Outgoing White House Emails Not Protected by Verification System (axios.com)
The security advocacy group Global Cyber Alliance tested the 26 email domains managed by the Executive Office of the President (EOP) and found that only one fully implements a security protocol that verifies the emails as genuinely from the White House. From a report: Of the 26 domains, 18 are not in compliance with a Department of Homeland Security directive to implement that protocol. Imagine the havoc someone could cause sending misinformation from a presidential aide's account: Such fraudulent messages could be used in phishing campaigns, to spread misinformation to careless reporters, or to embarrass White House employees by sending fake tirades under their names.
Imagine the havoc someone could cause sending misinformation from a presidential aide's account:
Imagine the havoc someone could cause sending misinformation from the President's Twitter account! ...on second thought, not much imagination required.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
There is this checklist that pops up here on Slashdot once in a while. There is no way of making e-mail secure. Yes, I could send an e-mail from obama@whitehouse.gov from my personal e-mail server and nobody would be able to prevent it. There are ways of verifying, but all parties have to agree on the method of verification and how that is done depends on whether you're Yahoo, Microsoft or Google
Custom electronics and digital signage for your business: www.evcircuits.com
How would this be any different than normal?
Or protects the white house by providing deniability for actual tirades.
you would think the IT staff at the White House of all places would be experts on security
What we really need is a true military branch dedicated to cybersecurity, and actually put them in charge of some aspects of all government IT.
".... send fake tirades..."
How could anyone tell them from the real thing? I mean, unless the fake ones contained, like, real data or real science.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
There already is, it's the NSA, but their goals are the opposite of what you describe.
BlameBillCosby.com
Considering how fucking stupid Trump and his staff are, I wouldn't at all be surprised if the Whitehouse is running a public-facing open SMTP relay. Not like that would be a big surprise anyway, it's not like all his tweets are SPAM to start with.
Was the security protocol implemented during the Obama administration and then backed out?
Sure, there's an agency. But I'm thinking actual military branch. It's starting to make more and more sense to treat cyberattacks as acts of war and having a civilian agency handle that just doesn't make sense anymore.
If I had the unfortunate job of defending what comes out of the White House, I'd be keeping this as a backup plan. I would guess that the one secure domain is for lower level employees.
What? Me worry?
Simply put, DMARC tells a recipient what your desired action is in the event a message fails either SPF or DKIM checks. It also does some checks on the Header and author FROM fields to see if they match.
It is up to the receiving server to do one thing or another with its received emails. If you had SPF and DKIM setup and working, its hardly a big deal to not have DMARC done correctly. But if you do not have SPF or DKIM working. DMARC will not save you at all.
"...whenever any Form of Government becomes destructive...it is the Right of the People to alter or to abolish it..."
So you're saying all these domains were setup with verification before January 2017, and then Trump Administration employees changed them to no longer be setup that way? Riiight.... have you ever been involved with a government IT project?
Yeah, somehow I think you're the one smoking something.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
What we really need is a true military branch dedicated to cybersecurity, and actually put them in charge of some aspects of all government IT.
It isn't a military organization, but NIST does publish standards for computer security at federal agencies.
It's a start, but it seems that the planning phase was handled fine - they had nobody qualified to implement it.
No, this reference to the Ems Dispatch is false. Bismark intercepted and forged nothing. The Ems Dispatch was issued by Bismark's office, and described an exchange between the French Ambassador and King Wilhelm I wherein the Ambassador made an impolitic request, or demand.
A bit like the game of Chinese Whispers ("Telephone") the account of the exchange, underwent changes as it was recounted by the King to Bismark, Bismark's public dispatch about the incident, and then translated and reported by the French press, being perceived as an insult to the Ambassador in France, and leading to a really poorly considered response - the declaration of war.
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj