Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Declassifies Outline of Cybersecurity Plans

Posted by Soulskill on from the how-generous dept.

An anonymous reader writes "The Obama administration on Tuesday declassified part of the Comprehensive National Cybersecurity Initiative created during the Bush administration, outlining offensive and defensive strategies for protecting information networks. The initiative was originally intended to unify efforts of a number of government agencies into a comprehensive strategy to protect the nation's computer networks. 'One area in which the government did officially disclose new details was Einstein 3, a program to protect civilian government systems from intrusion by deploying sensors on the networks of private telecommunications companies. For the first time, the government disclosed officially that the program would use technology developed by the NSA, the nation's largest intelligence agency. It also said that the Department of Homeland Security, which would run the program, would share malicious code data with the NSA but not the content of communications, such as e-mails.'"

51 comments

  1. (Hypothetical) threats and (imaginary) deterrents by Anonymous Coward · · Score: 0, Flamebait

    Reminiscent of the cold war days.

  2. The First Condemnment! by voodoo+cheesecake · · Score: 1

    You have the freedom of speech, but when someone listens you are a threat to national security and they shut your network down.

    1. Re:The First Condemnment! by Opportunist · · Score: 3, Funny

      Tell me, Mr. Anderson... what good is a phone call... if you're unable to speak?

      I know, I know, it's old and overused, but admit it, when did it fit better?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:(Hypothetical) threats and (imaginary) deterren by Yvanhoe · · Score: 1

    Without the corresponding NASA budget...

    --
    The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  4. Concerns About Dinner by LifesABeach · · Score: 1

    I guess my most major concern about using the Department of Homeland Security is that if anything should go wrong; that it's not during dinner.

    "...Mike Brown needs a little more time for dinner in Baton Rouge. He'll get back to you..." - D.H.S. Staff Communication.

    1. Re:Concerns About Dinner by girlintraining · · Score: 3, Insightful

      I guess my most major concern about using the Department of Homeland Security is that if anything should go wrong; that it's not during dinner.

      And I guess my most major concern about using the Department of Homeland Security is that. They take my nail clippers away because it's a security risk, say I can't wear underwire bras, have closed the bathroom down for most, if not all of the flight (and god help you if you have a feminine issue then) now they want to take high-resolution naked pictures of me and share them with their government buddies, contractors, and basically anyone not me. They can't even handle issues of basic sanitation and common decency -- a problem as I understand has been solved for a few thousand years now. I would go on a feminist rant right about now, but frankly I don't think they're being sexist, just retarded. Unfortunately, retardation isn't curable. But I digress...

      The only reason the internet still works at all is because they haven't gotten around to screwing it up -- yet. I can just see it now -- The entire internet has been turned off because a kindergartner in Utah made a drawing that suggested he was going to shoot the president. It was later disclosed that the drawing was of a cat and the sun. And later, mom posts it on the fridge...

      --
      #fuckbeta #iamslashdot #dicemustdie
  5. High Risk - High Payoff? by ka9dgx · · Score: 4, Interesting

    Initiative #9. Define and develop enduring "leap-ahead" technology, strategies, and programs. One goal of the CNCI is to develop technologies that provide increases in cybersecurity by orders of magnitude above current systems and which can be deployed within 5 to 10 years. This initiative seeks to develop strategies and programs to enhance the component of the government R&D portfolio that pursues high-risk/high-payoff solutions to critical cybersecurity problems. The Federal Government has begun to outline Grand Challenges for the research community to help solve these difficult problems that require 'out of the box' thinking. In dealing with the private sector, the government is identifying and communicating common needs that should drive mutual investment in key research areas.

    (Emphasis mine)

    I propose instead that we consult the results of the previous R&D work that has been active in this area since the 1960s, and learn the lessons of problems already solved. This is low risk (as we've already paid for it), high payoff.

    Let's get capability based security into the hands of the masses. This will remove their machines from the threat pool. It would also allow those inside the government to manage security in a much more granular (and thus more effective) manner.

    This can be fixed, and it doesn't require a high risk, just due diligence, and hard work.

    1. Re:High Risk - High Payoff? by Jawn98685 · · Score: 1

      This can be fixed, and it doesn't require a high risk, just due diligence, and hard work.

      Which makes it, politically, decidedly non-sexy, and therefore unlikely to be seriously considered as a workable approach. I've seen it with my own eyes, made the same suggestions almost 10 years ago when Richard Clarke and the PCCIP dog and pony show was in town. Blank stares at the suggestion that the PC's of "the masses" were the high ground and could be taken at will by the bad guys. Then, as now, the reality, evident to anyone with a clue when it comes to security issues, is that we are on our own. The government can't/won't get it. Even if they did get it, the bureaucratic nature of that beast renders it incapable of the operational agility required to make much of a difference. The recent cyber war games made that quite clear.

    2. Re:High Risk - High Payoff? by benjamindees · · Score: 1

      1) No one's going to be developing anything in 5-10 years. NSA will pull something out of a hat that's been in the works for decades. And it'll probably be exactly what you guessed.

      2) "Dealing" with the private sector sounds ominous.

      3) This sounds suspiciously like DRM. Oh, you do business with the feds? You'll need to use certified, "trusted" systems that allow NSA to remotely memory-hole anything you're accidentally sent.

      4) Next step: Internet user licensing. Say goodbye to anonymity. Three-strikes and your internet access is revoked.

      --
      "I assumed blithely that there were no elves out there in the darkness"
  6. Re:(Hypothetical) threats and (imaginary) deterren by Opportunist · · Score: 2, Funny

    No, the budget has been slashed by a fourth. To be exact, by one "S".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. read the solution is here by viralMeme · · Score: 2, Insightful

    "To strengthen the future cybersecurity environment by .. working to define and develop strategies to deter hostile or malicious activity in cyberspace"

    How about designing an Operating System that strictly differenciates between code and data - and don't download code from the Internet, except from a well defined whitelist of known secure and verified sources. And don't allow the excecution of code by clicking on a URL or opening an email attachment.

    "The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. Government networks for malicious activity using signature-based intrusion detection technology"

    Except enumerating badness is a bad idea, and if the computers didn't arbiterarly execute code coming in off the Internet then you wouldn't need to analysis of network flow of information. Such a monitoring system itself being open to abuse. Your one stop shop to hacking the entire grid.

    1. Re:read the solution is here by ka9dgx · · Score: 1

      Yes, enumerating badness is a bad idea... you'll aways be behind. Securing the OS by simply allowing the user what rights to grant a program at run time is a much more sane approach, don't you think?

    2. Re:read the solution is here by Anonymous Coward · · Score: 0

      So you propose 'enumerating goodness'. Which is just as impossible.

      FOR example take Apple. Cool store of thousands of applications. But each app has to be 'marked good'. Yet other applications that people would consider 'good' Apple has rejected. For example emulators. They also have a large set of applications that they do not allow just because they might show a bit of skin.

      See the problem is what guides 'goodness' and 'badness'. For example wireshark would that be a good or bad program? Who decides? For me it is a good app it helps me diagnose some issues. However, that same app can be used to attack my computers.

      Downloading random applications from other people is ingrained into computer culture it is not even close to being 'on the table'. Would you be able to use linux if you couldnt just 'download that random application'.

      Now in a locked down arena such as a office building. This could work. But then you have to have an IT staff that is willing to bend and willing to try things. So instead you would see more 'low risk' purchases such as 'no one gets fired for buying Microsoft' when there may be better alternatives. This also creates a culture of workers who do not want any risk. Or are scared to risk anything. Such as trying a new application because the IT guys will get me fired... Or it will take them 6-12 months just to evaluate it. Then by that time the one they 'approve' is wildly out of date and needs 4 service packs which also need to be approved.

    3. Re:read the solution is here by ka9dgx · · Score: 2, Interesting

      No, I don't propose enumerating goodness. I propose that you tell the OS what capabilities you want to give to a program when you run it. Don't trust code, and you don't have to try to solve the halting problem.

      The USER of the system is the one who should decide what's appropriate. They aren't likely to give permission to trash the OS if things are kept transparent and easy to understand.

    4. Re:read the solution is here by hoggoth · · Score: 1

      He isn't proposing 'enumerating goodness' from an "official". He is saying the USER should have to approve any new software installation. If I am installing a new package and it asks me for approval, I say yes. If I visit SexyMidgetsAndTheWomenWhoLoveThem.com and it asks me for approval to install software I say no.

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
  8. Get A Clue Please by Anonymous Coward · · Score: 1, Insightful

    Maybe you've been living under a rock the last 10 years, or you are just willfilly being ignorant, but the fact of the matter is that these threats are real, and they are ongoing.

    I love how the slashtards think the government is just making this shit up for their own benefit, as if China, Russia, and other US adversaries aren't basically broadcasting their intentions and advertise their espionage plans.

    Seriously, just read up a bit before spouting such misinformed nonsense. Moderators, please do your jobs.

    1. Re:Get A Clue Please by ka9dgx · · Score: 4, Insightful

      Yes, the threats are real, but the solution that the "Cyber Warriors" came up with is crap. A much better solution than working around all the holes and patching them quicker is to simply rip out a bad design and replace it with a better one. Its not easy changing everyones OS, but it's cheaper in the long run.

    2. Re:Get A Clue Please by Kiaser+Zohsay · · Score: 2, Insightful

      Its not just the slashtards. Ryan Singel at Wired was spouting this exact same gibberish just two days ago. Of course, these are the same people who are in denial of the Brazilian power grid attacks.

      The idea that the US Government would fabricate information to justify a corrupt agenda is ridiculous.

      The nerve of some people.

      --
      I am not your blowing wind, I am the lightning.
    3. Re:Get A Clue Please by fuzzyfuzzyfungus · · Score: 0, Flamebait

      The trouble is, that while the threats are real, this isn't an XOR situation.

      It is, simultaneously the case that team china loves their espionage and the case that every creepy fossil in the military-industrial complex smells profit and power.

      I, for one, find phrases like "More specifically, we need to re-engineer the Internet to make attribution, geo-location, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable." coming out of the mouths of guys like Michael McConnell(formerly director of National Intelligence, now revolving doored to a position with Booz Allen Hamilton, one of the major clandestine contractor outfits) deeply unnerving, no matter how scary the terrifying chinaman menace may be.

      Even if it did solve the espionage problem, which is by no means certain, having an internet arranged for the convenience of the NSA and the profit of its contractors would just plain suck.

    4. Re:Get A Clue Please by shentino · · Score: 1

      Yeah, tear up the market share of one of the biggest and therefore politically entrenched companies.

      Not happening.

    5. Re:Get A Clue Please by ka9dgx · · Score: 1

      Oh yes, it is possible to change this, and I'm going to do it, in my spare time, and without quitting my day job.

    6. Re:Get A Clue Please by ka9dgx · · Score: 1

      So this means I have to fight off the Chinese and the Military Industrial Complex at the same time? And do it in my spare time, with no budget?

      Ok, so be it. 8)

    7. Re:Get A Clue Please by Anonymous Coward · · Score: 0

      Amen, Brother!

    8. Re:Get A Clue Please by AP31R0N · · Score: 2, Insightful

      As 2003 unfolded i often wondered if the left would have been so cynical and vehemently opposed to overthrowing Saddam if Clinton or Gore had ordered it. What would take the place of "no blood for oil" or "Bush == Hitler"? Would they have drawn Hitler mustaches on Gore's face? Or would they have seen that the UN inspections, no fly/drive zones and sanctions were about to end and realized that Saddam would have gone right back to producing WMDs, brutalizing his own people and invading his neighbors? Followed by another 30 years of that from his sons.

      Clinton didn't care about the Iraqi people or what Saddam had done or would do. That's clear from the evidence of him doing virtually nothing. But we can only guess what Gore would have done. i voted for both of them, but would have been disappointed in him if he let Saddam stay in power.

      --
      Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
    9. Re:Get A Clue Please by dgatwood · · Score: 2, Interesting

      Clinton didn't care about the Iraqi people or what Saddam had done or would do. That's clear from the evidence of him doing virtually nothing. But we can only guess what Gore would have done. i voted for both of them, but would have been disappointed in him if he let Saddam stay in power.

      Why? He was a neutered dictator at that point, unable to commit the acts of genocide that he committed in the past. Thus, he wasn't significantly worse than most of the other leaders in that region.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    10. Re:Get A Clue Please by morgauxo · · Score: 3, Insightful

      Go to a typical hospital. Count the number of life critical monitoring equipment is running old unpatched copies of XP and connecting to easily broken WEP encrypted networks.

      How many financial transactions take place at ATMs loaded with Windows 2000? How many banks have crappy, poorly written ASP.NET websites.

      How about all those malware filled crusty old porn surfing boxes that manage our power grid in their spare time?

      Yes, there is a problem. We are vulnerable and something bad will someday happen. However, nothing our government is going to do is going to help. What's necessary is for the people to demand better from the hospitals, banks, power companies etc... which implement this crap. That isn't going to happen. The people don't understand, don't care and don't want to.

      Meanwhile what is some government agent reading my email going to do to help? Our government has a horrible track record on privacy and lately even on basic human rights in general. On top of this, all three branches and both parties are in the pockets of media executives who admittedly do have some legitimate points about their property being stolen but would like to take things way beyond protecting what is truly theirs and eliminate fair use while closing off media to any potential competitors.

      Protect the internet, protect free speech. Keep the government out.

    11. Re:Get A Clue Please by morgauxo · · Score: 1

      Damn Liberals. They don't even believe in Saddam's WMDs!

    12. Re:Get A Clue Please by Anonymous Coward · · Score: 0

      How are the users going to set the capabilities for each program? Or is some helpful/malicious person going to tell them? The first program to get the "change capabilities" capability will open the system wide open. Or the first time a uneducated user gets told that the problem can be fixed by adding a new capability.

    13. Re:Get A Clue Please by morgauxo · · Score: 2, Insightful

      I don't know about Clinton but I bet the Iraq war would be much more popular overnight if the current president came out in favor of it. His followers seem capable of swallowing anything he excretes.

      I agree that Clinton didn't care about the Iraqi people, or, more accurately he didn't do anything to show it if he did. But then he wasn't president of Iraq was he, he was president of the US.

      I honestly think Bush cared even less though. Bush never claimed he sent our troops to save the Iraqi people. He said he did it to save the rest of the middle east (I read that as Israel) from Saddam's WMDs. This would be all fine and good if his intel claiming Saddam had WMDs wasn't so questionable. One could argue he acted on wrong intel but even before the first bomb was dropped it was apparent that the information and the source were very questionable at best.

      Now, when we attacked Iraq, I must admit I was happy about it. I for one expected a quick victory and a better world with one less dictator regardless of whether or not there really were WMDs. It didn't turn out that way though did it?

      Next up in this story is Halliburton. All that money was funneled to Dick Cheney's friends while both our own troops and the Iraqi people suffered even more than they did with their mad dictator. Do I really have to go into the stories about parents scraping up change to buy their soldier kids the armor they were not supplied while Halliburton execs threw big parties and took home huge bonuses at our expense? Are the lights on 24/7 in Baghdad even now?

      Now it is 2010. 2010!!! and the war continues. Did Bush know that once Saddam was gone Iraq would become the haven of so many insane terrorist types? Did he know that it would create an environment that converts more over to the terrorist side? Did he understand the ethnic tensions that lied dormant, suppressed by the terror of an evil dictator that would resurface once he was gone?

      I for one supported the war at the start. I expect better of a leader in a position like president of the United States. If he didn't, he should have understood the area better and realized what would really happen. If he did realize and he decided to go anyway... well... let's hope his dead are waiting for him when he gets there.

    14. Re:Get A Clue Please by morgauxo · · Score: 1

      As for the UN inspections...

      There are two things a leader in the middle east cannot do. Show support for Israel and show support for the US. We are not liked in that part of the world. A leader who appears to give in with no fight to our demands (and the UN inspections were our demands) will not last. He will be seen as weak at best, possibly a traitor. He would be attacked from within his own country and possible from his neighbors as well. Such a leader would not last.

      Saddam was playing a balancing game. He was letting inspectors in now and then but never quite letting them see everything they wanted to see. When he started to approach the tollerance level of the UN he would give in a bit and there was an inspection. Then the game begins anew. That's just how it worked. I don't think he was actually going to make WMDs any time soon. If he did the result would be exactly what actually happened, he is dead and his sons are too. He was evil but not stupid. Saddam's mistake was that the tolerance level of George Bush and a Dick Cheney with dollar signs in his eyes is much less than that of the UN and he didn't account for it.

    15. Re:Get A Clue Please by Anpheus · · Score: 1

      You were going so well until you said "poorly written ASP.NET" websites. Anyone can write a poorly designed website in any language, with loads of SQL injection vulnerabilities and all that good stuff.

    16. Re:Get A Clue Please by ka9dgx · · Score: 1

      They will set them with a batch file, or a shortcut, most likely.

    17. Re:Get A Clue Please by LtGordon · · Score: 1

      How about all those malware filled crusty old porn surfing boxes that manage our power grid in their spare time?

      I have a feeling not as many of these exist as you think. I'm no power grid expert so maybe I'm just naive, but I can't imagine that engineers are using the exact same machines to control the power grid as they for personal computing. I've been inside control rooms for water processing facilities and, typically, any computer designed to be in direct control of anything vital is built around that specific function. It's not like "Joe from I.T." decided to run the plant's control software on his laptop today.

      This is not to say that vulnerabilities don't exist elsewhere, such as these same control systems being attached to internal networks, that then attach to more vulnerable computers.

    18. Re:Get A Clue Please by morgauxo · · Score: 1

      Right you are. Bad coding comes out the same in any language. Maybe it's just my own personal experience but it seems to me that I run into far more crashed sites on ASP though then any of the others.

      Maybe it's more because the fly by night learn to program in week type of classes tend to focus on Microsoft platforms. Or maybe it's because .NET encourages programmers to use DataSets for everything in place of actual Object oriented programming where the objects have methods and properties that represent something real. (Much easier to debug and/or extend) Or maybe it's easier to find cheap .NET outsourcing to India and other places with high percentages of those fly by night class graduates.

      Or maybe I've just had a string of bad coincidences with ASP based websites.

    19. Re:Get A Clue Please by morgauxo · · Score: 1

      I remember some other article linked here on Slashdot a while back. I'm guessing maybe last summer? I don't remember if it was talking about the actual critical machines themselves or just ones on the same network. Either way is bad.

      Then again, I just read the article with the statements from our new "Cyber War Czar". He actually says the insecure power grid computers are a myth. That's refreshing, non-FUD regarding computers from a member of our government? Maybe it isn't so bad after all. I still don't trust them though.

    20. Re:Get A Clue Please by Anpheus · · Score: 1

      You're absolutely right, there are a lot of bad practices in web design.

  9. Old news by Kiaser+Zohsay · · Score: 2, Insightful

    It also said that the Department of Homeland Security, which would run the program, would share malicious code data with the NSA but not the content of communications, such as e-mails.

    ... because they already have that from the network providers.

    --
    I am not your blowing wind, I am the lightning.
    1. Re:Old news by AmberBlackCat · · Score: 1

      In my government job, our annual security training specifically stated "p2p networks" are a threat and source of viruses. That wasn't in last year's training. I'm thinking the combination of (the government monitoring private networks for malicious software) and (p2p networks are considered malicious software by the government) are what this is all about.

  10. This is not self-monitoring. by bjamesv · · Score: 4, Interesting

    On the face of it proposal #3 seems perfectly fine.

    The desire for government agencies to have "situational awareness" in the form of deep-packet inspection of every transaction coming in or out of their network is nothing more then a proactive capability that any responsible Admin might want for their network. (assuming they disclose this capability and have policy dictating its use)

    What does worry me are the washington posts comments about Telcom involvement.
    This other article make it very clear EINSTEIN 3 is truly NSA equipment installed on the commercial telcom network where the potential exists for it to easily be repurposed to monitor _OTHER_ traffic streams.
    http://www.washingtonpost.com/wp-dyn/content/article/2009/07/02/AR2009070202771.html?nav=emailpage

    this is a whole different animal from whitehouse.gov's portrayal of responsible network admin.

    1. Re:This is not self-monitoring. by bleh-of-the-huns · · Score: 1

      That is not correct, the equipment is placed on the telco side of the gov entities connection where it comes into the facility.

      The only traffic being inspected, is what is coming and going to said gov entity, nothing more.

      The original Einstein program was based on the silk analysis tool suit developed (and open source) by CMU, then second edition of the program used a commercial tool that sucked horribly, it was slow when you started creating different network groups to separate the traffic based on each individual org unit within the gov entity.

      As for how it works, well the idea is situational awareness, the entity implementing (atleast with regards to 1 and 2) the program got access to all data, the data sent to DHS was netflow (version 1) and header info, and the first 16 bytes of data to determine the type of traffic (catches tunneled traffic).

      From a situational awareness aspect, the idea while to see what was hitting a single entity is useful, when you set the program up in say all civilian gov agencies, you get a much better view of attacks that may be hitting a number of gov entities.

      Thats about all I will say ont eh subject.

      --
      I came, I conquered, I coredumped
  11. No thank you... by Anonymous Coward · · Score: 0

    I'll take my chances with the chinese.

  12. Team "Change" Means NO Change by Anonymous Coward · · Score: 0

    "use technology developed by the NSA"
    read developed by Do NO Evil.

    Yours In Kyzylmany,
    Kilgore Trout

  13. Slippery slope by MobyDisk · · Score: 2, Insightful

    I think this is the most obvious example of a slippery slope that I've ever heard. The government is going to install devices that can intercept communications, and promise not to use it. Pardon me while I go beat myself over the head repeatedly. I need to lose at least another 30 IQ points before I can continue to live in this country.

    It also said that the Department of Homeland Security, which would run the program, would share malicious code data with the NSA but not the content of communications, such as e-mails

  14. Defense: a legitimate government power, right? by Anonymous Coward · · Score: 4, Insightful

    If your neighbor is worried about the Red Menace, he might be inclined to put a ABM launch site in his backyard, or even ICBMs as deterrent force.

    You probably don't want that.

    There are some very good reasons for centralizing physical warfare under a single political authority. It's not just that the constitution says this is a federal executive job (i.e. not something you leave to the states or the people); it's a good idea. If it weren't in the constitution already, I think almost all people would support an amendment making it so.

    But even so, there are limits to that. There's no legitimate reason the federal government should be able to have any sort of authority at all, over whether or not people are allowed to build bomb shelters. A bomb shelter isn't a particularly good way to deal with the threat of nuclear holocaust (the best thing to do, is persuade the Russkies to not attack in the first place), but it doesn't really endanger your neighbors or usurp the president's negotiating power.

    The same applies even to 18th century threats. If your neighbor is worried that the Brits might try to retake the colonies, it's ok for him to stock up on musket ammunition, but that's not really a good solution either. You want a single political entity to deal with the Brits, hopefully at a point long before anyone has to worry about redcoats marching through their farms.

    With cybersecurity, the situation is pretty different. The analogy to relatively ineffective private bomb shelters and relatively ineffective musket ammunition stockpiles, happens to be the best solution to computer security problems. If you decide to have a policy of not executing malware, you are pretty much invincible except for Denial of Service issues related to overwhelming traffic. (And the private network providers are able to deal with that.)

    We don't need any sort of central authority for dealing with computer security. That doesn't mean a central plan would be totally useless, but the payoff is pretty low. A president in charge of cybersecurity is about as an effective solution to cybersecurity, as bomb shelters are an effective solution to nuclear war.

    People can already deal with this; they just don't bother to. That's their problem.

    Now, TFA is actually not all that stupid-looking. He's mostly talking about the government protecting goverement systems. That's a no-brainer. But we don't need them to protect private networks, and I hope people keep an eye on any bullshit that moves in that direction.

    1. Re:Defense: a legitimate government power, right? by ka9dgx · · Score: 1

      WOW... very insightful!

    2. Re:Defense: a legitimate government power, right? by Anonymous Coward · · Score: 0

      You crazy libertarians with your crazy, logical arguments.

  15. Preview of outlines by noidentity · · Score: 5, Funny

    Here's an ASCII preview of the declassified outlines:

    +-----------x
    |           |\
    |           | \
    |           |  \
    |           |   \
    |            ----
    |                |
    |                |
    |                |
    |                |
    |                |
    |                |
    +----------------+

    Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition.

  16. "holes" by Anonymous Coward · · Score: 0

    Yes, the threats are real, but the solution that the "Cyber Warriors" came up with is crap. A much better solution than working around all the holes and patching them quicker is to simply rip out a bad design and replace it with a better one. Its not easy changing everyones OS, but it's cheaper in the long run.

    Holes will be always be present. But if you know or suspect that they're there, and they can't be plugged, then you might as well monitor what's going on there.

    Defense in depth and all that.