Slashdot Mirror
McCain Asks For Committee On Wikileaks, Anonymous
Trailrunner7 writes "In the face of continued attacks on federal agencies and contractors such as Booz Allen Hamilton and IRC Federal that do highly sensitive security work for the U.S. government, Sen. John McCain has asked Senate leaders to appoint a select committee to look into the attacks and data leaks that have plagued Washington throughout 2011. In a letter to Democrat leader Harry Reid and Senate minority leader Mitch McConnell, McCain (R-Ariz.) said that a temporary Senate committee is necessary in order to get a handle on all of the disparate cybersecurity legislation proposals and to address the threat posed by groups such as Anonymous, LulzSec and Wikileaks."
That oughta solve the problem, by garsh!
He clearly knows the most about the internet out of all the senators, so unless he's part of the commitiee it will be a total farse!
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Harry Reid is a Democrat, not a Republican
In America, you have a choice between the party that works for one set of corporations, or the party that works for another set of corporations.
Palm trees and 8
The summary does hit on one thing that is a systemic problem in Washington, a myriad of separate bills to address an issue. Each of these bills probably only focuses on a few things (if you remove the pork and vote buying crap) but when all are taken together you end up with one giant confusing mess.
Time to offend someone
Looking into why we are paying so much money to security contractors that can't even secure their own servers.
What are teh lulz? Why would anybody do this just for them?
The summary is 10% facts and 90% moronic rambling by the submitter. If you actually read the letter, you'll see that McCain was specifically referring to insider threats such as the Bradley Manning case. He doesn't mention Anonymous or LulzSec at all.
We keep seeing court cases and lively debate over "Freedom of the Press," usually with regards to whether this blogger or that product reviewer etc... have a right to say what they say without "press credentials" or a large corporate news organization backing them, etc... A lot of self-professed "patriotic" US citizens want Wikileaks destroyed.
So where does the phrase "Freedom of the Press" come from? First Amendement of the US Constitution:
At the time this was written, what was "the press?" What was the relationship between the authors and founders of this country and "the press?" The press was a nifty machine that several of these men owned... a printing press. They used these devices to take their speech and propogate it further than mere voice could. They used this kind of speech to foment revolution against an unjust government and the press was a vital tool in this effort. Upon establishing a new government, they sought to extend that protection to all citizens.
So, when someone issues communications through technology, that is the press protected by the 1st Amendement.
If they really want to do something productive, they should investigate how it's possible that government contractors are so incompetent when it comes to computer security.
A committee means one thing -- more laws. We all know about the bad laws that can be passed (more DRM, tossing some guy who logs on as his ex on FB in prison for 50 years, etc.) However, maybe some good can come out of it:
1: Money spent to have on staff more blackhats/whitehats. Perhaps we need another branch of the Armed Services just dedicated to intrusion prevention and hardening?
2: Certifications for cloud providers. This would include the government stepping in and either erasing or physically destroying all the cloud storage media if the provider got shut down, went bankrupt, got sold to a foreign company, etc. This way, even if the company tanked, all client data would be destroyed, so unlike now, the client data can't just be handed to the next owner of the servers for them to do what they want. The certifications would also include physical inspection, network inspection, host inspection, process inspection, tiger team testing, etc. We do this with hardware and software (FIPS, Common Criteria, EAL), why not cloud computing?
3: Funding for US fab technology for sensitive components like TPMs, firewalls, and other items. This way, there is solid knowledge that an Elbonian backdoor isn't waiting for just the right time to shut down a router or allow intruders in.
4: Funding for a B2B backbone infrastructure where it is preplanned what machines communicate to each other. This way, a bank's computer can send info to a credit card processor, but can't send anything to a baseball card shop unless they have a prior relationship. Preferably have this on separate fiber than the regular Internet. This way, critical business items can be isolated from Internet escapades. Think NIPRNet or SIPRNet, but for businesses.
5: Funding to work on a standard like VNC/Citrix/MS Terminal Server, so that people traveling do not require physical access to data, just access to a terminal server. This way, a blackhat has to compromise a locked down terminal server before they can get to the juicy stuff like Exchange or the like.
6: Grants to universities for better OS and hardware security models. Some computers used to have two addresses for RAM, one just for data, one instructions, and never did they meet. Things like that would be transparent to the user, but would greatly increase security. Same with operating systems that could hand Web browsers privileges by window/tab, so that a compromised tab couldn't get to the tab right by it that the user is doing banking with. Designing machines from the ground up to treat all Web content as hostile would greatly reduce the amount of malware floating around, just like firewalls have reduced incoming attacks.
7: A hardened device for storing passwords similar to a HSM for public keys. This would be extremely useful in LDAP setups as well as websites that have user accounts. A hacked server does not mean wholesale user compromise.
8: A standard TPM that can be added to all computers, but may or not be present. This would allow computers to have a TPM card dropped in if someone wanted it, but it wouldn't present, so the DRM writers couldn't force gamers to use it for additional lockdown.
9: Funding to design a standardized filesystem/LVM similar to ZFS, except that it is not patent encumbered, and can be used by all and sundry, either with all features, or a subset. The only filesystem across platforms these days is either FAT/FAT32, or the CD-ROM format. The reason this would increase security is that tools that can be used on many platforms can identify issues and fix them, especially at the LUN level (pop a snapshot of a LUN, have the SAN scan for viruses to find rootkits that the infected machines can't detect.)
These may be expensive, but at least some of the stuff would at least help things in a substantial manner. Passing more laws with longer prison terms will do jack squat for security overall, except make the private prison owners richer. You have to fight technical battles with technology.
and prevent leaks at the source.
When someone says, "Any fool can see
Surely that's worse. I'm not sure you want a guy who just does what he is told even when he thinks it is the wrong thing to do running the country. Will he keep doing that when he's running the show?
The problem is government contractors.
Time to offend someone
I can't believe this got posted to the front page. I really can't. If you look at the Slashdot Guide to Trolling, it has many of the elements - intentionally false information, baseless claims, and states things the linked article says nothing about.
First, Harry Reid is a democrat, not republican, and the letter does not refer to Anonymous or any other organization. It talks only about inside threats such as the Bradley Manning case.
Jumpin' Jesus on a Pogo Stick, don't the editors even do a tiny bit of summary fact checking before posting this drivel?
Unless the legislation is, you know, to mandate security requirements and procedures at such organizations.
When someone says, "Any fool can see
I think you need to take a step back and and be aghast at a presidential candidate "being told" who to take on as his vice-president. If that scenario happened, then who exactly is running the show?
And pay private contractors to implement them.
We cannot have private groups picking up the slack for our stenographer media. After burning Dan Rather and firing numerous other investigative journalists, and imprisoning more reporters in the Iraq invasion than were imprisoned in all other wars combined -- I thought we made it clear that we do not want investigative journalism.
Whistleblowers like Bradley Manning, are a threat to our incompetence and graft -- and we'd really appreciate being able to continue this "war on whatever" scam so that we can burden the middle class with lots of debt that will require austerity -- we cannot train your kids to be indentured servants if we continue this concept of "RIGHTS" and such, now can we?
The only way to win the war on Terror, is to allow your military, government and secret services, total access to everything, no responsibility or questions on failure or missing Billions, and to be able to say; "nothing to see hear, move along." With the lack of transparency, we reserve the right to humiliate and/or jail the people who speculate on Conspiracies. Not that they are a threat, we just don't like those geeky twerps and we enjoy crushing the nuts of someone -- so it might as well be them.
After that brain fart, McCain would go back to his soft spoken tones as if he were a reasonable adult, and use words like "concern", "responsibility" and "prudence." As if he gave a rats ass and wasn't thinking about the Poker and Prostitutes party at Boehner's house this Friday night.
>>"ad space available -- low rates!!!"
The problem is government .
There, Fixed that for you.
-=Geoskd
I wish I had a good sig, but all the good ones are copyrighted
Just to clarify...
He is taking the steps to investigate the vulnerabilities, and take precautions against further intrusion.
This is not to be confused with "let's go catch these boogeymen."
This just seems like a reasonable reaction (for once), unless I am mis-reading here. I did not RTFA.
Something witty.
Except he's not talking about going after the evil terrorists. He's talking about coming up with plans to protect key systems from cyber attack
and prevent leaks at the source.
Great. Call the NSA and the FBI, they have been thinking about this for decades. We don't need more laws. Just ask the damn experts we already have and follow the guidelines they already came up with...
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
Just to clarify... He is taking the steps to investigate the vulnerabilities, and take precautions against further intrusion. This is not to be confused with "let's go catch these boogeymen."
This just seems like a reasonable reaction (for once), unless I am mis-reading here. I did not RTFA.
Well, the article is not really much more informative than the summary on this matter, but both of them suggest that at least part of the focus is on improving security at these sensitive sites rather than going after whichever baddies this week hacked into a government contractor's network and divulged sensitive info they found there. And that is indeed the right focus; it is obvious that the knowledge necessary to break into these sites is in the wild and capturing one group of attackers is going to do little to secure the information stored on other, as-yet-unhacked networks. The problem is that inadequate methods have been used to secure the information in the first place. So I have to agree with you.
Furthermore, what is pointed out in the article is that there are multiple Congressional committees claiming at least partial jurisdiction over the issue and suggesting cybersecurity legislation. McCain proposes a single committee to clearly govern this area and thus to consolidate this legislation in one place to avoid conflicting bills coming from different groups. I can't say whether this will actually succeed in doing something useful -- it really depends on whether they get knowledgeable people on the committee -- but it has a better chance than the current approach. In theory, the knowledgeable people, even if they aren't on the committee or even in Congress, should know to address this group; hopefully the committee gets populated with Congressmen who are able to distinguish the ideas of value from those of everybody else who wants to restrict computers or the Internet in whatsoever way.
The United States WAS crawling with communists. The Venona intercepts generated leads. Of course, it was classified, so most did not get access to that information.
the venona decrypts were fascinating but there are several reasons i disagree with your interpretation (which has been repeated by many others)
1. the actual decryption took decades, and was not finished until the 70s or 80s, so during the actual mccarthy period of the late 40s early 50s, many of the contents of the crypts were not known.
2. alot of the decryption was of poor quality
3. alot of it used various code names
4. the biggest problem of all, is that you are decryption messages from KGB(NKVD)field agents back and forth to headquarters. the Soviet Union was built on a system of faking your reports and your production numbers, no matter what your field, in order to meet quotas and keep from getting executed. they couldnt even get a reliable census going in the 1930s because politics worked its way into every bureaucracy of the country. to believe the venona decryptions at face value, you have to believe KGB(NKVD) agents statements to moscow at face value, which to me seems like a horrible way to research history.
5. alot of them are 'proven' by cross referencing them with the statements of elizabeth bentley or others. what was her source? the same agents who were writing the cables back to moscow.
the venona has a lot of fascinating information in it and shows a lot of soviet inlfuence in ameirca, but alot of those 'leads' were fucking bullshit.
you can just look at the 'Silvermaster Files' for information, take Bela Gold for example. they put his wife under surveillance. what intelligence do they get? she went shopping. she met with other suspects for an hour here, an hour there. she went shopping. she got pregnant. case closed. Thats the 'damning evidence' somebody wanted to use in a courtroom.
since in America the courts are somewhat independent (unlike, say, the soviet union) the government dropped these cases. Venona couldnt be used in courtrooms not simply because it was 'classified', but because it was unreliable garbage.
then take alger his and whittaker chambers. they decided the laws were not good enough to prosecute him, so they broadened them. what did that leave us with? the Espionage Act subparagraph (e) , which is now being used against whistleblowers like Thomas Drake...
and of course the Emergency Detention Act, completely unconstitutional and cancelled by Nixon when he became president. Think about that. it was too draconian for Nixon.
I must have said something crazy and implausible. Apologies, and carry on...