarily show up on a virus scan. Isolating each machine from the others will do a ton more than running a program on what you think is the actual machine. Cisco can surely do a good job at making sure they can only reach the outside world and not their "LAN" neighbors. This is not to say that the conventionners will all be running VMWare or Virtual PC, but if their machine was already compromised, do you really trust the results of a program running on their machine? It's not like this a big geek-fest with a LAN party every night.
"People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, "and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
So WiFi security is not something the Convention IT staff can control, with or without WEP
Nearly a 100% of all notebook computers brought to the convention will have WiFi built-in to them. A few sensible folks will have their notebooks configured to only latch onto "known" access points using wep. The rest will have their WiFi settings set to allow both ad-hoc and infrastructure mode and to connect automatically. These people, while probably smart and successful in other ways, are likely to be morons who are network-retarded.
As a result they are unlikely to realise that while they are busy and connected to the wired network, their computers have also connected automatically to the blackHatAP that has been setup in the closed-for-the weekend in the Pizzeria across the street. A convenient and cheap SEP field will prevent them from seeing small message dialogs that inform them of these events.
Some of these notebooks, as a result of belonging to irresponible morons, will already be 0wn3d. They are twice as likely to not be updated using windos update..
In short these computers will behave pretty much the same as the drunk chick flahing her tits at Dayton Beach on spring break (altho why we only see photos of them on the internet and never meet any of these tipsy goddesses IRL is beyond me. Oh wait, that probably cuz I'm here instead of there.!)
I would lay a wager of 10 bucks at odds of 5-1 that at least 5% of the notebooks on-site will automatically latch onto the first available AP AND be unpatched enough to allow arbitrary code execution using a buffer overflow vulnerability on some port OR have a trojan installed which can be leveraged to execute said code
What is the hapless IT support guy to do? Here are a few ideas -
1. Ban all notebooks since you cant physically inspect the WiFi settings for the visitors. This idea will probably get you fired though. The morons are rich and powerful and will get their way in penetrating your network with their toys. Being a BOFH is only going to get you shafted.
2. Set up your own AP with repeaters all over the place and hope the ho-ing notebooks latch on to your WiFi network first. I am sure this is not foolproof, but will probably bring down your risk by 70%. The boundary cases here are truly that - the notebooks on the wifi edge might see a better signal from blackHatAP and kiss up to it.
3. This may not be legal in your Locale/state/country. Adherence to local laws is your responsibility. Disclaimer made, heres the option - Install a jammer for WiFi frequencies. Better yet, if you have the Secret servce on hand, get them to do it. Simple and efficient. Unintended Interference is a bizatch though.
I thought about the option of setting up a WiFi farm that would create its own /. effect on the BlackHatAP but that wouldn't scale well if the BlackHat set up more than one AP....
See that long UID - that's what you get for lurking too long
Very good point, still I like the EC system just think the states shoud do it like ME and NB, if you win a dictrict you get that Elector, and if you win a state you get the two 'senate' electors..
All they have to do is turn on 'internet sharing' for the wifi port ... instant gateway ....
I'm sure a virus or 2 is out there to do this for you automatically..
Only takes one malicious ( or clueless ) person..
---- Booth was a patriot ----
I hope Hiawatha and the Globe paid for the primo advertising spot.
This is even a self-admitted attempt to get more traffic to his own article, which is an article he wrote for pay for a news organization that wants more page traffic. Never mind that he gets paid depending on how many people have heard of him.
So, how much does it cost to buy a slashdot story? Is there a discount for frequent buyers?
Your tax dollars are paying for it all. Yep, you get to pay to get screwed.
:)
Have a nice day.
The only solution, if this bothers folks, is to not allow computing equipment at all or at least for them to not have some kind of shared network.
They could setup a network that did not allow connection apart from their own equipment and then allow people to check out equipment, but most people will want access to their data, and you really couldn't allow that and be secure.
Trucks monitoring wireless aren't the answer and would not keep out the experienced hacker.
Newbury is clearly trying to make a dishonest buck. If they're smart, they'd hire em and then sue the pants off them for being stupid.
The quarantine and certifying of laptop idea is totally bogus. These folks are clearly security amateurs.
I only wish I was stating the obvious.
And Ms. Garcia (or whoever is in charge of DNS security), who apparently feels that the DNC's best bet is security by obscurity... well... I suppose there's always a job for you in Redmond. It's no surprise that they chose Cisco and M$ for their "security"... trust me... there will NO SECURITY at the DNC for anyone with even rudimentary hacking skills if they allow folks to use their own equipment (laptops, PDAs, etc.).
If they allow outside devices of any kind and are planning on a "secure" network, they don't understand security and deserve the end result.
Of course, we're talking about politicians... so arguably, there's nothing on the network of any real value anyway.
At a technical conference earlier this year, I noticed something going between a few machines that looked a lot like a wireless virus, but was unable to capture it properly (they weren't my machines, I was just trying to shut down rouge APs).
The trick is being able to turn a normal laptop into an access point, then spreading the virus to other machines as they "automagically" try to connect to whatever AP they can find. Then those infected computers turn into APs, etc.
So which Party is smart and passionate and which Party gets to be cold and stupid? ;-)
--- Ban humanity.
ROFLMAOPMP.... and stuff.
-- Liberalism is a mental disorder.
"...but voting third party is just going to help the guy I don't want to get (re-)elected"
A friend of mine said the same thing. He of course wants Kerry to win. I then reminded him that in California, there is no chance at all that Bush will take the electoral votes. Since I normally vote Republican or Libertarian, I would actually be taking away a vote for the Elephants by voting Libertarian.
If you live in California, you too can vote your conscience, whatever it may be, and not worry about Kerry not winning the State. On the other hand, if you vote Republican, and you want to vote different, you can since Bush wasn't going to win in California anyways.
This type of thing has happened before, but in this case we did have a 802.11A/B/G network running as well as wired. There is no solution to prevent it from happening (short of forcing people not to bridge their connections), but there are ways to detect and contain it. The netadmins just need to setup something that will also talk to these bridged 802.11A/B/G cards. Once they detect a bridge, find out what hardwired port they are coming through, find the Mac address, penalty box the mac address, and you've then forced them to go seek help hopefully from a helpdesk that knows what you are doing to people to cause them to go to the helpdesk.
Cheers!
--Brett
Indeed.
Fortunately, Democrats have been listening to their base, and while network security may be a problem at the convetion, Some Democrats have been moving secret information the old-fashioned way:
In their pants.
Happily, they still have time to make sure that those who disagree with them will have to sit at the back of the bus:
Cement barriers, 8-foot-tall chain-link fencing, and heavy black netting have been installed around the protest zone outside the FleetCenter, angering protesters who say they will be penned in and closed off from Democratic National Convention delegates. Much of the area is located under abandoned elevated Green Line tracks that slope downward. The setup, which one netting installer called ''an internment camp," will force tall protesters at the southern end of the zone to lower their heads to avoid banging them on green metal girders.
...is getting that many liberals in one spot without adult supervision. There should be a 5-mile safe zone around the perimeter to ensure that conservatives and moderates don't spontaneously combust.
In other news, the laser-cannon-enabled crosses of the ridculously Christian right will be set around the perimeter of the Republican convention later this year. Liberals walking within the perimeter will be burned alive instantly, their ashes teleported to Hell, where, according to Rush Limbaugh and his demonic minions, all liberals go.
Finally, independents will sit at home and grouse, "Why the hell do we only have Nader to pick from?"
IronChefMorimoto
Equal Opportunity Troll
Friends don't help friends install M$ junk.
If the GOP is truly worried about information security, then why don't they do something about all of our nation's financial institutions having their sensitive back end systems being coded offshore? Especially in areas like India, where terrorism is a big problem? If terrorists really wanted to disrupt the American way of life - all they would need to do is to hack into our financial systems. And given that these are coded offshore, they definately have the opportunity.
Couldn't resist laughing when I read this quote.
The republicans already have hacked some democrat computers.
Fuck wireless security, we're talking about actual bona fide security problems here.
Who cares how unsecure the DNC is. Nothing will happen. Why would the terrorists attack their favorite candidates? They'll be too busy working on the attack details for the RNC anyway.
These stupid things are the fault of the Secret Service. They've been doing this to Bush for years now.
It's forced Bush to become out of touch with how real Americans are thinking. I hope the same doesn't happen to the Democrats as a result of this convention.
A few states do apportion electoral votes, rather than practicing a winner take all method. People are reluctant to pressure their state to go to divvying up electoral votes, because it is percived that this will give the states that don't an advantage.
However, with more states also doing winner-take-all voting, there are increasing advantages to not doing it. (For example, a particular district can get lots of government programs even if the state it is a part of didn't go strongly for the winner, just so that district did.)
Who is John Cabal?
Why can't they just jam the wireless frequencies to make wireless useless within 200 yards of the place?
Why not just jam the wifi frequencies. There are plenty of ways to do it.
You can set up radio transmitters to do it. Or hell, get a few dozen APs, don't connect them to anything but power, each set to a different channel, put on some good antennas and spread them around. That ought to cause enough confusion to keep anyone from doing anything wireless.
My guess as to your real beef ...
I always have disliked the electoral college. The idea of winner take all was never appealing to me. I live in California, San Diego in fact. Whenever I vote republican in national matters, it feels like my vote does not count since my state almost always goes democrat. While the 2000 election would of elected Gore if it was a direct democracy, I still would of felt like my vote counted.
.02 cents.
Say what you want, but I was still glad to see Bush Jr. win the election of 2000, although that does not change my feelings toward the electoral college.
Just my
Brendan
The MCSEs will sit in the corner, bitching cause the CCNA yelled at them. Cicsco guys wil have to pick up the slack from the MCSE's lack of security. Fire up your texteditors guys, time to start writing those access lists.
-William
God is everything science has yet to explain.
... to actually vote your candidate of choice, especially if they are not projected to "win" per se, and that is to contribute to the furtherence of theo\ir party, election after election. This is because of federal matching funds, which are voluntary check offs of three dollars on everyones income tax. According to the site, candidates are eligible for matching funds once they have crossed a threshold of receiving 5,000$ from individial contributions of 250$ a head in at least 20 states. This helps those candidates and parties to continue to grow, should the candidate/party choose to apply for the funds. I see nothing wrong with it, as it's the only voluntary tax we really have, and it can go to your alternative candidate, if they can cross that threshold. Frankly I think it should go to anyone who makes it to the ballot, but that's for another time. Believe it, the R andD guys always take these funds, so there's no reason to deny your third party alternative candidate the same opportunity, who knows, as the kitty builds up maybe they can become a very credible force. Continually voting for the same old tired party combo that you KNOW will always give you the same exact crap we have had for multiple generations now is a sure fire way to keep getting the same exact crap for the next several generations.
Of course, who knows with blackbox voting any more, but at least the alternative candidates can keep getting additional funding.
Think about it, Linux is the up and coming main competitor to windows. Don't you think a guy with an ego/business sense like gates wouldn't want to *personally* see what linux is capable of? I bet he has a few linux boxes and distros kicking around, just to stare at, think a bit, then bark orders to his serfs about.
Have someone (or several someones) walking the convention hall floor with sniffers. Any machine found to be transmitting packets via WiFi gets the plug pulled on the wired network. Since every location in the hall is numbered, a simple call back to the network center can get them switched off without having to physically confront them. However, I just like the idea of a guy walking up with scissors and SNIPPING them.
Maybe they should hire Nigerian guards.
Signs would be posted all over -- "TURN OFF YOUR WIFI OR YOUR NETWORK CONNECTION WILL BE TURNED OFF. If you do not know how to do this, please call 1-900-xxx-xxxx ($3.95/minute) for assistance." Using the number of a phone sex line would not be funny. (OK, yes it would, but it's still not a very good idea.)
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Sounds to me like they just don't want anyone but the 'official' bloggers posting review... "Worst convention EVER!"
I note that this year, despite two national political conventions in cities, the allocation of money for homeland security is apportioned so that states with low populations receive a windfall, while states with large urban areas have to foot the bill for their own security.
This, in light of the 9/11 Commission's conclusion that al-Qaida took advantage of this very same type of governmental ineptitude in their attack on America almost three years ago provides me with ample proof that there is plenty of reason to doubt security.
Just today, the FBI told all of the news agencies that they had information that al-Qaida is specifically targeting the news vans at Fleet Center.
In light of all of this, I have to figure that the terrorists are either in the US government and plotting to keep us all so scared that we won't go anywhere or do anything or they are evil hackers bent on global dominance through the takeover of every computer for the purpose of downloading everyone's bank account information from their copy of Quicken (probably a pirated copy). Frankly, I like the hacker idea best.
Fade up on Joe Democrat at the Boston Convention, computer unsecured from WiFi attack. Suddenly, randon characters race across his computer screen.
Mesmerized, Joe stares into his screen as the images flitting before him lull him into a hypnotic trance as we fade to black...
Fade up on Joe Democrat as he shakes the hand of the Candidate. The Candidate pauses and looks intently at Joe's eyes, which begin to display random characters like his computer screen did. The Candidate nods and immediately rises to go tot he lecturn.
Cut to the Candidate delivering a speech where he refuses the party's nomination and decides to not run.
Cut to the newsvans where the producers and directors stare at each other in consternation as Joe Democrat infiltrates the newsvan compound unseen. Fade to black.
Fade up on idyllic world without media, computers political parties, newspapers, candidates or cursing Vice Presidents. Camera trucks into the open door of the Presidential Mansion, through the entryway of the Oval Office. There, wearing the Turban of the Holy One sits...
Monica Lewinsky!
Gods don't kill people, people with gods kill people.
use the tactics of the late former mayor daley during chicago's hosting of a democratic convention back in the late sixties. at least the irony would be entertaining.
Serenity now, insanity later.
A friend of mine is a photographer at the DNC, and aside from having to have all his gear inspected regularly (digital's great, no film to fog in X-rays), he's got one really big problem:
He's got these two heavy-duty custom battery packs for keeping the flash going full-tilt. They look like bombs. No lie. Aluminum case, heavy, solidly built, bolts at the corners... you can't get more suspicious looking.
I'm waiting for his report on enduring regular cavity searches. I told him anytime someone hassles him, he should just say, "Imshallah," and bear it.
Design for Use, not Construction!
Somehow I doubt anyone's going to be able to get any kind of "wireless transmitter" anywhere near the FleetCenter without being severely beaten, seeing as how security in the entire city of Boston is going to be tighter than ever.
.. Because I sure know that when I hear about Microsoft and Cisco, I immediately think security.
But by far the best quote in the article is:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp.
A the quadruplex, trying to make sound engineers out of people who can't wire an outlet.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Is it too late to whip together a 6th HOPE in Boston on, oh, let's say.....July 26th-29th?
We'll all be meeting in the free speech zone....see you there!
Authority questions you. Return the favor.
No doubt many viruses will be transfered at the convention, but it really is a private matter between the senator and... oh, did you say computer viruses?
The funny thing is in a system where every state did that the 2000 election would have turned out the exact same way (in terms of electoral votes)...
I guess it does sound like that, but no, I haven't lost my job to a "goo-back from the future". I was just hoping to responses that would make me better informed - perhaps my opinion is bogus. The government DOES already control business decisions in the name of terrorism, I want to know why they are not concerned about exposing our country's financial code in this way. Terrorists attack places of business and finance with bombs, and I think that the next step to this is to attach businesses through technology. It is where we are the most vulnerable, and it is the one place that the government is not protecting.
While I don't agree with the grandparent's assertion that India is some kind of terrorist hot-spot, the poster has a point.
The US already forbids a host of technologies that are military of nature. At my last job, whenever we had to duplicate a database to one of our overseas sites, we had to ask the project owner if it contained any contraband for legal reasons. Laser tech, strong encryption, missile tech, certain kinds of advanced computing and electronic tech are all forbidden from leaving the country's borders along with a few dozen other things.
While India isn't a hotbed of terrorism, we have no control of what happens to software once it's being worked on over there. For a few thousand rupees, a foreign programmer might be very tempted to burn a disk of bank software to the highest bidder. Lax foreign laws and lack of realistic enforcement would make that much more likely in developing countries than within the US.
I think that the government should consider the fact that there is a greater danger posed to the citizens of this country from hijacked personal information and security systems than from missiles. This is another part of national security that should be retooled now that the cold war has been over for more than a decade.
Blaze a trail to the New World
You can even take the national security aspect out of the argument. When you look at giving a third party access to intellectual property, you should be looking at a risk assessment to determine what are the possibilities that there will be unauthorized disclosure, and what you will do to mitigate the risk.
Having been involved in various outsourcing activities, I've done the risk assessment exercises. The approach is the same if you are talking about outsourcing the production of your company annual report, your call center activities, the development of your software, or sensitive customer information (like your banking example.) If disclosure of the information would put you, or your company in a risk position, you need to deal with it or not disclose. The government isn't really needed to oversee what you are doing here if you do your job right.
If a company outsources the production of their annual report to some goo-backs from the future and they use the information to do some insider trading before your financials are announced publically, you deserve the full force and effect of SEC laws that prohibit leaking insider information. I would think the same approach would be valid for financial code.
So I guess I'm arguing for the more libertarian approach of letting corporations make their business decisions with full knowledge of the penalties for messing it up. Not a real-world scenario perhaps, but (IMO) the way it should be done.
You are right that this should be a national security issue instead of a party issue. However, any party that talks about national security should make this their business. Not being totally libertarian, I am glad that the government does oversee some (but not all) parts of the private sector to prevent injury to its citizens. I am glad that they mandate airport security to prevent physical harm. I am glad that they FDIC insure our bank accounts to prevent financial loss. I am glad that the Sarbanes-Oxley law was implemented to prevent entire corporations from falling, and thus hurting people's and the economy's financial health. I believe that the government should continue on this track. They should prevent corporations from exposing private information to consulting firms that are not subject to the same laws and the same monitoring. Because the company alone will not pay the penalty for messing up. It could hurt the nation as a whole.