Border Security System Left Open
7x7 writes "Wired News is running an article on documents they recovered via the Freedom of Information Act and a lawsuit. From the article:"
A computer failure that hobbled border-screening systems at airports across the country last August occurred after Homeland Security officials deliberately held back a security patch that would have protected the sensitive computers from a virus then sweeping the internet, according to documents obtained by Wired News." It looks like Zotob made it in to the supposedly protected network."
This sounds like normal windows operations:
- an exploit (bug) is discoverd
- the virus is released
- a patch is relesead by microsoft
- the administrators dont trust the patch (cant see what it exactly does) so need to test
- in the mean time the virus is spreading
- there should be a profit line here, but I gues microsoft already made a profit before all of this started.
200GB/2TB $7.95 Coupon: SAVE90DOLLAR
I wouldn't even trust *nix workstations in that environment.
Not to mention the WHY of this. From TFA:Great. 1,000 people. Didn't I see something on the news recently about 11 million illegal aliens in this country?1,000 people at a cost of $400 million.
$400,000 per person caught?
Someone REALLY needs to pitch the LTSP to the government.
I'm surprised the information wasn't classified as relevant to National Security. Weaknesses in computer security are just as bad as weaknesses in physical security.
[Fuck Beta]
o0t!
[Fuck Beta]
o0t!
Instead of running Windows 2000, "I'd be racing to run the beta of the next generation of operating system ... and not worry about legacy stuff that we know isn't going to be supported too much longer and has had issues."
Or how about this: Run a secure operating system that is stable and still maintained. Linux, OpenBSD, FreeBSD, anything other than Windows. No forced upgrade required since many of the old Linux distros are still maintained.
I mean it's Microsoft forcing them to upgrade even though Windows 2000 is still a perfectly fine OS.
The ratio of people to cake is too big
Except for really dumb criminals, how does US Visit actually improve security? The terminals are away from the gates, you don't need to pass special check points between the domestic and international terminals and ID doesn't get rechecked at the gate. So unless I am gravely mistaken an easy way around it would be
-subject A buys international ticket
-subject B buys domestic ticket
-both pass security
-A checks out at US Visit terminal
-A and B swap tickets
-B gets on international flight
-A gets on domestic flight or leaves the terminal
-B gets off the plane outside the country and uses his or her own passport to pass the border control. IIRC, most countries including the US don't feed back who passes passport controls back to the airlines or country of origination. But even if, B could just take a fake passport to a third world country without scanners or live database hookup instead of Europe, Japan or the like.
If you don't trust the patch that software developer provides for its product, then why trust to use the product at all?
It sounds like someone saying, "Our OS has security holes in it, but we don't trust the fixes because they will just open up more holed until we verify for sure.. .. but since 90% of the world use this "hole-y" OS we'll just do what works. Like reporting a planned virus infection. *all hail bill*"
-nawcom
Because in large and complex systems, you don't install patches until they have been tested for unintended side effects. That may mean scheduling, running and evaluating some very complex tests. This can take weeks or months, depending on budgets, priorities, and operational commitments.
Mea navis aericumbens anguillis abundat
It's amazing that someone worried about security thinks running a beta of a security system is the way to go.
This is of course the great counter to the "but FOSS doesn't have any support". "The US Government can't get support for W2K, what makes you think you can?"
~~~~~ BigLig2? You mean there's another one of me?
Maybe it means the "Homeland Security" has a different job than the PR claims...and *that* is where it's attention lies.
Don't believe what they say, watch what they do. They lie constantly, but you can't even depend on that.
Watch your legislator. When they claim to be against something, but they vote for it, you know one of the things they are lying about.
I think we've pushed this "anyone can grow up to be president" thing too far.