Pentagon Hid Magnitude of Data Loss From Recent Breach

blueton tips us to a brief story about recent revelations from the Pentagon which indicate that the attack on their computer network in June 2007 was more serious than they originally claimed. A DoD official recently remarked that the hackers were able to obtain an "amazing amount" of data. We previously discussed rumors that the Chinese People's Liberation Army was behind the attack. CNN has an article about Chinese hackers who claim to have successfully stolen information from the Pentagon. Quoting Ars Technica: "The intrusion was first detected during an IT restructuring that was underway at the time. By the time it was detected, malicious code had been in the system for at least two months, and was propagating via a known Windows exploit. The bug spread itself by e-mailing malicious payloads from one system on the network to another."

Windows strikes again.

[urcreepyneighbor]

was propagating via a known Windows exploit. DARPA may want to rethink funding OpenBSD. :)

The DoD doesn't need Windows, we need bunkers.

Re:Windows strikes again.

[NeverVotedBush]

It's to the point that you would think Microsoft itself would take an interest just for patriotic reasons.

It's also apparently to the point that the US government ought to consider dropping Windows entirely.

That, or maybe we should all just set our login names to Bejing and the password to China. Just let them have the run of anything we have of value.

Running Windows just slows them down a little. A very little.

Re:Windows strikes again.

[Sfing_ter]

Perhaps you should tell it to your congress critter what inhabits the Armed Services committee and also takes the campaign dollars from Microsoft (employees only to be sure), and forces the pentagon to use the good patriotic software. Oh and are you gonna be the one to tell the general that if he does not understand how to drag and drop with the "pointer thingy" he can't have access to secure data. :D

Thumbin on the tubes, waitin for a truck... full of email.

Re:Windows strikes again.

[__aaclcg7560]

The Pentagon should take the CIA approach to a secured Windows computer: a single Windows computer in a locked room with no network connections to any other computer.

Besides, everyone knows that folks at the Pentagon uses Windows computers to play minesweeper.

Re:Windows strikes again.

[SethJohnson]

2) Decent firewall alerting you to connections to chinese IP space,

Duhh.. these guys weren't amateurs. They wouldn't have been communicating directly with the compromised hosts. There'd be like three or more hops of compromised boxes between them and the Pentagon. Not to mention that the intrusion might have originally been thanks to a viral botnet where the controllers recognized some interesting IPs within their herd. Then used the command-control structure to issue specific commands to those boxes to further infiltrate the Pentagon. Probably was always outbound connections uploading data and grabbing new marching orders (encrypted in both cases).

Seth

Re:Windows strikes again.

[ILuvRamen]

is that because naturally, bunkers don't have windows...cuz they're underground. Sorry, couldn't help it.
Anyway, this is a fucking joke. We have better security than this at the hospital where I work and that's just patient records and stuff. Why don't they hire people who know what they're doing instead of picking just whoever off monster.com or whatever idiotic thing they did that resulted in such a pathetic state of security? If I ran the IT systems for them, I'd say you really know what you're doing or you're fired and that's that.

Re:Windows strikes again.

[Hemogoblin]

Speaking as someone who has worked as an Immigration Officer with the Canada Border Services Agency, I can say that our immigration laws are quite fine, thank you. In addition, our antiterrorism laws are quite robust, and I would argue that the United States' laws are needlessly draconian. Thank you for your time.

Re:Windows strikes again.

[pwizard2]

Why don't they hire people who know what they're doing instead of picking just whoever off monster.com or whatever idiotic thing they did that resulted in such a pathetic state of security? If I ran the IT systems for them, I'd say you really know what you're doing or you're fired and that's that.

I have a hunch that it's simply because the good people aren't willing to work for what the Pentagon is willing to pay. Public sector jobs are very seldom as lucrative as what can be found at the right places in the private sector.

Re:Windows strikes again.

[Foobar+of+Borg]

does anyone realize the only actualy classified or beyond is not even accessible from the internet?

Oh, damnit, there you go again, interjecting facts into this. You don't understand. This is slashdot. We don't need facts! We need sensationalism and sheer, unadulterated panic. That's why it's called "News for Nerds". The news gives us panicky, psychotic bullshit. Slashdot also gives us panicky, psychotic bullshit, but panicky, psychotic bullshit for nerds. Also, it's duped as often as you see stories duped on CNN Headline News.

Re:Windows strikes again.

[codepunk]

You are right about that point but all the others he made are still valid. No way should this thing have been on the network for over two months without being detected. Considering this is the pentagon we are talking about here it should have been detected immediately. Hell snort would have picked up on it in seconds. I do not think they are script kiddies either but a node firing email trojan payloads as this suggest is damn trivial to detect.

Re:Windows strikes again.

There's also those higher-ups (at least in the USAF,) that decide that they need to have ActiveX, Java, Javascript, and Flash enabled on all of the boxes so that everyone can see the latest briefs and presentations using all the flashy bells and whistles.

Re:Windows strikes again.

[fastest+fascist]

If they let their security be compromised via a KNOWN exploit, I don't see that they'll have much luck with other systems than windows, either...

Re:Windows strikes again.

[NotBorg]

1) Intrusion Detection Software 2) Decent firewall alerting you to connections to chinese IP space, 3) network anomaly detection software

When did these things start coming with Windows? Not even server editions of Windows come with that stuff. However, I can think of a competing OS that does ship with these wonderful things.

4) patching your damn boxes!

Sure thing. I'm not going to say heads shouldn't have already rolled over there at the DOD IT Department Department. Heck, even the idiotic users should be slapped around a bit. But--deep breath--what if MS servers DID come with nice IDS and Firewall software? Maybe graduates of the "I'm a Windows administrator" class would know a few more things to double-click. Maybe.

If its so well established that these things are necessary, why doesn't Microsoft include them? Call me a troll. Yeah, I blame Microsoft as well for not including powerful network security tools.

blame the admins...............check, check, check
blame the user.................check
derogatory references to DOD...check
blame Microsoft................check
state you that are trolling....check

I think we're done here.

Re:Windows strikes again.

[Splab]

You forgot to blame Canada.

Re:Windows strikes again.

[cybergal555]

OK guys. Selling into Defense areas of the Government I know what those individuals protecting unclassified areas are very frustrated. They are told they have to use inferior products that are known not to protect the network and enterprise because they are on the approved vendor list. JOKE. Some of the 'good ole boys' are on the board of directors of those said companies that products 'suck'. Some of the things I know about what goes on behind the scenes would frustrate the best of you...as it does me. I know because I spoke with those individuals that called me frustrated because they knew certain products were indeed the best choice, but were told no. It is all a big joke when people are more interested in padding their pockets than protecting our infrastructure..... So, some of you bleeding heart liberals, better get ready to bend over and put your head between your legs and pray, because, indeed we are being compromised....in more ways than you might believe. It is all about the money, money the sites don't have to protect us and money that certain people receive if they win the big contracts.

Re:Windows strikes again.

[budgenator]

Oh and are you gonna be the one to tell the general that if he does not understand how to drag and drop with the "pointer thingy" he can't have access to secure data. :D
You mean like this one

Rear Admiral Grace Murray Hopper (December 9, 1906 - January 1, 1992) was an American computer scientist and United States Navy officer. A pioneer in the field, she was one of the first programmers of the Harvard Mark I calculator, and she developed the first compiler for a computer programming language.[1] Because of the breadth of her accomplishments and her naval rank, she is sometimes referred to as "Amazing Grace".

Hopper was born Grace Brewster Murray in New York City. For her prep school education, Hopper attended the Hartridge School in Plainfield, NJ. She married Vincent Hopper (a Ph.D. in English who for many years was chairman of the NYU English department) in 1930, but they were divorced in 1945. She graduated Phi Beta Kappa from Vassar College with a Bachelor's degree in mathematics and physics in 1928 and pursued her graduate education at Yale University, where she received a Master's degree in those subjects in 1930. In 1934 she received a Ph.D. in mathematics. Her dissertation was titled New Types of Irreducibility Criteria[2]. Hopper began teaching mathematics at Vassar in 1931, and by 1941 she was an associate professor. Grace Hopper

Few professions are expected to have the education of a US Solder, Sailor, Marine or Airman, haa your Employer ever been to a continuing Ed course that was 8 to 16 hours a day for 16 weeks?

Re:Windows strikes again.

[phoenixwade]

does anyone realize the only actualy classified or beyond is not even accessible from the internet?

Oh, damnit, there you go again, interjecting facts into this. You don't understand. This is slashdot. We don't need facts! We need sensationalism and sheer, unadulterated panic. That's why it's called "News for Nerds". The news gives us panicky, psychotic bullshit. Slashdot also gives us panicky, psychotic bullshit, but panicky, psychotic bullshit for nerds. Also, it's duped as often as you see stories duped on CNN Headline News. How sad. What you say may be true, the slashdot community may be made up of snarky thrill seeking no-lifers with a taste for sensational bulshit. But that is totally separate from the simple fact that the Rules may dictate that classified data has no access to the internet, but users are notorious for ignoring and being ignorant of the rules. Remember the stolen laptops with classified military personnel records on them that were recovered in 2006? The ones with active email clients on them? That would be.... ummmmm...... Classified Data with an internet connection...... Wow.... And you said it couldn't happen and we were all just sensationalist.... Oh, well.....

Re:Windows strikes again.

[Jarik_Tentsu]

Don't forget to mention some kinda overall consistency. Doesn't matter if half your network is as impenetrable as your high school crush when the other half is as easy as her slutty best friend.

~Jarik

Re:Windows strikes again.

[dbIII]

That is like blaming those that take the bribe and excusing those who offer them of all blame.

Now that I think about it this may not just be an analogy.

Re:Windows strikes again.

[yuna49]

I don't know of any large Chinese controlled botnets

Why would you? I doubt they'd be out selling access to their network to spammers. We're talking about military espionage here after all.

Re:Windows strikes again.

[Deanalator]

How about you try and find an admin that has a decent understanding of security that will work for 40k. I have actually looked at working security for some government facilities, but I can make 2 or 3 times as much working in industry. Maybe if they cut down a bit on the ridiculously overpriced contracts, they would be able to pay their in house people decent wages.

Re:Windows strikes again.

[Vancorps]

With the firewall exception Windows does some with the IDS you are referring to. Network monitoring is deeply ingrained and has no trouble reporting to a syslog server. The problem is the effort it takes to setup a proper IDS so that it doesn't overwhelm you with false-positives which is really the same with any IDS package. Microsoft likes the basic approach that comes with Windows and then the advanced approach they get through their Operations Manager software. Of course now it's being rolled and merged with SMS so patching should become simpler as well.

The problem is either incompetent administrators or overworked admins. I've seen both lead to those kinds of issues. The other problem is that the data was on the computers to begin with. In this day and age with centralized storage from NetApp, EMC, Hitachi, etc... there is no need for workstations to even have hard-drives, especially in a security conscious organization. Security isn't easy thats for sure but it's certainly not impossible with what Microsoft gives you out of the box. If you really want to you can always turn on TCP/IP filtering and disable 25 either ingress and/or egress. Of course that's only a patch as a proper botnet client would call home and find a new port to send on through a proxy. Of course email should be blocked at the firewall as well doing deep packet inspection on any port.

So in short, Microsoft does provide some powerful network security tools. A lot of them are even free even if they don't come on the Windows cd. The Baseline Security Analyzer is free for instance and makes securing Windows boxes en masse a pretty simple task.

Re:Windows strikes again.

Is it not true United States handles much more immigration than Canada has and ever will with the amount of people allowed in.

It is pretty easy to handle immigration when you don't have millions determined to get across(Mexico) and it is frozen to hell for the rest of the time.

Re:Windows strikes again.

[v1]

I thought the government network was an isolated intranet? I've been told by several IT people that work in the government that they have no mercy for someone caught creating a physical link between the internet and the military intranet. OK so maybe not the pentagon. Maybe that needs to change.

Re:Windows strikes again.

[NotBorg]

1. You don't need a physical link for classified material to end up on an unclassified machine (network). All you need is an idiot and a keyboard.
2. "Unclassified" doesn't mean the same thing as "cannot be used to harm." They had access to entire email boxes. That's enough to select and profile a weak target for the social engineering aspect often involved in defeating security systems. That's just for starters.
3. Why would you ever consider attack on your organizations systems anything other than harmful?

Yes, having multiple physically separate networks is a nice security feature. But, nothing will save you from bad users. Security does matter on unclassified machines. Security IS an activity the WHOLE organization has to be on board with.

Re:Windows strikes again.

[CorSci81]

Classified networks are kept physically separate from the unclassified networks and the internet. However, most classified projects aren't that outlandish and given enough "unclassified" clues from several users inboxes it wouldn't take a genius to fill in the blanks. It won't get you the technical specifics of what's been accomplished or designs for classified technology, but it's not hard to figure out what your opponents are up to and if they think it's working.

Re:Windows strikes again.

[SethJohnson]

Sorry if my response sounded condescending. Using the 'duhh' opening usually is insulting and I didn't mean to underestimate your comprehension of this situation. As I re-read my post, I regret that word choice.

Seth

Re:Windows strikes again.

[sz.evolution]

I think that if the government were to adopt opensource software, that this would lead to a lot of people trying to contaminate the code with built-in backdoors.

Re:Windows strikes again.

[Nibs+Niven]

"So, some of you bleeding heart liberals, better get ready to bend over and put your head between your legs and pray, because, indeed we are being compromised" What does that mean? Do you actually believe that "bleeding heart liberals" are in favour of an incompetent/corrupt military?

Re:Windows strikes again.

[call-me-kenneth]

I don't think you know as much about this as you think you know...

Network monitoring is deeply ingrained and has no trouble reporting to a syslog server. Network monitoring? In Windows, by default? Link, please. (Yeah, I know Event Logs can be piped out to syslog; that's not network monitoring.))

Of course email should be blocked at the firewall as well doing deep packet inspection on any port. And are you blocking ssh outbound? Well done you. What about https / SSL?

Microsoft does provide some powerful network security tools. A lot of them are even free even if they don't come on the Windows cd. The Baseline Security Analyzer is free for instance and makes securing Windows boxes en masse a pretty simple task. MBSA is a pretty superficial tool. Eg. it doesn't list all the auto-started Windows services you don't need running. That said, you're absolutely right that many shops either don't know about, or don't use the gratis Microsoft tools. Eg., with GPOs you can lock clients down pretty well. It does take a few weeks to work through Threats & Countermeasures and the XP Security Hardening Guide, but that's as it should be; there's a lot to cover and you need to do some work to understand, and then test, all your settings. Finally, properly securing anything is never a "pretty simple task".

OK, lecture over ;)

Re:Windows strikes again.

[kir]

"Speaking as someone who has worked as an Immigration Officer with the Canada Border Services Agency. . ."

". . .and I would argue that the United States' laws are needlessly draconian."

I see you've followed the check list.

• Make a meaningless statement of one's position of authority - check
• Bash the United State - check
• Receive a "Score 5: Interesting" from all the slashdot Sturmabteilung - check

Re:Windows strikes again.

[cybergal555]

Liberals are know for budget cuts....that is what I mean. Just look at the wiretap bill. Knowing what I do know, it is sad that many of the bleeding heart liberals in the 'HOUSE' are the ones that will be crying, realizing what they did to protect our rights, will basically be what was responsible for contributing to the fall of America. My feeling is, why be concerned with 'wiretapping' if you have nothing to hide. Unfortunately we are not living in the time period before September 11, 2001. We are post 9/11 and well, our freedoms are what contributed to those terrorist acts. Is the HOUSE that stupid to believe we are not on a regular basis stopping attacks? We are, and that is not made public or we would all be afraid to 'go to work', 'travel', run errands and basically 'come out of our homes'. We are able to live our lives because of what those 'wiretapping bills', our military, and everything else many liberals are fighting against. This all annoys me, that people cannot see beyond their own selfish acts of what they believe are protecting our freedoms. In fact they are putting our freedom at RISK!!!!

Re:Windows strikes again.

[Vancorps]

I may not know as much as I think I know but this definitely exists, combined with auditing on ports you know you don't use and you can have a bunch of real-time information about your Windows box. A Deep packet inspection firewall will by no means protect you from everything but SSH over the Internet is certainly blocked for the corporate network I'm responsible for along with inbound and outbound SMTP to anything but my authorized email servers.

There are ways around every system of course, security is always a learning process. Securing Windows once I'll agree isn't a simple task, but securing en masse once you've figured out the one is pretty darned simple especially for me with SMS and MOM deployed. I'm limited only by the number of alerts I want to be interrupted by.

I might add the sysinternals is now owned by Microsoft and their products are still offered for free. There are dozens of tools right there.

Re:Windows strikes again.

[call-me-kenneth]

Oh, don't get me wrong, MS security's come on leaps and bounds since 2003. I mean W2K3 and XPSP2 really are properly securable whilst still in a usable state, which is a major step fwd, and the many excellent management tools aren't used nearly widely enough (or to their full potential).

A packet sniffer is not an IDS, and why would you want to monitor activity on closed ports anyway? Traffic anomalies such as spambot infections, blaster type worms etc should show up on your normal network management system, plus firewall logs, internal router /switch logs etc (which natch produce a pageful of pretty mrtg/rrdb charts so you can see at a glance what's going on... cos I'm sure you live in the marvellous land of Theory, same as I do ;) )

Anyway, exploitation these days comes via normal traffic flows via "authorised, approved" applications. You see normal http traffic in and https out, whoops one of those files was a trojan'd flash applet and the outbound SSL is the botherder's control channel.)

Safe?

[anagama]

Who will protect us from the Pentagon?

Re:Safe?

[mcpkaaos]

Who protects you from them now?

Re:Safe?

[thatskinnyguy]

We are supposed to protect ourselves except we all kinda forget that part of the Constitution.

Re:Safe?

[Opportunist]

Hey, a people is only as good as its government, and a government only as good as the people it represents.

So it's quite logic that the people forget about and ignore the constitution. They have a good role model for it.

Re:Safe?

Hey, a people is only as good as its government

Not everyone is a Good German.

Re:Safe?

[sgt_doom]

A thought - if "they" could happen to do this around 24 hours just prior to the 2008 Presidential Election, and likewise do the exact same thing to S.A.I.C., Hicks & Associates, ManTech International along with a few others, perhaps it may be possible to sustain an honest election after all......Otherwise, we know who will be manipulating the process....Unless, those responsible also penetrated the systems the group within the Pentagon will be using to manipulate the national elections, in which case, the Chicoms - assuming it actually is them - will be the controllers.....

Hmm...

[calebt3]

So they snuck in through broken Windows?

Re:Hmm...

[Walt+Dismal]

Well, it was more like a Chink in the Windows...

windoze

By the time it was detected, malicious code had been in the system for at least two months, and was propagating via a known Windows exploit.

BSD

Let me show you it.

Is this supposed to be some sort of scandal?

[unassimilatible]

I guess the standard and proper response to espionage would be to publicly confirm the value of the intelligence to the Chinese?

What is it with you people? Is there no such thing as a state secret anymore? Should the Pentagon just list all its secrets on its Web site and get it over with? Let's just post all the targeting information, launch codes, encryption keys, advanced weapons and defense systems. etc. Let's just post it all on .mil in the interest of openness.

Not everything is a scandal folks! Nothing to see here, move along.

Re:Is this supposed to be some sort of scandal?

[jo42]

Nothing to see here, move along. "Military Intelligence At Work" springs to mind...

Re:Is this supposed to be some sort of scandal?

[VirusEqualsVeryYes]

Let's just post all the targeting information, launch codes, encryption keys, advanced weapons and defense systems. etc. Let's just post it all on .mil in the interest of openness.

Well, the Air Force did send that stuff to mildenhall.com ... that's close to .mil, right?

Well, close enough for government work, evidently.

Re:Is this supposed to be some sort of scandal?

[Mork29]

No "state secrets" were lost. If something is "secret", then it's "classified". If it's classified, then it isn't being stored on a system that has access to the internet, directly or indirectly. According to the article, (yes, I read it...) there was some sensative information lost. This is not going to be launch codes or anything that's even remotely that valuable. I'm not saying it's no big deal, I'm saying that it's not nearly as big a deal as you're trying to make it out to be.

Re:Is this supposed to be some sort of scandal?

[glitch23]

If they don't disclose everything then some people on Slashdot (and elsewhere) will complain that the US government doesn't divulge every last tidbit of information, whether it is related to national security or not. All they care is whether the government lies or not, not whether there is a legitimate reason for doing so.

Re:Is this supposed to be some sort of scandal?

[ATMAvatar]

A government agency that had the foresight and intelligence to place their classified material only on systems that had no access to the outside world would also be one that didn't run un-patched windows boxes and could tell when they were compromised long before days, weeks, and especially months passed.

I have no such confidence that there wasn't at least a little classified data on the compromised machines, given the gross incompetence shown here by the Pentagon. Remember this is the same agency that has released PDF documents with blacked-out sections that could be revealed by cutting the text and pasting it elsewhere.

Re:Is this supposed to be some sort of scandal?

No "state secrets" were lost. If something is "secret", then it's "classified". If it's classified, then it isn't being stored on a system that has access to the internet, directly or indirectly. According to the article, (yes, I read it...) there was some sensative information lost. This is not going to be launch codes or anything that's even remotely that valuable. I'm not saying it's no big deal, I'm saying that it's not nearly as big a deal as you're trying to make it out to be. How can anyone claim with a straight face that no classified data is stored on systems connected to the internet? Considering the incompetence of the government and their employees demonstrated again by this incident, this cannot be true at all.

Additionally, the launch codes most certainly still are "000000" - another proof that convenience always wins over security.

Re:Is this supposed to be some sort of scandal?

[Svartalf]

Considering that classified info has been leaked from systems that shouldn't have had them on there in the past, I would be...hesitant...to make such
a bold claim. What is supposed to be done and what ends up happening with information happens to be two radically differing things at times.

Just because it's only supposed to be on trusted systems doesn't mean it stays on them or that people strictly follow the rules
because the rules are oftentimes very constraining and they're in a hurry, etc.

Re:Is this supposed to be some sort of scandal?

[failedlogic]

While I haven't worked in military or aerospace, I would hope this would have government and military reconsider sharing sensitive information of any kind over the Internet regardless of the OS, encryption and other factors. IMO, the metal briefcase and handcuff method seems much more practical and isolates a leak to only a few people and not everyone that has access (internal or external) to the network. In this case, the Internet is much too big a network and the honey-pot (the Pentagon) is surely the dream of most foreign spy agencies and criminals to hack/crack/steal information from.

I just think that with all the lives at risk, there would have to be a better way to protect as much information as possible (I'm not saying all information) from getting into the wrong hands.

Re:Is this supposed to be some sort of scandal?

[rodgster]

I remember "playing" with a program "Up Yours" that IIRC was responsible for crashing the whitehouse email server back when Clinton was at the helm.

IIRC many of the preloaded open relay mail servers were *.mil

So looks like the more things change the more they stay the same. :(

Re:Is this supposed to be some sort of scandal?

[giminy]

No "state secrets" were lost. If something is "secret", then it's "classified". If it's classified, then it isn't being stored on a system that has access to the internet, directly or indirectly. According to the article, (yes, I read it...) there was some sensative information lost. This is not going to be launch codes or anything that's even remotely that valuable. I'm not saying it's no big deal, I'm saying that it's not nearly as big a deal as you're trying to make it out to be.

Hate to break it to you, but there are a ton of connections between classified networks and the Internet. The connections are generally made via high assurance gateway devices (usually a few systems that work together to protect the connection). Wikipedia has a general article here. There are some of these things actually in use, and their use is a lot wider than you would expect.

In my previous life, I worked for the DoD's head of cross-domain solutions as a research weenie and pen-tester. I'm quite the skeptic about the way the cross-domain world is run: the solutions are all based on super-old and kludgey software, and DoD has been too terrified of risk to admit that it needs to come up with higher-assurance solutions.

Also, there's too much data on DoD's networks to be accurately classified these days. Classification levels are supposed to determine how detrimental a leak would be to national security, but typically a few unclassified documents are assembled into one place and the result is classified. It's also worth noting that in an ideal case, only unclassified material will be on the unclassified network, but security violations happen all the time. At one of my previous employs, a contractor was caught taking a USB hard drive home (as in, to his house) from a classified lab. He got a slap on the wrist. Later, he got a job working for Defense Intelligence. I can only presume that his clearance was not affected.

I was a big proponent of "disinformation" while I was a research weenie: seeding bogus reports, making up totally insane presentations for research projects that weren't real, etc. I think it's a good area for DoD to invest in the idea, as in creating a 'disinformation czar' (or preferably one or two of them per research lab). Let the Chinese steal fake documents and let them waste their money reacting accordingly, I say...

Not stolen!

[Subm]

This is Slashdot. The data wasn't stolen. It was copyright infringed.

When will everyone learn the difference?

The solution is obvious: sic the Mafiaa on the attackers.

Re:Not stolen!

[siddesu]

You're so _obviously_ new here. US government data isn't copyrighted.

Duty of the Federal Government

[BoRegardless]

The prime requirement from the constitution for the federal government is to protect our country, & yet they can't be bothered to patch known holes in their systems :-(

The DoD Uses Windos????

[SRA8]

The DoD Uses Windos???? This sounds like a Court-Martial-able offense!

Re:The DoD Uses Windos????

[VirusEqualsVeryYes]

What? A large government contracts large corporations?

Who knew?

Re:The DoD Uses Windos????

We all know that happens. And certainly we can assume that lots of computers at the DoD use Windows. But they are using it to store our most important secrets? That is unacceptable. Especially when there are way better options available for this type of task. Regardless the earlier poster is right. That data should not have been accessible from the internet.

Re:The DoD Uses Windos????

[budgenator]

They use Windows and are working hard to keep it that way. My kid went to a 2 week Linux course they never even learned that X windows was available and did everything from the command line to make Linux artificially difficult. They did the same thing to kill JINTACCS which was a military version of XML; I was an infantryman in the National Guard who wasted a whole day learning to file a Naval mine field report, and that was in a "train the Trainers" class.

Not keeping up to date on fixes?

[onefriedrice]

In all seriousness, if it was a Windows exploit that had been known for months, there should have also been a fix I would think. So is the Pentagon not installing their security updates or what? This is ridiculous.

It wasn't the Chinese...

It was the British, I know this becau.. LINE TERMINATED.

Here Is A Fun April Fools Joke for the Chinese

[NeverVotedBush]

OK, all you government workers - especially those in the military, CIA, or NSA that are running Windows on open networks.

Compose a few Microsoft Word documents about a planned nuclear attack on Beijing on the opening day of their olympics. Make it sound nice and juicy, say a few things about ICBMs, nuclear submarines just off their coastline. Mention the proposed megatons and expected damage. Talk about a free Taiwan

Let them chew on that.

Re:Here Is A Fun April Fools Joke for the Chinese

[mcpkaaos]

by NeverVotedBush

After that idea, I almost want to think you are Bush.

Re:Here Is A Fun April Fools Joke for the Chinese

whoosh

I think the parent was merely suggesting a way to trace the leak, via a Word document, and at the same time, let the Chinese be very afraid.

Re:Here Is A Fun April Fools Joke for the Chinese

[smoker2]

Yeah, that's a really good idea.

$TRILLIONS for Insecurity

[Doc+Ruby]

We're paying the Pentagon and the spy agencies over $500 BILLION a year. That's well over $3 TRILLION spent "protecting" us since the 9/11/2001 "wakeup call" that should have told us national security isn't merely a big army. The Vietnam War cost "only" about $600B, during the height of the Cold War.

Feel safer?

Re:$TRILLIONS for Insecurity

[Adambomb]

While i agree with your overall point, those are relatively poor metrics to base it on.

The vietnam war cost 600B$USD considering 1968 USD.

If you consider inflation based on the first inflation calculator google link that I clicked, plugging in 600B$ from 1968 yields:

What cost $600000000000 in 1968 would cost $3688102617038.20 in 2007.

thats 3.68 trillion in north american terms no?

Re:$TRILLIONS for Insecurity

Well, it's cost more than Vietnam, but a lot more American troops died in Vietnam than died in this latest e-mail fiasco, so...which would you rather have? (Although comparing 'Nam to unpatched Windows machines...nevermind.)

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

No, you're wrong.

The Vietnam cost of $600B is in 2005 dollars. Using your calculator, that's already over $653B.

Iraq alone has already cost more than that, well over $700B.

And if you're interested in using a calculator, look into the fact that at least 80% of Iraq's cost is borrowed money, which (at typical 30 year Treasury bond rates) costs 155%. So that's already going to cost well over $1 TRILLION. And that's just Iraq, which has made us a lot more threatened.

Feel safer?

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

This email breach didn't cost more than Vietnam, Anonymous doubletalker Coward.

Re:$TRILLIONS for Insecurity

[dbIII]

Bah! Have 300 Euros. That should about cover it next week.

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

:)

One reason the dollar is trash compared to the Euro is that Europe hasn't wasted as nearly much on military operations as the US. That trashes a currency, when the government printing it looks so reckless, and creates so much debt in the effort.

A look at Canada is even more instructive. The Canadian dollar is now worth more than the US dollar. I can't remember any time that's happened in my entire life. All those years scoffing at Canadian pennies mistakenly included in my change, throwing them away, is now coming back to haunt me.

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

Moderation +2
    80% Insightful
    20% Troll

TrollMods must be getting checks cut from all that wasted money.

But they still don't have any reason to feel safer. In fact, they all look like they're scared out of their wits all the time.

Re:$TRILLIONS for Insecurity

[evilviper]

at least 80% of Iraq's cost is borrowed money, which (at typical 30 year Treasury bond rates) costs 155%.

Don't worry, runaway inflation will take care of that! In ten years minimum wage will be 7-figures.

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

The rest of our destroyed economy will be borrowing inflated money at ridiculous rates entirely from foreigners, once we can't even pretend we're rich anymore.

Re:$TRILLIONS for Insecurity

[Adambomb]

Ack, the saying is entirely wrong.

I only made an ass of me =( with that assumption.

I stand entirely corrected.

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

That's OK. It gave me a reason to do the math on the actual Vietnam inflation, which is even worse. And the actual Iraq debt, which puts it over $1T.

In fact, the actual numbers of each wars are certainly higher. The reports on which they're based are purposely smaller, and there is lots of covert budget not reported.

For kicks, imagine what the US could have done with either of those budgets if we'd invested them constructively. For example, there were about 25M Iraqis when we invaded (we've killed hundreds of thousands, and driven off millions now). If we'd given each and every Iraqi $25,000 (including children and old people, in every family), we'd have spent as much, and certainly gotten more. Hell, we could have gotten practically all of them to do whatever we wanted for $5000 per person, and look to everyone like the best friends in the world. They'd have let American oil corps have whatever deal we want.

Imagine if we just left Iraq alone, and invested that $1T in Americans. That's about $10K per family. If we'd invested it in just tech workers, that's probably $100K per. In scientists, probably a quarter-million each. Squandering it in Iraq was about the stupidest way we could have possibly spent it. No wonder the Pentagon is hiding so much.

Re:$TRILLIONS for Insecurity

[sgt_doom]

Not counting that "missing" $2.3 trillion, reported shortly before 9/11/01, of course. One can buy an awful lot of voting machine companies and "defense" and "security" companies for that many bucks, of course.

All that money must be what allowed our (Der) Homeland Security to stage all those phony ops - against Scott Ritter, against all those so-called "terrorists" (of Libery City, Miami, and elsewhere).

This post is meant as supportive of DocRuby's primo post. Best way to critique the CIA - read, compare and contrast the book written by yet another submediocrity hired by the CIA (Class II), against the episode from This American Life (2.23.2001) concerning Zora, a CIA applicant who was super-qualifed, but was, of course, turned down for the job.

AWESOME!

I for one am thrilled to see these idiots get F'd in the A... Incompetence always catches up with you eventually.

I guess...

[tmosley]

I guess that upgrade to Vista didn't go to well for you guys, huh?

Re:I guess...

[mcpkaaos]

Vista wouldn't run (the box said the machines could handle Home Basic but it just didn't work out that way) so they rolled back to ME.

Re:I guess...

[__aaclcg7560]

The computers accidentally got patched "Mini ME" on Patch Tuesday. A lot of Pentagon users been bitten in the nuts since then.

All joking aside

[Maxo-Texas]

I think it is time for any signifcant secrets to be inside a separate network with a different operating system-- and one that is built from the ground up to be secure from buffer over run attacks and similar performance enhancing flaws.

Re:All joking aside

I think it is time for any signifcant secrets to be inside a separate network Or just move them around constantly, as if in a cloud, obscuring the true location of the data through very complex levels of abstraction, all proprietary, which themselves change over time. Couple this with an isolated network that actually cannot inter-operate with other protocols, that is only live and accessible after a certain sequence of events (only partially automated, if at all) are performed (one time, of course, after which the sequence is never again used).

The fact that the Pentagon attempted to secure data using off-the-shelf equipment demonstrates that they a) aren't very serious about security or b) were not actually breached and are banging the drums for some other reason. I know which way I'm leaning (damn you Microsoft! just kidding).

army net security is indeed ridiculous.

[r00t]

Sysadmins must apply patches IF AND ONLY IF they are army approved.

Sounds decent so far, hmmm?

The army has some committee that regularly decides which patches to approve.

Still not too bad, hmmm?

The committee approves patches for things that are being actively exploited.

Ponder that one for a moment. It means that every security hole will be exploitable on the army networks. Every security hole gets a chance, since "not exploited yet" means "not a problem".

Re:army net security is indeed ridiculous.

As a army sysadmin that is bogus. Every sysadmin is authorized to patch and maintain a secure system regardless of the offical reporting status. From one of the offical emails I recieve sending me bug reports...

4.0 (U) REGULATORY REQUIREMENTS: Army personnel are reminded that they do not have to wait for an IAVM to patch their systems IAW AR 25-2 Chapter 3-3a (6) all System/Network Administrators are required to ensure secure configurations to include all pertinent patches and fixes by routinely reviewing vendor sites, bulletins, and notifications and proactively updating systems with fixes, patches, definitions, service packs, or implementation of vulnerability mitigation strategies with IAM or IAPM approval.

Now some IAM or IAPMs are more responcive than others to be sure, but that does not mean that they are ok just letting things go until they get exploited. Issues are evaluated soley on risk. I have yet to get a IAVM in the last year that was actively being exploited and had not recieved either a patch or mitigation directions from my higher HQ. I am reading the same stuff directly from JTF-GNO that these sysadmins probably read as well (if they dont then they should have). This looks more like sloppy especially given the level they are at.

Poem

Me Chinese,
Exploit SOCKS
Me Put Malware
On Your Box

Me Chinese,
Go To Town,
Me Pull Fast,
Your Data Down

Me Chinese,
Make Cheap Shoe
Take You Secrets
Laugh At You

Me Chinese
Let You Think
Here You Go
Bring You Drink

Me Chinese,
Me Play Joke
Me Put Pee-Pee
In Your Coke

Re:Poem

[Sfing_ter]

wish i had some mod points, as i am pissing and weeping at the same time.

Re:Poem

Me Put Pee-Pee
In Your Coke That's about all you could do with that yellow three incher.

Mafia? No, I don't think so.

[Ungrounded+Lightning]

The solution is obvious: sic the Mafiaa on the attackers

That didn't work when the US tried it on Castro. (But the mafiosi DID laugh all the way to the bank.)

The Mafia is very overrated as a tool for governmental clandestine activities.

They're CROOKS! DEAL with it!

Gary McKinnon showed the way with .mil

[AHuxley]

Gary McKinnon is accused of cracking into 97 United States military and NASA computers in 2001 and 2002.
He talked of blank MS passwords and using a tiny Perl script.
So maybe you do not crack or hack MS Pentagon computers but just surf on in.

http://news.bbc.co.uk/2/hi/programmes/click_online/4977134.stm

You know, one time we had a box DoS, for 12 hours. When it was all over, I walked up. We didn't find one of 'em, not one stinkin' Asian ip.
The smell, you know that Microsoft smell, the whole box. Smelled like... owned.

Re:Gary McKinnon showed the way with .mil

Have you actually read the article you linked to? It's quite amusing. I don't for one second believe anything that guy said in your linked interview. As for the rest of your comment, it doesn't make sense ;-)

Re:Gary McKinnon showed the way with .mil

[AHuxley]

The idea of just surfing in and a quote from the Vietnam war movie Apocalypse Now (1979).

Re:Gary McKinnon showed the way with .mil

[AHuxley]

You do not get to the "House of Lords" in UK re extradition proceedings for "nothing" http://www.guardian.co.uk/uk/2007/jul/31/news.hitechcrime

Word is...

there's millions more viruses like that comin' ... heck, they could send a hundred thousand a day, we'd clean 'em out, and there'd be more getting e-mailed in to take their place ...

What known exploit was used?

[Lovat]

Is it one Microsoft hasn't patched? Was it on Vista or XP or 2000? Was it something that could have been prevented by system or user settings? Why was Outlook not switched to plaintext only to prevent malicious code from propagating?

This sounds more like an inept IT department than anything, and considering government pay grades if you aren't in _the_ top tier it wouldn't surprise me if that was the case really.

And to all you anti-Windows pro-Linux guys: How many groups of hackers does your OS have dedicated to breaking it? Microsoft damn sure has its flaws and issues, but most Windows exploits are found simply because Windows is _everywhere_ in the real world.

There is a reason NTFS was number two on the Slashdot FS poll, and it isn't because Windows and everything associated with it is total garbage. The 'open source attitude' is supposed to be about choice and sharing, not about elitism.

Sure, the default settings on Linux are more secure than on Windows. Linux is also not designed with the common man in mind. You shouldn't be surprised, especially IT guys, with how much of the problems with Windows are because of the marketing department rather than the actual coders. If the recent internal e-mails can't show that to you (what with the majority of the company bitching about how bad Vista was and how it shouldn't be released) then you are going through life blind.

Oh and yes, I use both Linux and Windows. Both have their uses. You don't throw out a screw driver when you get a power drill, and you don't throw out a ruler when you get a tape measure.

Re:What known exploit was used?

[causality]

The 'open source attitude' is supposed to be about choice and sharing, not about elitism.

Choice alone isn't very useful unless you make an effort to make good choices.

............

Sure, the default settings on Linux are more secure than on Windows. Linux is also not designed with the common man in mind. You shouldn't be surprised, especially IT guys, with how much of the problems with Windows are because of the marketing department rather than the actual coders.

To the attacker trying to break into your systems, it really doesn't matter whether the security weaknesses were caused by marketing, the coders, or whatever, so I am not sure what your point is. What I can say is that what it looks like is a weak apology for Microsoft's poor security history. At any rate, as you indicated, marketing departments do not security make. You just gave a good reason why Windows would be a poor choice in a context where, presumably, security really matters. Therefore, the two are not on equal ground in this case. It is certainly not "elitist" to say that Linux would have been a superior choice (though probably OpenBSD would have been better still). Especially not when professional IT staff are not the "common man".

Even if the client machines must use Windows, the servers hosting the sensitive data certainly do not need to use it. The wrong tool was used for the job; there is nothing "elitist" about it.

Re:What known exploit was used?

[corporatefucker]

And to all you anti-Windows pro-Linux guys: How many groups of hackers does your OS have dedicated to breaking it? i thought our whole userbase consists of hackers and terrorists, and of course grannies running ubuntu.

Re:What known exploit was used?

[TBerben]

Linux forces you to dive into the operating system, yes. Which is a good thing and the 'common man' should be doing it. If the 'common man' had the tinyest idea of how an OS works, how it connects to the world and what its vulnerabilities are and how to secure those then the internet would be a much safer place. But no, we absolutely don't want mom or dad to have to actually learn something about their computers, that would be too hard on them. Its the simplicity that has made modern computer users stupid an vulnerable.

This 'I don't want to learn anything about a computer, I just want to be able to use it" attitude as always puzzled me. If I say that I want to keep a pony without even knowing squat about what it eats, everybody will declare me insane.

Re:What known exploit was used?

[Tikkun]

The DoD isn't the common man, they have tens of thousands of hackers that want to pwn them. They have to have better security than your average SMB that uses Windows SBS.

Hiring qualified IT staff that can patch their boxes is a good first start. Locking down your workstations so that malware has a harder time of spreading is important. Monitoring your network for irregular activity is also helpful.
After that, evaluating alternate OSs that have more security than what you have (Linux, *BSD, etc.) can be worthwhile. Once you get to a certain point security will always be in inverse proportion to convenience. If you are the DoD, this can make sense.

Re:What known exploit was used?

[Lovat]

"Linux forces you to dive into the operating system, yes. Which is a good thing and the 'common man' should be doing it."

So you know the exact inner workings of your car? Or the bus you ride if you don't drive a car? Or how about your TV?

To the majority of people these things _just_ work. They don't know HOW it works. They don't CARE. Why should they? In their eyes, once something is set up it should just work, like say a toaster does. If it breaks, you either have the warranty or a mechanic/electrician fix it so it will "just work" again.

We are computer enthusiasts. We LIKE to know how this stuff works. Just like grease monkeys love cars and tinkering with them.

Your attitude is the exact elitism I was talking about in my original post.

Additional information

[Profane+MuthaFucka]

It's not the Chinese People's Liberation Army. It's the People's Liberation Army of China. The Chinese People's Liberation Army is a bunch of wankers.

Re:Additional information

Aren't WE the the Chinese People's Liberation Army?

Re:Additional information

[Adambomb]

Splitters!

Re:Additional information

you are saying its not CPLA but PLAC? I think its CLAP (Chinese Liberation Army of People). Reading it forces you to think of Clapping.. (In China, CLAP claps you).

Two months?

[codepunk]

Two months to catch a bug that is transmitting itself as a malicious payload
on the network?

What do you want to bet that their security manager has a phd and worth
every penny he makes.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Mafia? No, I don't think so.

Woosh!!

Mafiaa == RIAA + MPAA
Mafiaa != Mafia

simple question...

[skydude_20]

why the hell is any DoD network connected to the Internet????

Re:simple question...

[Psychotria]

Well, duh! It's so the workers can use VPN (PPTP).

Re:simple question...

[reaktor]

Youtube?

Re:simple question...

[glitch23]

why the hell is any DoD network connected to the Internet????

On the surface, it does sound crazy, however in the technologically connected world we live in even secure networks must be connected to inherently insecure networks. Of course, those "secure" networks aren't so secure anymore and that's where IDSs/IPSs, firewalls, etc. come into play. The DoD must be able to communicate with DHS- and DOJ-type agencies at the federal level and probably many other entities at the state level and as such their data must be on those networks in order for full communication to take place. And although that network may itself be a private WAN specifically for that inter-agency communication, some communication must still occur over the Internet (whether via VPN or not). And that's where you run into originally secure networks coming into contact with insecure networks. It's the nature of business now which demands running the latest technology to be properly protected.

There are still classified networks where the really sensitive data resides (or not as the case may be but the capability for top-secret information to be stored on a classified is possible with the 'classified' label) but for systems accessible on the Internet the information is at most sensitive but unclassified (SBU).

Re:simple question...

[Mista2]

Why are they connected to the internet? So the DoD can edit wikipedia entries to make the unwarranted invasion of other nations and support of thirdworld dictators appear more favourable 8)

Re:simple question...

[Stray7Xi]

why the hell is any DoD network connected to the Internet???? A few days ago the mantra was "Why is the Air Force blocking blogs"

The truth is there's multiple networks. There's operational (operational in the meaning of planning and conducting operations) networks which are secure, not using windows and are airgapped. There's adminstrative networks that are windows based where people do email, write memos, fill out leave forms, etc. Remember there are people that come into military fresh out of high school with little money, they don't own computers, so they use the work ones. These DoD computers are used for things like reserving airplane tickets to fly home to family on leave.

Sensitive means anything below classified but not publicly released. Things that are sensitive: the base warnings that there will be high winds in the afternoon; The chaplains invitation to services; A few soldiers planning what bar to go to on friday night.

The administrative data does need to be protected (Names, ranks, phone numbers, job titles) but don't believe for a second there's launch codes stored on unclassified computers.

Re:simple question...

[bas666]

not quit. youtube and myspace were blocked may 2007

Re:simple question...

[FeatherSnake]

This has already been said but... They're not. Not the computers with any 'real' sensitive information. What was hacked was what you could call the pentagon's 'secretarial' network.

Re:simple question...

Ah, yet another literalist. It's called a joke...

from the it's-just-a-flash-wound dept.

Why did I lol when I read that?

M$CROSOFT SUCKS

[EdIII]

Here's the thing.... even putting the hyperbole in the title aside, Microsoft really does suck , and at so many many many levels.

I am in my 30's and I have been using Microsoft all my life, since I was about 9 years old (I started using computers when I was 7). I build their machines, I repair them, I even program them too. I also attempt to provide security on them as well. So I have been involved with Microsoft about as long as some people have been married. So I believe that I am entitled to get drunk occasionally and rant about the "Ex" for awhile. I earned it, so to speak.

Have people noticed that Microsoft is like a little sickly Boy in the Bubble? You have to protect him at all times.

You have to put up a router and a firewall at a minimum to protect your little herd of MS machines. Keep them safe from the big bad wolves and all that. Of course, these days you also need to have some really good routers with IDS, gateway anti-virus, etc. to do it even better. But that is not enough. Those little guys can get into trouble just "looking" out on the Internet. So you need anti-virus, anti-phishing, anti-spam, anti-spyware, anti-malware, etc.

When the Internet first started coming out, I remember telling people it would be cold day in hell before I hook my computer up to an unknown network in which anybody could send packets to my machines. Obviously, I had to get over that "shyness" and learn to adapt or die. However, since then, I have had to invest enormous amounts of time and energy and cold hard cash into preventative measures to keep my own Microsoft OS's from being hijacked by any asshat on the Internet.

There is billions being made, that's with a B folks, in 3rd party solution providers that specialize in providing the security solutions just to cover the fact that Microsoft can't code security if their "life depended on it".

Now that the Pentagon is using them, it would seem that in a roundabout way, Microsoft's life IS depending on it.

We can bash Microsoft all we want, and talk and talk and talk about it. What it really comes down to though, is that Microsoft just may not be a secure enough environment for our National Security apparatuses to be using. If we have to work that hard at it, with that many vendors, and have that many points in which someone can screw up and leave machines vulnerable, then we need another solution .

On another side note, where the HELL are those super secured networks I keep hearing about that my tax dollars paid for huh? Apparently, the Pentagon's networks must be in really bad shape too. You would think that trillions of dollars could provide some pretty secure networks, communication infrastructures, and operating systems.

All that "bashing" on my part aside, Microsoft may make a decent OS for the little guy. The mom and pops at home with their families. Let's face it, it is easier to use then Linux, otherwise Linux would have a greater market share. Let's just not use it inside the Pentagon OK?

Re:M$CROSOFT SUCKS

[Sfing_ter]

The amount you speak of will cover the cost of the cisco edge router now lets see if we can fund some core routers and some nice switches ;D

Re:M$CROSOFT SUCKS

[Sfing_ter]

So YOUR basis for calling ASSHAT is an article from 2004? ok... First, any operating system can be owned, open ports etc that shouldn't be, not updating the programs that you are serving up and let me be the first to admit, when your server does not reboot every week because it needs a break you tend to forget that it needs updating. If i did not get snort alerts, i would rarely go into the many ipcop routers i have setup using discarded e-machines. And truly unless you are using apt, updates on vintage oses is a pita, and apt only works really well on debian based oses... but do go on about how this is not at all the problem of the company that brings us the swiss cheese that are their operating systems.

Re:M$CROSOFT SUCKS

[madsheep]

The super secured networks you are reading about are not accessible from the Internet and most likely haven't been penetrated.

Re:M$CROSOFT SUCKS

[networkzombie]

You belong in the category of people who spell Microsoft M$ because you do not have an objective opinion.

Re:M$CROSOFT SUCKS

and apt only works really well on debian based oses

Wouldn't that make sense, since APT is a package tool for Debian-based systems?

Re:M$CROSOFT SUCKS

[ghyd]

cold hard cash into preventative measures to keep my own Microsoft OS's from being hijacked by any asshat on the Internet
I've a free version of Sygate + AVG free and yet to have my computer hijacked by anything. I am missing something ?

Re:M$CROSOFT SUCKS

[EdIII]

You mean the people that have been using them their whole lives?

The people who have been contracted by companies to design, implement, and maintenance solutions based on M$ products?

The people who have spent money to become certified?

The people who just don't speak out of their ass about Microsoft security flaws, and their failures to address them?

Yeah, those people cannot possibly have an educated, non-biased opinion about Microsoft as a whole.

I spell Microsoft with the $ since they care more about money then they do about properly designing a product before they bring it to market, and then after they do they make the customer suffer while they try to figure out this whole "security" and "intarnet" thingy everybody is talking about.

No offense, and I don't mean to generalize and marginalize your opinion, but I hear from a lot of people just like you too... those who think that any negative opinion about Microsoft is not objective.

Ohhh, and name one more software company that makes such horrific products (based on my experience and the experiences of my clients) and yet still seems to make so much money and hold on to such a large market share. Perhaps, it also because of the $$, and that Microsoft can outright purchase influence, acquire competitors, and engage in unfair business practices.

I guess all those lawsuits from various states, agencies, countries, and the EU are just from other people "like me" who are not objective?

Maybe I did not spell it out enough in my earlier post, I have been using them for over 20 YEARS. I don't have "stock" in any other companies, or any hidden agenda in "bashing" them.

Re:M$CROSOFT SUCKS

[EdIII]

There are free solutions, and I am not knocking them.

Overall, it is not free to provide a proper environment for any number of machines running any of the Microsoft OS. I was specifically referring to corporate situations.

Even if you predominantly use open source solutions to protect your networks, you still need to invest in secure routers, firewalls, etc.

Re:M$CROSOFT SUCKS

[EdIII]

I have no idea what you are talking about. None. Not a clue.
 
 

So YOUR basis for calling ASSHAT is an article from 2004?

I did not reference any article at all. I don't need any articles to tell me that in the past 10 years every Microsoft operating system seems to hemorrhage out security vulnerabilities. You only need to look at the simply massive number of updates that contain, "an attacker could take over a machine".
 
 

First, any operating system can be owned, open ports etc that shouldn't be, not updating the programs that you are serving up

That is an assumption. We know that Microsoft operating systems contain an inordinate number of exploits that can be performed on them, and that the odds are very high of new ones being found. An open port on a machine is not an automatic vulnerability, and if the service is written properly it can be secure.

Basically, I am saying that with other operating systems, and even the possibility of new systems designed from scratch, you cannot automatically assume the same level of vulnerability that is present in Windows 98/ME/2K/XP/Vista. We can state, quite strongly, that any Microsoft operating system can be reasonably taken over by pure network communications without 3rd party security solutions running on the machine. If the users on that system are also using it to enjoy services on other machines it only exacerbates the situation.
 
 

but do go on about how this is not at all the problem of the company that brings us the swiss cheese that are their operating systems.

I am really confused here. I was going on how about this is not the problem of which companies?

Re:M$CROSOFT SUCKS

[EdIII]

Nevermind. I could not see the parent you were referring to, and thought your reply was to my original post. :0

Re:M$CROSOFT SUCKS

[catmistake]

Dude, respectfully, QUIT HACKING MY BRAIN!!!!

Obviously, the solution here is to draft Microsoft into the Military, and send Windows to invade China.

Re:M$CROSOFT SUCKS

[catmistake]

Ah hah!! The old "everything needs updates" argument. You, sir, are obviously a Microsoft engineer, shamed into posting anonymously because you've squandered the last 13 years opting for job security over honest IT work. After the lawyers, the bankers and the ad men, you and your smug cronies will be the next up against the wall facing the firing squad. HOW DO YOU SLEEP AT NIGHT!! WE TRUSTED YOU!!!

Re:M$CROSOFT SUCKS

[m.ducharme]

Sfing_ter was not replying to you. The reply was directed at an Anonymous Coward whose post got buried due to not having any good karma. The AC was replying to you. Hope this helps.

Re:M$CROSOFT SUCKS

[budgenator]

Results 1 - 10 of about 649,000 for linux hacked. (0.28 seconds)
Results 1 - 10 of about 671,000 for windows hacked. (0.23 seconds)

see Linux is more secure, why steal a bicycle when you can steal a Harley? Everybody know zombies run 3000% faster on Linux than on Vista. Any script-kiddy can hack into a windows box but for real street cred the l33t go for the more powerful and tougher to hack Linux boxen.

Re:M$CROSOFT SUCKS

[drsmithy]

I am in my 30's and I have been using Microsoft all my life, since I was about 9 years old (I started using computers when I was 7). I build their machines, I repair them, I even program them too. I also attempt to provide security on them as well. So I have been involved with Microsoft about as long as some people have been married.

Since you still don't appear to have much of a clue after 20 years, it might be time to start looking for another area of work.

Re:M$CROSOFT SUCKS

[EdIII]

I don't have a clue huh? Another area of work? Why would I need to do that? I have had quite a few people tell me that Microsoft's failures have made them a lifelong career, and a profitable one at that.

No, I don't need to find a new area of work. Microsoft's flaws are a billion dollar market, and I am taking a piece of it.

That does not mean I have to like it though, or not have empathy for my clients, OR FEEL THAT MAYBE THAT THEY SHOULD NOT BE FUCKING INSTALLED ON GOVERNMENT COMPUTERS IF THE LACK OF SECURITY IS TO GREAT A RISK.

I have think I have a pretty good take on the situation, plenty of "clues", and they lead me to make those conclusions. Not based on irrational ranting, but on cold hard facts.

I would think if I was some vacuous MS fanboy after 20 years, that blindly orgasms every time Microsoft announces another cute little operating system, while ignoring the rather blatant lack of security among it's many other problems.... that might make me clueless.

Re:M$CROSOFT SUCKS

[EdIII]

Ah yes, the snobby Grammar Nazi. One step above the Spelling Nazi.

And yet, wow a shocker, it is an ANONYMOUS POSTING :)

By all means, don't give me any pointers on the grammar, or argue against my positions with rational, educated, and informed discourse... just bash on my child like ability to spell words and arrange them into sentences.... and perhaps a paragraph or two if I feel really ambitious.

Your Are CORECT SIR! I hudle in fear at your masterfull use of grammar and it's ability to prove me arguments wrong based on that alone.

You have shamed me off ./ forever... or at least until I can get a few more English courses (hopefully passed this time) at my local community college.

LOL

Re:M$CROSOFT SUCKS

[XiX36]

"On another side note, where the HELL are those super secured networks I keep hearing about that my tax dollars paid for huh? Apparently, the Pentagon's networks must be in really bad shape too. You would think that trillions of dollars could provide some pretty secure networks, communication infrastructures, and operating systems." You forget that in the DoD, CAT5 cable costs $1.5 Million/foot, and Windows Vista: Preemptive Strike Edition's license costs 3 Billion per employee, with some employees counting as more than one if they multi-task.

Re:M$CROSOFT SUCKS

[drsmithy]

I don't have a clue huh? Another area of work? Why would I need to do that? I have had quite a few people tell me that Microsoft's failures have made them a lifelong career, and a profitable one at that.

If you're sufficiently morally bankrupt to make a living by peddling the lies and deceit in your original post, then I suggest you look into being a lawyer. Same type of attitude required, but a LOT more profitable.

It's not especially hard to run a managed Windows environment without security problems. You do it the same way you run any secure, managed environment.

Re:M$CROSOFT SUCKS

[call-me-kenneth]

Very amusing, but you're joking of course, because yes everything DOES need patching sometimes, except systems who's suppliers don't support them any more or whose maintainers just ignore security issues. (And of course that's just the sort of software I DON'T want running inside MY network, thank-you-very-much.) I just built an OpenBSD 4.2 system for a network security function at work, and as the wonderful afterboot man page tells you, one of the first things to do is hit http://www.openbsd.org/errata and look for updates.

I do vulnerability management for my employer, which means I'm responsible for making sure we don't get pwned through a known issue for which there's a patch, fix or workaround. Believe me EVERYTHING needs patching, including your printer firmware, Cisco IOS and CATOS, hell even the building access system needs a fix patch or update now & then.

Re:M$CROSOFT SUCKS

[treeves]

Results 1 - 10 of about 4,480 for "linux hacked". (0.32 seconds)

Results 1 - 10 of about 17,900 for "windows hacked". (0.14 seconds)

is probably a *more* meaningful, but still not all that meaningful, comparison.

Why MS?

[CodePhoeniX]

Shouldn't the govt' be using their own version of linux and not M$ windows.

Re:Mafia? No, I don't think so.

[Ungrounded+Lightning]

Woosh!!

Mafiaa == RIAA + MPAA

Sorry. Missed the extra "a". (Should have been all-caps, though.)

Mafiaa != Mafia

Where'd you get that idea? I was under the impression that the RIAA is a direct descendant of the jukebox protection racket / Crosby organization. (That's what makes the "MAFIAA" coinage so poignant.)

Hitting us where we're centralized

[NetSettler]

It reminds me of the Doonesbury comic years ago about Reagan's SDI shield, that was going to protect us from Soviet missiles by a single, always-perfect shield of protective devices. The comic was drawn in crayon, as I recall, with the voice of a little girl explaining that the world was beautiful because SDI was protecting us. Then in the last frame it said something abrupt to the effect of "Oops, one got through. Bye."

What makes this story so scary isn't just that something got broken into, it's the thing in the back of all our minds that says "my goodness, is that the place where All Knowledge of Everything is centrally stored?" Bad enough when someone breaks into your computer and gets all your bank accounts or passwords, but when someone breaks into The Government and gets all knowledge of launch codes, defensive systems, registries of guns in the US, files on who sympathizes with who, files on who calls who, etc. ... well, that info collected with the intent of defending us might suddenly be a liability.

That's why things like the telecom phone tapping, national IDs, etc. are so troublesome. The mere centralization of information at all for any reason is a risk that the Bush administration has been ignoring, working instead (for all we know, none of this being auditable) to pile all of everything in one fragile place. The founding fathers kept trying to decentralize things and minimize what in modern computer terms we'd call "single point of failure". They distributed power in a way that made it hard to just break in and take control, right down to making sure there was not a single head of government. It's too bad that in all the puffery we hear spouted about Constitutional original intent, the modern Republican leaders don't show more care about that kind of original intent.

Re:Hitting us where we're centralized

[WaXHeLL]

Any computer containing classified data is not connected to the internet. Anyone who has access to classified data has two computers; the computer used for daily operations and the computer that is only used for classified information.

Re:Hitting us where we're centralized

[Svartalf]

And as anyone knows from the InfoSec space, that there's ALWAYS going to be breaches- where someone screws up on this because of speed, convenience, or actual malice.

Just because it's SUPPOSED to be that way doesn't mean it happens that way. Saying that it doesn't happen is just sticking one's head in the sand.

What I'm wondering right now is just how much "Not for public consumption", Confidential, and Secret items got released. Leak enough lower classified and
potentially problematic (as in a little of it's not classified, but enough of it gives a window INTO what is...) and you've got as much of a problem
as if you'd leaked the Secret and Top Secret stuff.

Could Honeypot Data be what was taken?

[Zymergy]

Could the "compromised" data have actually been Honeypot data? http://en.wikipedia.org/wiki/Honeypot_(computing)

I am not an admin, but I recall working at a tech company whose admin operated a very realistic Honeypot setup complete with changing scripts that generated bogus logfiles and scripted users that logged in and out of several "windows boxes" running in VMs off an otherwise unused server (with no real data and not on the same network as the real servers).
He said it served as a canary in the coal mine, but it was certainly not the first or last line of defense.

The Pentagon is only the single largest office building on the planet with a workforce of tens of thousands of civilian and military personnel.
It is highly probable that any classified data is NOT on PC's connected to the same network that has access to the Internet.
But, I could see some non-classified windows boxes with Internet access such as the ones our favorite stereotypical secretaries (who competitively install every kind of of smiley and intellimail app they can find) as being the ones the email the malicious code to each other.
-Still, I wonder what was "taken"?
What would really concern me is if they penetrated Ft. Meade or somewhere more important. http://en.wikipedia.org/wiki/Ft._Meade

Re:Could Honeypot Data be what was taken?

[johndmann]

"Amazing amount" does not sound like something that is guessable. To me, this reads as 'we thought they would get nothing and are amazed' as opposed to 'they took a large amount of the data we own'. Since we have no idea what they would consider "par", it's impossible to judge that they took considerable data.

As for what was taken and their use of "sensitive"... They did not use "classified", so the data was mostly worthless to anyone. "Sensitive" doesn't even pique my curiosity! Much like most people here, I agree that the data was likely just secretarial-level stuff - inconsequential. The Ars Technica article (the section quoted below) does venture to say that it was login information which was stolen, but the next paragraph in the article starts "The government isn't saying what, exactly, got stolen." so I don't think the login statement is precise. Regardless, it is definitely implied that this was on live systems, not just a mere honeypot, yet might as well have been.

To be fair, even if the data they obtained was completely useless, the point, imho, is that they were able to get anything at all. To allow a known vunerability to be exploited with tons of tax dollars footing the IT bill? Ridiculous (though the government has been mostly full of fail for all eternity). I feel it is "amazing" that the hacker(s) did not get more data.

I chose to reply to this particular comment because I felt that your statement about the secretaries was... misguided.

"(...)stereotypical secretaries (who competitively install every kind of of smiley and intellimail app they can find) as being the ones that email the malicious code to each other."

It wasn't the users who e-mailed things, it was the hacker's code doing the mailing. The code just made the e-mail appear to be an internal document/memo/etc, which tricked the receiver into opening it.

"The bug spread itself by e-mailing malicious payloads from one system on the network to another. The messages themselves were spoofed and appeared to be legitimate missives from other employees. Once the recipient opened an infected e-mail, the worm sent that person's password and other login credentials back to home base." - Ars Technica

Re:Could Honeypot Data be what was taken?

[budgenator]

let them chew on this for a while.

iptables -A INPUT -p tcp -m tcp -m mport \
  --dports 135,139,1025 -j TARPIT

Kernel Korner - The Hidden Treasures of iptables has lots of fun and devious things to do with a linux boxe's iptables in your firewalls.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Mafia? No, I don't think so.

[Torvaun]

It wasn't bad in WWII, from what I've heard.

Ignorance

[N8F8]

Gee, they cracked a public server? Who gives a crap.

Re:Ignorance

[Max_W]

Who knows what they really did? Maybe they replaced the DLLs in the guided missiles' navigation so that they turn to arbitrary targets when ordered by hackers.

it is

[Quadraginta]

Twenty thousand people work in the Pentagon, the bulk of them secretaries, flunkies, gophers, paper pushers and form filers. They have, naturally, a plain old typical big business e-mail system for sending memos back and forth about whether the proper signatures have been affixed to form eight six four nine nine stroke seven aitch. This is what got hacked. To the extent "sensitive" data was compromised, it would be stuff like the Assistant Associate Deputy Secretary's daily conference call schedule, which is "sensitive" in the sense that in the remote chance that someone wants to assassinate him they'd find such data mildly useful.

There is of course also a serious network of computers at the Pentagon which handles serious military secrets. It doesn't run Windows. It isn't physically connected to the Internet. The Chinese can't touch it.

This is a silly FUD nonstory. There's no reason for the Pentagon to treat random secretarial computers with the same attention to security as they give classified computers. It would be very expensive, and my taxes are high enough already, thank you.

Re:it is

[hughk]

Yes there is NIPRNET and SIPRNET, with one for the unclassified stuff and the other for classified. Funny thing is that the mildenhall.com incident demonstrated that secret data not only goes out on the public Internet (this should only happen through secure tunnels), it can end up outside the military altogether.

And that while we have the Internet model ...

[cheros]

It is entirely possible to create a distributed model where local areas manage their permissions, it's managing the volume of permissions that is the challenge. For some bizarre reason, people who set these things up always insist on a "one large pot" model, whereas X500 has a perfectly viable distributed access control model (sorry for those who squeek "LDAP is God" at this point - there is a reason why "LDAP" starts with an "L", thank you).

The nice thing about a distributed model is that it's much less failure prone. It allows components to come online and offline without tearing down the whole mesh with it.

Applications aplenty: UK NHS (National Health) database: keep the info where it is stored and make sure there is some overall schema (a challenge in itself which explains why the central government intranet (GSi) still doesn't have a decent overall directory), identity (assuming someone can come up with a safe container at all it would mean one rogue member of staff would expose the whole country) etc etc. Is it THE solution? Nope. But fully centralised has already proven to be exactly the wrong approach, so I'm throwing some spanners into that one ..

Just my opinion..

Re:And that while we have the Internet model ...

[Splab]

The thing is, all it takes is one person to bring down the house of cards. Where I work the data has been locked down tight, with very specific methods for accessing it. This of course only work under the assumption that:
1. I can be trusted
2. The DB software can be trusted (and thus the engineers working on it)
3. The sys-admins doesn't log/know my passwords and abuses them (do you ever check your keyboard for keylogger?)
4. The guy handling the backups doesn't leave them on a train somewhere.

There are loads more ways we can lose our data, if just one of these breaks we are screwed.

Honey pot.

[dsmatthews]

It would not be the first time that a government has gone to great length to convince others that the stolen data they have is real, when really it is not, rather it is carefully crafted misinformation designed to fubar any project or plans it is used in.

Re:Honey pot.

[Kazoo+the+Clown]

It would not be the first time that a government has gone to great length to convince others that the stolen data they have is real, when really it is not, rather it is carefully crafted misinformation designed to fubar any project or plans it is used in.

Yeah, and it would not be the first time that a government has gone to great length to convince others that they are completely incompetent.

Ok.....

[IHC+Navistar]

Shouldn't the Gov't already know that Windows security is as effective against hakers as wet Kleenex is against a Mack truck?

Microsoft likes to spend money on selling the same pile of shit packaged in a new wrapper, instead of producing anything actually useful.

This is what happens when Government officials have a threesome with Ballmer and Gates.

Re:Ok.....

[Max_W]

Not only Microsoft OS. Any OS has got millions of lines of code. Security? Another OS monitoring an original one. Also nothing more than a code.

And now we are approaching the autonomous systems, which actually decide when to shoot. Already there are land robots with guns, which do shoot people. Imagine changing a sign on a proper line of code from + to -. And it will turn and fight into another direction.

deny unknown binaries to execute

[zerodayexplooit]

Critical Systems should be closely monitored to find any unknown/un-authorized changes. Also going one step further, unknown binaries/scripts can be proactively denied execution and one of the company which offer this solution is Solidcore.

Secret is as secret does...

[3seas]

.. and to the typical American ... out of sight out of mind. Or in other words, WE STILL DON"T KNOW what all this secret information is but it apparently makes the hackers smarter than us about us.

Thanks Homeland security......good job.

Re:Secret is as secret does...

[Svartalf]

This wasn't the DHS. This was the DoD- whom should have KNOWN BETTER.

It is America's Fault

[WindBourne]

Prior to W. we required out gov. to have SECURED OSs. Once of the few places that had Windows was the reagan, and IT ran in circles (figures). The pushing of Windows on all forms of gov. has been from The white house. What a disaster. Even DHS standardized on it. I have worked with 2 of the top ppl from DHS back in 2002 (prior to their being pulled into DHS) and no doubt that they used Windows. They were tech idiots back then, and they are still idiots.

Not entirely accurate either

[WindBourne]

Many of these systems would be communications between DOD and weapons builders. No doubt that there is more than just idiot chit-chat that was in the email. It would include a number of details of our new weapons. Now, it may not include full specs, but in parts, it speak about various aspect of it. Once spoken about that, allows others to try and guess. They will try to guess how to duplicate AND how to defend against it. Worse, it may speak of known weaknesses that we have. Perhaps china finds out that the ABL has a certain frequency of laser, as well as length of time that it runs. That would enable them to build shielding (mirrors of a certain thickness) against it. Perhaps in these email, data about China is mentioned. Now, they may put 5 and 5 together and figure out where the pigeon is. All in all, information IS power. And it is ALL valuable.

Broken management

[canuck57]

Their network admins should be fired on the spot, that's ridiculous.

Yes it is ridiculous and someone should be fired.

But why does everyone go after the grunts and not the department heads? After all it is the department heads to allocate the money and resources to do such things as watch the network.

The local admin might be over worked, under trained, understaffed and no hardware to accomplish this task. Don't be so quick to pounce on the network person. This is a management issue pure an simple.

Re:Broken management

[MiniMike]

This isn't going to stop there. I predict this will have far-reaching ramifications, and within a year the people at the top of the chain of command will be replaced.

Then the enemy is free software creation...

[NetSettler]

Any computer containing classified data is not connected to the internet.

This is exactly my point. If that's our protection, then any one piece of wire can break everything. And that means we are vulnerable to any accident, to any single mole who gets through, etc.

But moreover, the US could not possibly hire enough people to make this work. To have good computation on that "other Internet", we need to keep up with what others are doing elsewhere in the world. In the real world, thousands or perhaps millions of programmers are making a ton of software that is powerful and, yes, free. And our enemies can use it as well as our friends.

If our classified systems can use none of it, then we can't keep up. Because we have to pay enough people to recreate everything Richard Stallman and the Church of Free Software has built. That isn't likely. Forget the monetary value of it, the computational value of it is large. And so someone is going to download some of that onto the other net because they can't afford not to. That means it may have bugs and moles in the software. It won't all be possible to audit 100%.

And yet the warfare will be conducted on the internet, our internet. So if they're off safe in their internet, the government internet, the Good internet, the one full of only safe and friendly software... the one parents wish they could have their kids on.

Being on that safe internet, they won't be able to protect us. Not unless the yield of that good internet is software that comes back to ours. If it does, software has now made a round-trip from the Bad Internet, the Spock-with-a-beard Internet, where free software comes from, to the Good Internet, and then back to the Bad Internet. And who knows what viruses or deliberate "features" it can have carried in one direction and what data it can have steganographically carried in the other direction.

Rigorous separation of Good from Bad in a world that is connected is not protection. The problem is that we build technology to save us time and effort and to make sure we don't make mistakes. But technology makes mistakes too, because it's built by people. And it makes deliberate problems, too, if it comes from places where there are Bad People (if there even is such a black and white concept). And technology does something bad, it makes them much faster than we do.

Our safety used to be in that when we made mistakes, we made them slowly and in distributed fashion.

Re:Then the enemy is free software creation...

[dbIII]

You are proposing that single people or small groups working in secret is better than peer review in public. There have been many counter examples in history - most noticably in the feild of encryption.

As for "the Church of Free Software", you may not like what has been done but please attempt to have a mature level of discussion instead of applying silly inappropriate labels.

Re:Then the enemy is free software creation...

[NetSettler]

You are proposing that single people or small groups working in secret is better than peer review in public.

I don't know why you think I said that. I said no such thing. (I mostly don't even believe such a thing, but as it happens, I wasn't commenting on that at all.)

Nor did I make any proposal at all. I did not moralize. I merely made some observations of obvious truth in response to a claim that the classified internet was safe because it is kept pristine and out of contact with the other internet.

I doubt whether that can be done. And if it is done, it seems unlikely that the classified internet can have any materially large amount of modern software on it because there isn't the budget required to develop such software. This means that any government willing to use cybertechnology obtained from the free internet will far exceed what our government is using, and ultimately means our government will have to use the freely available technology, too.

Whatever one thinks of the free software movement, its presence in the market and the pressures it creates are undeniable. That's not a proposal on my part. It's just a truth. And it's equally well a truth that one of those pressures, relevant to this situation, is the pressure to use technology at least as good as your enemies are using. And since our enemies will surely be using free software, our government will be using it, too. That's just a truth. And in the context of my remarks, it's not intended to make any moral point, it's only offered as supporting evidence to refute the claim that the two nets, the regular internet and the classified one, can be kept separate.

Diplomacy behind the times?

[Fractal+Dice]

Given the value of data, at what point does diplomacy start to consider network intrusion to be an act of war. I mean, if they're going to treat physical and imaginary "property" to be equal under the law, then this sort of massive data intrusion becomes the equivalent of walking into a naval base and sailing away with a fully loaded aircraft carrier.

Simple Answer

[PhxBlue]

To read /. at work, of course!

AT LAST! A Windows security story tagged WINDOWS

[toby]

Slashdot, you're growing up.

Re:MICROSUCKS

[uassholes]

Even though having been a professional programmer since 1977, I was very fortunate that I never had to use f*ckrosoft untill the mid 90's when the company I worked for got cheap, dumped their X terminals, and gave us laptops upon which we then ran an X server.

Then I found out how the other half lived. Okay, granny and junior, but why did professionals put up with that sh!t?

Since then, I've said that anyone who uses S*ckrosh!t gets what they deserve.

most Windows exploits ...

[kybred]

... most Windows exploits are found simply because Windows is _everywhere_ in the real world.

Good enough reason to run a non-Windows OS, I think.

DoD Security knows all, does all, is all BullShit

[OldHawk777]

Much could be done as indicated by many here on /.

DoD has bought into Alpha-security (A-Sec). A-Sec is when all things are controlled by being identical or bunker-consolidated.

It is like a single point of failure looking for a place to happen. Someone once told me (or I read) about the blackberry network with one or two critical nodes (points of failure/attack/access). MS-products on most all DoD desktops is another single node. Server/Network help-desk-script Admin is another node. Things done the same way everyday is another node. ....

Who's in charge in DoD? I figure, about 66%, of C*Os (even in DoD...) rose through the management ranks by social skills (golf, fish, drink, lies ...), taking credit, and assigning blame. If you try to fix the management mess in DoD you'll get the 33% fired or forced into a back office hole ... the situation would get much worse.

In the USA there is (at most) one in three managers/C*Os that are worth their pay plus, the 66% ain't fucking worth a janitor's pay. The past 50 years decline of the USA into stupidity was caused by 66% (or more) of the politicians, plutocrats, corporatist, and clergy being dogmatic dimwits.

Two i.e.4U
All government problems are caused by lazy government employees, if you want to believe politicians and senior managers like Dummy Don Rumsfeld ... then you are a dogma don-dummy.

All our financial problems are caused by all the money spent on poor people or the elderly on retirement checks and free medical care.
If you want to believe this bull shit, then kill your parents before they can retire, or consider a concentration camp (called a nursing home poject) for the elderly could make sure that retired people die on a state sponsored schedule to manage money better.

Economics and Financial problems are caused by governments and business institutions being uncontrolled and irresponsible to the public/society. Businesses for decades have been looting retirement funds, getting government bailouts, setting up loan, housing, energy crises for US tax dollars. The New USA Welfare-State for Corporations, the old USA is vanishing, because far to many USA Citizens believe that god and wealth has all the answers (I know they're all lies).

Canadian border services

[Dr.+Cody]

Well, anecdotes don't count for much, but this is exactly 100% of my experience with your former employer:

On a vacation to Sault Ste. Marie when I was 11, my family, a family friend, and I went over the border in two cars. The first, my father, his fiancé, and my sister. The second, the family friend, my brother, and me. The first car goes through, no trouble. Our car pulls up to the booth, they check our ID and ask how we were related.

When they didn't like the answer, they told us to pull over into a nearby lot. An officer, a sour lady not more than 4'6", came over to us and took us inside her station. She made it clear that she suspected we were abducted children, and started yelling at the friend, and us, to come clean. Not once did she interrogate us separately. After about 5-10 min of this, she leaves us alone in the room (!) and goes to the adjoining building. Another 10 min go by, and we're bored, our friend's pissed, and his keys are on her desk (!). So, he takes his keys, takes us, and leisurely walks back to his car.

We then drive into Canadian Sault Ste. Marie for our 30 min Canadian vacation.

Your border service is very non-Draconian.

Re:Canadian border services

On a vacation to Sault Ste. Marie when I was 11 How many years ago was this?

Re:Canadian border services

[Dr.+Cody]

Mid-Nineties, so it took place in the pre-Megan's Law, pre-9/11 world.

Re:Canadian border services

[Hemogoblin]

The following is my own opinion, and I don't represent the government of Canada.

Did the first and 2nd car go through the same booth? Are you sure the people in the first car said "the car right behind us, my kids are in there", etc? I didn't work in the primary inspection line, but it sounds perfectly reasonable to stop a car with one adult and two children in it, if the adult is not at all related to the children. Abductions/kids running away scenarions are actually quite common. Actually, I would say that the scenario you described would play out pretty similarly in 90% of situations; you're referred inside for 30min to ensure that you're not being abducted.

You probably shouldn't complain; if your family friend wasn't able to prove that he was supposed to be taking you into Canada, you could have been waiting there for hours.

Anyway, I'm tired. Does that make sense?

Re:Canadian border services

[Dr.+Cody]

No, we never managed to prove it. I guess my point was that a suspicious man found with two young boys was allowed to "escape" and drive right into Canada, because the border agent was off at her firewater break, or something.

Re:Canadian border services

[Hemogoblin]

Hmmm yeah, I see your point. I guess I WAS tired when I read your post.

Honestly, yeah, that guard sounds pretty slack; nothing like that ever happened at the POEs where I worked.

I can't imagine why she would leave to go to another building... she can't have thought you were very important if she just left you like that.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:DoD Security knows all, does all, is all BullSh

[rtb61]

Now the most interesting thing about this case, is during the whole episode, all internet connections between the US and overseas where being monitored by the NSA. Did no alarm bells go off when all this data was going from the US to China regardless of the intermediaries. So what exactly was the NSA monitoring, obviously nothing with regard to national security or military intelligence material or even information on military hardware.

It really does make what the NSA were doing look very suspicious and starts to look more like a domestic surveillance program searching for those who did not properly align themselves with the current administration. Opposition political leaders and political fund raisers, people who supported peace and not war, those that actually wanted to support the troops rather than just sending them off to bleed money out government and into the pockets of corporations whilst the soldiers bleed on the battlefield.

I wonder how much information got out about the corrupt nature of some of the practices going on in the pentagon that will later be used by the autocratic communist Chinese leadership to manipulate and control those in charge of the Us's national security. A whose who of those that will readily accept bribes regardless of the loss of life.

I bet there are a whole lot of people who now wish they had mandated the use of the NSA's SE Linux on desktops and file servers, the NSA really did now and attempted to do something constructive about the problems inherent in M$ windows before they were cut off by the corrupt M$ executive team and an equally corrupt republican administration.

I call BS

[Isaac-Lew]

I think these guys are lying. If you were a Chinese hacker that compromised the US DoD computer system, would you

1. Brag about it, thereby embarrassing China & pissing off the US or
2. Say nothing in the hopes of getting paid again?

Hell, it could have been the DoD paying these guys to say this in order to get more funding, or the Chinese government spreading disinformation, or these guys taking credit for someone else's hack, etc.

open a new can of worms?

[CaptainNerdCave]

are you suggesting that we should open discussion about the potential ban on firearms?

That's why you need more than one barrier

[cheros]

The whole idea of putting all eggs in one basket (translated to all data in one database) is plain stupid, but I guess it'll require a change in law to make this sort of stupidity disappear. Until we make someone legally responsible for such data loss instead of permitting idiots to hide behind all sort of stupid excuses it ain't gonna change.

I refer you to the UK: the bright spark responsible for the debacle with those 2 CDs did apparently "resign". When you check what really happened is that he resigned to go to a more cushy job. Yeah, that will teach him..

No, I don't think they'll give up on the idea. That is, until data on senators and judges and members of congress starts seeping out, of course. IMHO it can't happen early enough.

Re:That's why you need more than one barrier

[Splab]

You just can't just float a statement like that saying it's stupid. Why is it stupid to leave all data in one database?

Sometimes its not feasible to divide your data into multiple databases - and what have you actually gained by doing so? Just obscured everything for programmers and maintainers, but nothing gained, if one database is lost the same method would apply for a collection of databases.

All the weak points in data storage apply for a collection of databases as with one central.

Re:That's why you need more than one barrier

[cheros]

I think you and I start from a different point. I am not suggesting to divide up a big database - I'd agree that's a pointless exercise.

I'm asking a more fundamental question: do we really NEED to pile it all in one database to start with? There are different ways of solving such large collections of data, and not all of them need to have it all in one place.

Re:Eh?

[artichokesquid]

Actually, if you look at the time on this, it was posted before any other comments that addressed the same topic, so it is in fact all of the other comments which are redundant. But I wouldn't expect you to be able to notice something that obvious. Thanks, ass-mod.

Re:DoD Security knows all, does all, is all BullSh

[OldHawk777]

Yes, we are seeing the same things from different environments.

Plutocrats are all very damn fucking mentally and emotionally sick, thinking that "The USA Constitution" is a problem, considering the national corporate, political, and clergy organized subversion and treason crimes are lawful/just, because it will serve the best interest of the privileged class of plutocrats; While US/EU Citizens serve their whimsy and earthly money kingdom.