Slashdot Mirror
800 Break-ins at Dept. of Homeland Security
WrongSizeGlass writes "Yahoo is reporting about the computer security nightmare going on at the Department of Homeland Security. Senior DHS officials admitted to Congress that over a two year period there were 800 hacker break-ins, virus outbreaks and in one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. I guess it's true what they say ... a mechanic's car is always the last to get fixed."
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I guess it's true what they say ... a mechanic's car is always the last to get fixed.
That's very true.
Especially when the mechanic is incompetent, and more interested in throwing around political weight than actually trying to accomplish anything useful.
Microsoft is to software what Budweiser is to beer.
The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
...that failed to deliver when it came to 9/11 warnings by layering on a new bureaucracy on top of the failed bureaucracy.
Clearly what we need is a new Dept. of Homeland Security Security.
Point 1: Considering the complete inability of standard technical solutions to security problems to prevent a significant number of attacks/infections from being successful, this is not like the mechanics car getting fixed last. It's called "the security industry and standard methodologies continue their long history of consistent failure at organizations, both public and private"
Point 2: Those numbers are a completely meaningless abstraction without tying them back to type of attack, actual damage, importance of the data on those systems or their roles in launching further attacks, what kind of infections occurred and their damage potential, and finally what those numbers look like compared to other orgs of the same size.
Point 3: Homeland Security is comprised of multiple mostly-independant sub orgs (like Coast Guard, TSA, etc)....so..saying DHS had so many attacks is misleading without clarification
Point 4: Not saying theyre not making mistakes, just that those "facts" dont tell you either way what the actual state of things is.
When you are a primary target like the DHS, I would imagine that the attacks they face are probably harder and longer than most possible victims. I would be interested to know how many hack attempts failed to see what kind of success rate such a high profile agency has. No security is perfect.
""What the department is doing on its own networks speaks so loudly that the message is not getting across," Thompson said."
Meh, whatever. This seems to me to dismiss the high profile nature of the DHS. Most other businesses might not even survive the onslaught faced by the DHS and other government sites.
Could they do more? Sure. There is ALWAYS more that can be done from the user level up to systems and network admin.
"All the problems involved the department's unclassified computer networks..."
That is good to know.
Bearded Dragon
even by Slashdot pundits, when we learned of the huge Dell and Microsoft contracts that were being awarded by the DHS.
Those who wanted the DHS to be a braintrust of security were sorely disappointed, and indeed we can see that it is nothing more than another bureaucracy more interested in distributing taxpayer funds to corporate friends than really doing anything for the health and welfare of the nation.
This is how Rome fell.
--
$tar -xvf
DHS was started by a number of folks from the marines (I worked for one). They were ALL windows believers ( but the ones that I knew were very so-so in the tech work). They were adamant about not being like NSA in spite of the fact that NSA has 2 missions; 1) obtain any info that they can on others 2) secure our boxes. NSA has a LARGE number of mathematicians as well as computer geeks. And windows is only allowed in none secured arenas or have their network capability severed at a hardware level (i.e. no nic or usb). If DHS had been ran by professionals and not politicians from the military (ALL of the tops one were W.s, Cheney's and esp. Rumsfeld's friend), then they would not have had the break-ins.
I prefer the "u" in honour as it seems to be missing these days.
keep the USA safe from soccer Moms with sippy cups full of water, homeland security and TSA are competent. Anything more complex, and they are all butterfingers. Even the name "Homeland Security" freaks me out, not because they have extraordinary powers that threaten me, but because the name reminds me of something out of 1984 type double speak, sort of a Stalin-esk soviet type of pun. I suspect Homeland Security is much more likely to be applied against citizens of the homeland than it is likely to be applied against any enemy of America.
That was how I read the summary and it made me think - Dang the Dept of Homeland Security is so (dis)organised that you can phone in break in requests to their systems
I am Slashdot. Are you Slashdot as well?
Look at any government agency or corporate IT infrastructure - 800 break-ins is not a big number. I have been conducting information security analyses for many years for corporate networks and government entities and 800 is not a high figure. What you have to find out before considering this a valid story is; was integrity, confidentiality or availability of their infrastructure effected by these break-ins or was it just dorks poking their nose through the DMZ to see what they could find.
No lost laptops... yet.
GetOuttaMySpace - The Anti-Social Network
a mechanic's car is always the last to get fixed.
What do they say about the vehicles of back-water, trailer park baptist Gestapo?
That's nothing. A password cracker is included in the OS load of every server here. Our security auditing program uses it! Better yet, it would normally be detected by our antivirus program, but a guy here is paid to remove it's pattern from the vscan updates before they're sent out. When an unedited vscan pattern file manages to make it's way on to the machine somehow, it nukes the audit program. How's that for "administratively broken"?
No, there were over 800 incidents ranging from a single (if I'm understanding correctly) break-in to other problems from malware and less.
By the way, seven comments already and not one anguished wail from a 14-year-old pretending to be a grizzled veteran upset about the changing meaning of "hacker"? Get a move on, guys!
What I'm listening to now on Pandora...
Gave up rights and privledges in the name of 'security', and a mall rent-a-cop could probably secure those systems and charge less to boot.
But as long as the simple folk are still scared by the turrist boogeyman, gays getting married, and corporations hiring illegal immigrants and out-sourcing works in order to meet the demand for cheap goods from those simple folk...this is the future of the USA.
Blar.
Just a thought; But what was the Operating System of Choice for those poor unfortunate Department of Homeland Security Victims?
"Slowly, one by one, the Penguins steal my sanity" - Unknown
Article needs the following tag:
Irony
Summation 2
Why don't they just move the whole operation to a classified network behind NSA Type I devices? So what if they can't surf the internet. At least they'd get work done without having to worry about people going to doublewidefantasies.com and picking up some malware.p
"Don't blink. Don't even blink. Blink and you're dead."
...as feeding 4 children in today's economy means they cannot afford fuel?
Blar.
is nothing but a politician's way of telling the public "We're doing something about it!" Actually working is a minor, secondary consideration, just like with the post-Katrina relief effort and the "surge" in Iraq.
Doing things right would invove raising taxes and/or redirecting money from pet pork projects, and putting experts in the decision-making roles rather than political hacks.
Sheesh, evil *and* a jerk. -- Jade
That goes to show that by putting "Security" as part of the department's name they actually painted a huge target on their own ass.
May I suggest going low-key next time. Information security should be handled by the Department of Fishing.
I knew you could!
I can't understand how some people don't comprehend the art of misdirection.
This is no exaggeration. As with virtually any other government employment, the DHS is filled with people who just want titles and a paycheck. Most morons know how to install windows and office and a few of those can even install a server and exchange email. Whether they know anything useful or not, they don't really care about doing more than the bare minimum to keep their paychecks flowing. I blame the way government pays and oversees people for this. There is not much in the way of pay or advancement by merit in government employ. Everyone's too afraid of descrimination suits and the like. So the only measured basis one can use safely is time in service really. Other than that, the culture is to keep your head down and do the bare minimum.
And if you think the creation of DHS was a carefully planned and well-thought-out move, I think the historical evidence speaks to the contrary.
The only solution is for detailed requirements for security and data handling. It would be more effective than not having any... they really don't have much in place now. How secure can they be with Microsoft everything running their offices?
800 includes virus infections as well. Lets see there are about 150,000 employees of DHS, so assumining there is at least 1 computer per employee, there must somewhere in the range of150,000 computers? Lets be conservative and say 100,000 computers. 800 incidents, that is less then 1%. Now take any other enterprise with that many computers, you IT guys tell me, is under 1% rate for computers without virus infections or intrusions a failure? Hell it isn't perfect, but it should be expected.
The bottom line is I dont care what kind of agency, business, enterprise, securing that many computers is impossible no matter what. You always have the human factor involved. Once you get 150,000 people thinking security (impossible to do) then you can be close to perfect..
When the first question out of the DHS pruchasing agent after the demo is 'And the name of your Congressman is?'
Yes, this really happened, it is recorded in my lab book.
Undetectable Steganography? Yep, there's an app fo
"Those who can't do, teach."
FTA
|...suffered more than 800 hacker break-ins, virus outbreaks and other computer security problems over two years...|
wonder if this includes spam?
|...In one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems...|
1 incident of hacking found. Ok then: 800 - 1 = 799 incidents (non hacking?)
|...All the problems involved the department's unclassified computer networks...|
hmmm. Isn't there some sort of prioritization of risk here, or is the being blown out of proportions? Must be an up coming budget request.
"Just a thought; But what was the Operating System of Choice for those poor unfortunate Department of Homeland Security Victims?"
'The contract, awarded June 27, named Microsoft as the "primary technology provider" to the Department of Homeland Security, supplying desktop and server software critical for the agency'
"Microsoft Corp. has hired another Homeland Security Department official for its team "
was: Re:Just Out of Curiosity
davecb5620@gmail.com
...that you could fly a 747 through!
Oops, that was in bad taste.
technical writing / development
Let's be honest, that's about all governments ever do. When was the last time you heard of a government organisation made more effective by simplifying things?
Most companies' security strategies primarily rely on two things: patching and virus scanning.
Maybe break-ins are rare for you, and you think you are doing security really well. In reality, your success is based primarily on the fact that nobody good is targeting you. The people who discover flaws, write the exploits, and create the effective viruses do NOT target your pissant little company. They target governments and financial institutions.
Once the flaws and viruses are discovered by the primary targets, you get the luxury of updating your software and signature files before anyone gets around to target you.
DHS may have security a million times better than yours, but they are a primary target, so they get hit a billion times harder.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Knowing where the gaps occurred would actually be interesting. Were there particular pre-DHS agencies or offices that had systems do well or poorly? On the server/software side, if failures occurred, were the same people or the same part of the organization in charge of those systems, or had they been shuffled around inside DHS? If you've got your own responsibilities already, odds are you're only going to have enough time to keep an unfamiliar system working, not learn it inside and out. There was a lot of institutional chaos created along with DHS (post-DHS FEMA was obviously an example). And FEMA and DHS became a dumping ground for political appointees under Bush. (Clinton, apparently, tended to load them into the Department of Commerce and a few other places).
In 2003 it was found out that that a PhD claimed by the Homeland Security Department's deputy chief information officer, Laura Callahan, was from Hamilton University of Wyoming, a known diploma mill.
wikipedia: "According to Department of Labor employees later interviewed by the media, Callahan had become increasingly difficult to work for, reacting in
a hostile way when questioned on her unusual decisions, and frequently belittling employees for not understanding the complex technological jargon she said she had acquired while studying for her doctorate." - sounds like a real asshole
Gotta agree with that. If they were competent, they'd have their own house in order.
Just as anyone here who's competent with a computer has their systems up-to-date and tuned.
...clueless power-mad bureaucrats, who care not about your safety, but only for their precious pensions.
The central question (to them) about this incident is "Was anyone's pension endangered?"
Look like.... no.
Our plan to fix this bureaucracy is to make room and add more bureaucracy.
I think the reason that people see any irony at all in these type of stories is the fact that they actually expect that the government is as good as its hyperreal image. Of course government agencies aren't infallible, but to suggest this is to deny this hyperreal, overemphasized "we're efficient, intelligent and we know things about you you don't even know" public persona. Without a sufficient belief in the agencies like the CIA and the FBI, and the belief that they are actually more informed than the masses and that the government is more in the know than anyone is aware (unless they are in the government), people would want to know where all this security spending is going (which is a problem for anyone). The government is an inept, massive body of people that is unable to act upon information quickly due to its many layers of bureaucratic bullshit and the legality of everything. The only solution to this problem is to eliminate some of the bureaucracy (firing people, which, of course, can't be done), or to eliminate the red tape (legislation, which, if you eliminate too much becomes a Bush-like grab for power), neither of which will ever be done due to the nature of the politicians in charge. So the federal government, no matter what the politicians say will continue to grow as a monolithic, insecure and ineffective beast while feeding you the image of a secure, fast, intelligent and best of class organization and terrorists with their small but efficient plans will continue to find gaping holes in the system. And that's why irony in this case can be saved for the naive and the uninformed, the rest of us see things like this coming a mile away.
Judges and senates have been bought for gold; Esteem and love were never to be sold.
I am not surprised, the shelby county tennessee homeland security office was bugged back in November. http://www.wmctv.com/Global/story.asp?s=5601452
You get accountability by rewarding incompetence with unemployment.
Other than Rumsfeld and a couple of low-level stooges from Abu Griab, no one seems to have been fired.
We reward incompetence with bigger budgets which breeds more incompetence.
Run by the most corrupt and incompetent administration in modern history has security problems with teh internets?
Really?
Talk about a non-story. I actually surprised the launch codes for our nukes, and the secret recipe for Coke, aren't on the front page of the DHS website, hightlighted with the flash tag.
I am a believer of momentum and curves.
Ok so here is the deal. DHS' network is a mesh of multiple other networks that were already in existence. This is problematic in itself as it involves a heavy amount of integration and also borders upon borders of perimeter security (each disparate agency is part of the whole but may have its own controlled interfaces for some level of separation...
Now lets go to the article. To the laymen you say 800 compromises and they go into "WOW THAT IS SO BAD" mode, but seriously come on. The compromises are mostly workstations. Now that doesn't mean they get a free pass, but its not like they have had their core servers owned by foreign states... What they should be doing is not only scanning apps, DBs, and servers and patching/hardening them appropriately, but also client-side firewalling, config control of workstations, baseline security mechanisms for remote users, centralized virus/vulnerability patching... This article does not surprise me what-so-ever and it really is not an indication that DHS security is horrible. Its not the best, but 800 is not that bad.
News Reporters Make Tasty Polar Bear Treats!
What does the Department of Homeland Security do now anyway? It doesn't seem to have very much to do other than looking over the shoulders of people at libraries to see if they're browsing porn, and then trying to arrest them until it's pointed out that they have no jurisdiction.
I mean, everyone is really keen to tell us how we're on the verge of IT meltdown, and terrorists are willing to meltdown the entire western economy through botnets (Die Hard 4), but it's just bull.
An organisation like that, with nothing to do, trying to justify itself by claiming non-existent threats is a bit dangerous to me. They then start telling us that the enemy is within, and when that enemy can't be pinpointed or proved to exist, every citizen then becomes the enemy - because.......it could be anyone. Just look at the way the UK is going with MI5, their security services and CCTV cameras up your backside.
"I actually surprised the launch codes for our nukes, and the secret recipe for Coke, aren't on the front page of the DHS website, hightlighted with the flash tag."
In a typical example of government's excellent security policies, the launch codes apparently used to be all zeros until the mid 70s. I read an article about this a couple of years back, apparently they weren't changed until some military guys pointed it out to the right people in Congress and then managed to convince those politicians that, no, they weren't joking.
And btw, regarding your sig: there's nothing new about that aspect of US foreign policy! It's been like that for the entirety of the post-War (WWII, that is) era.
If they can't secure their own office, how can they secure a country and how can WE trust them with the info they collect on us?
Only 'flamers' flame!
Does slashdot hate my posts?
I've always complained about how bad guys are breaking into CTU physically and electronically. Based on this, maybe that part of the show is realistic afterall?
Conducting surveillance on 300 million people is a big job.
We can do way better than 800...
The article actually says "800 hacker break-ins, virus outbreaks and other computer security problems over two years".
These numbers are remarkably low, if true. I once cleaned over 1000 virii, rootkits and spyware apps off the computer of a busy, filesharing teenager. 800 from 200,000 employees is pretty low. Not to mention that these are on public terminals since the real important data passes across private DoD networks (SIPRNET and JWICS. another clueless article written by another clueless reporter spreading FUD to the clueless liberal masses.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
"Gave up my civil liberties and all I got was this lousy checkpoint"
The DHS was originally mandated to coordinate the activities of all the departments and agencies that fall under their umbrella. This coordination involved open communication between the agencies and management from the top. The fact of the matter is those agencies are still not operating as one accord, and management is based upon who has the money. DHS is a good idea implemented poorly.
-Tom
It's true. I read an accredited news article some time ago that pointed this out for the fact that they wre concerned that a real code would be too easily forgotten in a high-stress crisis situation.
The eternal struggle of good vs. evil begins within one's self.
Anybody notice how similar mechanics can be to IT support? The jobs are similar even if the skill set is not.
Democracy Now! - uncensored, anti-establishment news
At what point does McShit Winfuck get classified as a WMD?
On the other hand, what do I care. Go ahead, keep using it.
you had me at #!
The DHS can't fix Microsoft Internet Explorer, Microsoft Outlook, MS ActiveX system or any part of Microsoft Windows. There is no comparison between a mechanics personal car and how "experts" can or can't protect their computers.
But hey, I'd be impressed if it were shown that the DHS, as a policy, used Firefox instead of IE and maybe Thunderbird instead of MS Outlook. I doubt they've even taken those simple steps to mitigate infection/breakin points.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
"Those who can't teach, coach"
The DHSS will just get broken into, then the hackers will use the DHSS backdoors to get into the DHS information.
At that point, you'll suggest DHSSS, won't you? Except you'll call it DHS3.
Support the 30 Hour Work Week!!!
...anyone with a computer could be a terrorist and should be thrown into jail.
I guess it's true what they say..."the Bush administration is extremely incompetent."
We have 1,470+ machines in our organization and the last time I checked with our manager of IT we'd had zero intrusions or virii (or trojans or worms etc) in the last three years. Yup, three years, zero problems like these (but some hardware failures, naturally).
Then again, we're all running OSX so it's to be expected. Hey, DHS, get a Mac!
Let us put this in context. Every organization has virus outbreaks of some form or another. It looks like DHS is actually capturing metrics that many other organizations may not. If you have not recieved an extra.dat from NAI or needed to escalate an issue to your Cisco router you are probably not taking a close look at your system. 800 events of an organization that size is neither good nor bad.
Today's hearing is expected to examine specific incidents that took place on the DHS servers, including "rootkits, classified leaks, compromised websites, bot infections, unauthorized use of networks by contractors, and viruses." The subcommittee has also identified a specific DHS network that is "riddled with ... weaknesses" and could result in data leakage.
so it includes servers
Grandparent said nothing about DHS running windows.
Lol, title says it all.
They should move in to my neighborhood. 800 breakins is a weeks work for these crooks. Of course now the crooks steal from other crooks and only end up getting their own stuff back!
How much is your data worth? Back it up now.
You need some background information first: http://games.slashdot.org/article.pl?sid=07/06/19/ 1840256
TSA (Not covered by CIA, FBI or other Law Enforcement)
4 .shtm
FEMA
Customs and Border Protection
Immigration (Former INS)
Secret Service (Not covered by CIA, FBI or any other Law Enforcement)
Coast Guards (Not covered by CIA, FBI or other Law Enforcement)
I'm no fan of them, but how about you take a look at their website if you want to know what they are supposed to do:
http://www.dhs.gov/xabout/structure/editorial_064
"... a mechanic's car is always the last to get fixed."
Perhaps it's more a case of practitioners spreading the disease?
Concentrate a lot of geeks (and computers) in a confined space, ripe conditions for viral mutation.
-kgj
-kgj
Haha.
crap.
"All the problems involved the department's unclassified computer networks, although DHS officials also have acknowledged to lawmakers dozens of incidents they described as "classified spillage," in which secret information was improperly transmitted or discussed over nonsecure e-mail systems."
Reread this last paragraph. There are two things here. Only one rally matters. First item states that all of the incidents involved the unclassified computer networks. The second item states that some classified (secret) information was transmitted on unclassified systems.
Regarding the first, who the fuck cares if unclassified info was leaked? Its unclassified. It does not involve secrets or anything that is important. Its the internet connection for people. The classified and higher networks have the real stuff. BTW, those networks are not connected to the internet or any part of the unclassified network. So, big fucking deal.
The second item is important. This means users discussed classified material on the wrong network. You can fix most of this by better training and a better IA staff.
Move along, nothing to see here. Mountain out of a mole hill. Remember, if it unclassified, it does not involve government secrets.
Who will protect the protectors?
I am on the road crew. This is my stop sign.
Or did that invoke cries of "HELL NO we won't eat our own dog food!"
Secret Service (Not covered by CIA, FBI or any other Law Enforcement) Treasury Department, which is why they go after counterfiters
Coast Guards (Not covered by CIA, FBI or other Law Enforcement) Commerce Department, except during times of way, when hey become part of the DOD.
And FEMA used to be independent and have an almost cabinet level leader.
Your ad here. Ask me how!
Is there any Federal Department of Agency that deserves to be shut down more than the Department of Homeland Security? It's nothing but a big hole we pour money into. It's one of the most incompetent departments ever created as far as executing their mission.
Not only that, we already had a department for securing the "homeland": it's called the Department of Defense.
The ironic thing is that this Department was created during the tenure of a Republican president and a Republican congress, and it has been primarily the Republican party over the last 25 years decrying big government, fraud, and wasteful spending.
That's it: who said those morons were mechanics?
ok , so its more like 1.095890410959 break in event per day but the real question is how many sippy cups did they let in? Maaah SPOOOOON is toooo BIG!
was attacked twice 8 years apart. By that metric, we aren't due for another attack until 2009.
Hmm, I wonder...
New terrorist attack for each new U.S. president? Tried it once when Clinton got into office, didn't accomplish much, no big reaction from us. Got Bush Jr. pretty good and now look at us kicking and screaming. It will be interesting to see if they try to rile up the next administration, whoever that winds up being.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
The DHS is even more basic than what you claim it is. Basically, the DHS is there to take the fall for any security agency that fails. The most common ones we've heard have been the FBI and the CIA. What we don't hear about, and which has failed even worse, is the NSA. Nobody bothers to think about the NSA. What are its responsibilities? What are DHS's? To further this, of the hundreds, possibly thousands (literally) of articles about 11 Sept. and the "War on Terror" (Mission Accomplished?), I have only come across one article that mentions the NSA. Not surprisingly, this article came not from an American source, but from the BBC. So, to become as off-topic as I will get in this post, the agency that failed the most with regards to 9/11 (which is causing all of our latest political problems) is not the Central Intelligence Agency, not the Federal Bureau of Intelligence, but the National Security Agency. And the Department of Homeland Security was created so nobody bothers to think about an organization with a name as blatantly obvious as National Security Agency because we have another agency with as stupid of a name as "The Patriot Act," (Named after patriotism or Patriot missles?) none other than "Department of Homeland Security"
If they could only procure faster: technology, personnel, etc... The government agencies could have used more cutting edge security like NACs, IDS, and IPS appliances. To be even more cutting edge they could have implemented the super stealthy Steelcape protocol and had all of their firewalls locked down. I came across Steelcape while looking for port scanning software and realized they are a security company. The protocol allows packets to go through closed ports on the firewall, and the packets themselves are encrypted with 256 RSA. Another cool thing is that the packet header has a 48 bit digital signature that regenerates very few milliseconds, which would seem to eliminate any man-in-the-middle attacks or packet hijacking. The problem is that government is so standards based by the time the implement a new security strategy, the hackers will already know how to breach it.
I hear through indirect channels (people blabbing to me about their work too much) that a non-specific financial company had around 30 million direct hacker attacks in one year; something like 0.00005% made it to the second level defense perimeter, nobody actually got into the secure network area. This is about 1500 attacks breaking through the first layer of a multi-layered defense system (DEFENSE IN DEPTH FTW).
The DHS is a bigger target. I can't give you DOD numbers, I don't have them, they're not public knowledge; however, I can tell you DOD is a logically bigger target than joe random financial institute. 800 in 2 years? what are they doing right over there?
Support my political activism on Patreon.
Every time we run "unseasoned" applications in our machine, we open ourselves up to whatever holes the programmers left in it.
Unfortunately, with today's market pressures to be "first to market", there is precious little time to beta test, so the customer has to.
Legal types have come up with all sorts of clever phrases ("hold harmless" clauses) so customers have no recourse as to being used this way. Customers desperate to remain compatible with others who have adopted this software will agree to whatever the vendors dictate.
I was at a DELL booth today, inquiring about their Linux boxes. I was shown lots and lots of Windows boxes, and urged to "go with the flow", "stay current", and buy a new Vista box. I asked him that if I offered to tender a check for his whole display if he would sign a legal agreement holding me harmless for bounced checks.
Now, I understand he is a businessman, not someone who would be held personally accountable for system failure, but he WOULD be held accountable for payment failure. As expected, he said he would not sign such a thing.
I ventured he would probably check my payment record, did I often have problems paying? Were there scores of companies out there , McAfees - Nortons - AVGs, et.al, in business to try to make my checks good?
Like my older car, which has run virtually trouble free from the 70's, I expect my software to do the same.
All I really need is an HTML browser which can interpret text(.htm,.txt), images(.bmp,.gif,.jpg), movies(.mpg,.divx), and sound(.mpg). There is no need for anything else. We just need to get these apps running trouble-free and trustworthy.
If business wants to use some weird proprietary formats "held harmless" for trustworthiness, then let them, problem is their customers that espouse trustworthy computing may never see their file.
A bank seems to have no problem denying doing business with people entering their premises with masks on their face and unverified intentions - why are we people so willing eo kowtow to business and load whatever apps they demand into our machines (IE) in order to be compatible with them? I am holding out, but I am such a minority that business just scoffs at me.
We need more people who will stand up to business and tell them if they can't use standard public protocols, they have to find their open-wallets, check signers, and credit card authorizers somewhere else.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
"I guess it's true what they say ... a mechanic's car is always the last to get fixed." ...That's cause most mechanics are smart enough not to keep worthwhile things in their cars.
$ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
She should have gotten a real PhD...like the ones from Pat Robertson's law school!
Seems like wearing the tin hat is becoming out of fashion around here, as I haven't seen anyone take the perspective that perhaps this data is not real? Who is to say that Homeland Security is not using this to get some more funding or for some other purpose? As the article states: "the agency's headquarters sought forensic help from the department's own Security Operations Center and the U.S. Computer Emergency Readiness Team it operates with Carnegie Mellon University." Now I do not know how corrupt CMU is, but sounds fishy to me. What, no outside contractor or pair of contractors to take a look at this? And even if they had used a contractor, who says the contractor would not have been paid off to lie? *takes tin hat off* Lets assume that this is all true for a moment. Does anyone else find it impressive that they were able to go through the logs, etc and actually find that they had been broken into around 800 times? I work at a community college where the IT staff is understaffed and under paid. Our first priorities always change and never is that first priority checking to see if someone's actually broken past the firewall in our "spare" time. We have more important issues such as keeping up all the crappy Dell computers as they break and replacing cisco switches and then trying to figure out the exact vlan configuration that was lost because someone did not back it up the last several times they changed it. The only time we've ever noticed that someone broke in was when they defaced a webpage. We installed some patches we were behind on and made a change or two to the firewall so that we reacted to it, but I would not call anything we've done security wise proactive. Considering that the federal government runs on a bit more money then the state, perhaps the story is believable ... but I do not know if I buy into it completely.
I always wondered how there were so many computer break ins, compromises, hacks and the like in 24 at CTU. Now I know. It was written, based on facts. :)
I guess it just shows that truth can be stranger than fiction.
Must ... resist ... urge ... to ... Godwin ...
Ceci n'est pas un sig.
The purpose of DHS is to propagate widespread paranoia and maintain a controllable level at all times. With paranoia, those in power can enjoy freedoms such as controlling the flow and subsequent market price of OIL. It's all about avarice and control, nothing more. For example, the past few years have been extremely profitable for the "good 'ol boy" club. They have literally raped the American people (and the rest of the world for that matter) of trillions of dollars of national wealth and shipped it into offshore accounts. Hailburton has moved it's corporate headquarters off shore (posted here on /. recently).
Managing threat levels and paranoia also function as a great smoke screen. For example, when caught with your pants down with a young boy, or busted for some scandal, raise threat levels, tell everyone they are all going to die, the terrorists are coming for your children, run for cover screaming AHHHHHHHHHHHHH. Works every time!
Another side effect of general paranoia is that they can side step the Bill of Rights and conduct illegal surveillance and wiretaps of any citizen.
The one thing republicans love as much as acquiring other peoples money is wiretapping and spying on citizens and/or dissenters. They have a long history and tradition of illegal wiretapping. Nixon got in trouble with it and Reagan enjoyed an unfettered use of it. All in the guise of national (in)security. If they could have a camera in everyones home they would be in hog heaven.
"Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
they just had to go with windows. Government IT is pathetic. The types of sensitive documents on government computers just cannot be trusted to windows. Either Mac or Linux, probably better that it be SELinux or some other good distro. Its not like government workers need windows and there is no reason that they need Office 2007.