Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Hacker Chief Explains How To Keep Him Out of Your System (wired.com)

Posted by timothy on from the disinterested-party dept.

An anonymous reader writes: Rob Joyce, the nation's hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems. Joyce himself did little to shine a light on the TAO's classified operations. His talk was mostly a compendium of best security practices. But he did drop a few of the not-so-secret secrets of the NSA's success, with many people responding to his comments on Twitter.

4 of 70 comments (clear)

  1. Relief... by grub · · Score: 5, Insightful

    I was worried that the new overlords would start checking submissions for errors. I'm relieved to see they are taking the 'steady as she goes' approach.

    --
    Trolling is a art,
  2. Re:Step 1 by greenfruitsalad · · Score: 4, Insightful

    the guy picks up a microphone and owns up to breaking constitutional rights, screwing with people's businesses and lives. the people, instead of arresting him, clap their hands and say it was a good talk. what the f**k? not even DMCA? let's all accept this lawless band of crooks, put them on a pedestal and call them elite corps

  3. grain of salt, but sound advice by raymorris · · Score: 5, Insightful

    Indeed, I'm skeptical of anything from the NSA, but his advice matches with my experience (I've been doing network security professionally for a long time).

    He made one point that definitely rings true. People get excited about "advanced" stuff like zero-days and jumping air gaps with ultrasound, while their IIS hasn't been updated in three years, their users are opening funnycat.exe, and they've never tested their backups. It's not the NCIS stuff that'll get you, 95% of the time, it's the boring best-practice stuff that's missed; security updates, tested offsite backups, etc.

  4. Re: Step 1 by sumdumass · · Score: 5, Insightful

    No need to inject liberals or tea party circles into this. No one mentioned them and I would bet you would/could find several people on any side you picked who think there is a problem too.

    The US constitution does not place national defense above the US constitution though. This is problematic to the national defense trumps all argument because the 9th amendment specifically spells out that the enumeration in the constitution shall not be used to deny other rights held by the people. While the constitution generically spells out national defense, it specifically places reasonableness and warrant requirements for searches and other things.

    but lets explore this a bit. In the name of national security, some say the government can ignore the US constitution and invade a citizen's or local business's network, computer, telephone, whatever. Some say they can hold people without habeas corpus rights or even the right to a trial. Can they also ignore the constitution and just appoint senators and representatives in the name of national security? Can they install judges and such with no congressional oversight so those moves would survive a court challenge? Can they just decree something to be law without congress ever passing it or the president signing it into law? If so or not, I have to ask why and what limits would there be and how do those limits become recognized?

    My naive understanding is that the existence of this group is largely limited to pen testing with approval from network owners or law and assisting in law enforcement operations which presumably would already had warrant requirements satisfied. IT might do a lot more than that but I do not know for sure.