Slashdot Mirror


Border Security System Left Open

7x7 writes "Wired News is running an article on documents they recovered via the Freedom of Information Act and a lawsuit. From the article:" A computer failure that hobbled border-screening systems at airports across the country last August occurred after Homeland Security officials deliberately held back a security patch that would have protected the sensitive computers from a virus then sweeping the internet, according to documents obtained by Wired News." It looks like Zotob made it in to the supposedly protected network."

10 of 195 comments (clear)

  1. Normal windows operations by mtenhagen · · Score: 4, Insightful

    This sounds like normal windows operations:
      - an exploit (bug) is discoverd
      - the virus is released
      - a patch is relesead by microsoft
      - the administrators dont trust the patch (cant see what it exactly does) so need to test
      - in the mean time the virus is spreading
      - there should be a profit line here, but I gues microsoft already made a profit before all of this started.

    --
    200GB/2TB $7.95 Coupon: SAVE90DOLLAR
    1. Re:Normal windows operations by mrchaotica · · Score: 4, Insightful
      the administrators dont trust the patch (cant see what it exactly does) so need to test
      So what? It's not as if they can see exactly what Windows itself does either!

      If they're going to run proprietary software, they might as well have blind faith that everything the vendor does is right, 'cause they have no choice anyway -- they've already chosen to trust it with the existing system. (This is why foreign governments are switching to Free Software, by the way -- they'd have to be run by morons to trust Microsoft.)
      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  2. Should have used dumb terminals. by khasim · · Score: 5, Insightful
    These machines will sit in border offices, staffed by government employees.

    I wouldn't even trust *nix workstations in that environment.

    Not to mention the WHY of this. From TFA:
    The system has processed more than 52 million visitors, and allowed border officials to intercept more than 1,000 wanted criminals and immigration violators, according to DHS.
    Great. 1,000 people. Didn't I see something on the news recently about 11 million illegal aliens in this country?
    The documents raise new questions about the $400 million US-VISIT program, a 2-year-old system aimed at securing the border from terrorists by gathering biometric information from visiting foreign nationals and comparing it against government watch lists.
    1,000 people at a cost of $400 million.

    $400,000 per person caught?

    Someone REALLY needs to pitch the LTSP to the government.
  3. Re:Failures are routine apparently by TubeSteak · · Score: 5, Insightful
    But two CBP reports obtained under the Freedom of Information Act show that the virulent Zotob internet worm infiltrated agency computers the day of the outage, prompting a hurried effort to patch hundreds of Windows-based US-VISIT workstations installed at nearly 300 airports, seaports and land border crossings around the country.
    If there wasn't a Freedom of Information Act, would the public ever really know what had happened?

    I'm surprised the information wasn't classified as relevant to National Security. Weaknesses in computer security are just as bad as weaknesses in physical security.
    --
    [Fuck Beta]
    o0t!
  4. Beta stuff? by TubeSteak · · Score: 4, Insightful
    "Replacement of these systems and improved biometric systems will be required."

    [Former White House cybersecurity adviser Howard] Schmidt agrees, though he says the problem is hardly limited to US-VISIT. "We have to start moving at industry speed, not government speed, when it comes to the deployment of new technologies," says Schmidt. Instead of running Windows 2000, "I'd be racing to run the beta of the next generation of operating system ... and not worry about legacy stuff that we know isn't going to be supported too much longer and has had issues."
    I'm glad this guy is "Former" and not current. Why does he think a beta OS is going to be any more secure than 'legacy' OSes?
    --
    [Fuck Beta]
    o0t!
  5. Windows? by Cthefuture · · Score: 4, Insightful

    Instead of running Windows 2000, "I'd be racing to run the beta of the next generation of operating system ... and not worry about legacy stuff that we know isn't going to be supported too much longer and has had issues."

    Or how about this: Run a secure operating system that is stable and still maintained. Linux, OpenBSD, FreeBSD, anything other than Windows. No forced upgrade required since many of the old Linux distros are still maintained.

    I mean it's Microsoft forcing them to upgrade even though Windows 2000 is still a perfectly fine OS.

    --
    The ratio of people to cake is too big
  6. Non-computer Q about US Visit by Anonymous Coward · · Score: 5, Insightful

    Except for really dumb criminals, how does US Visit actually improve security? The terminals are away from the gates, you don't need to pass special check points between the domestic and international terminals and ID doesn't get rechecked at the gate. So unless I am gravely mistaken an easy way around it would be

    -subject A buys international ticket
    -subject B buys domestic ticket
    -both pass security
    -A checks out at US Visit terminal
    -A and B swap tickets
    -B gets on international flight
    -A gets on domestic flight or leaves the terminal
    -B gets off the plane outside the country and uses his or her own passport to pass the border control. IIRC, most countries including the US don't feed back who passes passport controls back to the airlines or country of origination. But even if, B could just take a fake passport to a third world country without scanners or live database hookup instead of Europe, Japan or the like.

  7. Interesting... by nawcom · · Score: 5, Insightful
    An interesting question is to the Administrators:

    If you don't trust the patch that software developer provides for its product, then why trust to use the product at all?

    It sounds like someone saying, "Our OS has security holes in it, but we don't trust the fixes because they will just open up more holed until we verify for sure.. .. but since 90% of the world use this "hole-y" OS we'll just do what works. Like reporting a planned virus infection. *all hail bill*"

    -nawcom

  8. Configuration Control by Detritus · · Score: 4, Insightful

    Because in large and complex systems, you don't install patches until they have been tested for unintended side effects. That may mean scheduling, running and evaluating some very complex tests. This can take weeks or months, depending on budgets, priorities, and operational commitments.

    --
    Mea navis aericumbens anguillis abundat
  9. Re:Those dollars are earmarked. by biglig2 · · Score: 4, Insightful

    It's amazing that someone worried about security thinks running a beta of a security system is the way to go.

    This is of course the great counter to the "but FOSS doesn't have any support". "The US Government can't get support for W2K, what makes you think you can?"

    --
    ~~~~~ BigLig2? You mean there's another one of me?