It seems my first post disappeared for some reason. Thank you so much for your great article above.
Most of your posts have been fantastic. A see a very few who are a little misguided. I hope the following information helps:
There was no “break[ing] into an account” as Sharon Harrington states. Sharon left the door open. Dave was driving by and saw the door had been left open by his neighbor renting the house, Sharon. He knew the person who left the door open would call the police and pretend that Dave somehow opened the door. So, he called a neighbor who understands doors and could confirm that, yes, the door in fact was left wide open. He wanted a witness, in case the person who was renting the house lied to the police. The neighbor he called, Dan, called the renter and informed her she left her door wide open. The renter couldn’t be bothered to call Dan back, ever. Instead, she called her door repair guy to call Dan back. This door guy works full time for the renter and was actually the one who left the door open to begin with. Dan and Dave had to explain repeatedly to the door guy:
a. That the door was left open
b. What door it was on the house
c. How to close the door
d. How to secure the door, so this did not happen again
e. That they were lucky a burglar did not see the open door and steal anything or vandalize the house before Dave saw the open door and Dan reported it
*BREAK*
1. No one was "caught." The issues were reported by Dave. In fact neither the county nor the state could tell if they had EVER had a data breach. The state was very clear about that.
2. Dave stopped as soon as he proved the holes were real. There was no rummaging around inside someone else's system. He did not take any information, either.
3. Dave never perused around the system. He simply logged in once to show the holes were real, not a honeypot. As soon as he proved his point, he backed out and never entered again.
4. None of the information was released to the public until AFTER Dave helped them fix the holes, and the systems were claimed to be secure.
5. Dave not only reported the holes, he showed them how to find the holes. After explaining where the holes were, they still could not find them. So, he showed them how to fix the holes and gave them Best Practices going forward. The state asked for a written report, which he provided. They gave him permission to go into the system. When Dave found they did not even have the most basic tools to detect intruders, he provided them with those software tools.
6. The FDLE did not actually investigate. They just tried to find a law they felt Dave broke (which is not an applicable law in this case), and tried to figure out how to nail him on it. They reported the current Supervisor's claims as fact without investigating. The claims turned out to be false. The FDLE did not put a real IT person on the case and STILL does not understand what happened or how it happened. The only dates they used they received from Dave and I, in cooperating into the investigation of why the holes were left there for years to begin with. The investigation is supposed to be into the Gross Negligence of the state and county. However, the FDLE is allowing themselves to be used as political pawns by a corrupt politician.
*BREAK*
There is a synopsis at: www.gofundme.com/237czxgc
You can find more videos and information at www.Facebook.com/DanForSupervisor
Also, there is a list at www.DanSinclair.com/supervisornews.htm The site is ugly and boring. However, the facts are accurate.
I see on here some posts that appear to be from one of the two under qualified IT guys for the agency that was responsible for protecting the systems, and did not. FYI, the IT person responsible used a password of 1234. I can tell you now as it has been changed. That gives you an idea of the problem we are dealing with here.
All of the UserID's and Passwords they left exposed to the public facing interface were in clear text and part of the primary database.
There are a L
Slashdot Mirror
It seems my first post disappeared for some reason. Thank you so much for your great article above. Most of your posts have been fantastic. A see a very few who are a little misguided. I hope the following information helps: There was no “break[ing] into an account” as Sharon Harrington states. Sharon left the door open. Dave was driving by and saw the door had been left open by his neighbor renting the house, Sharon. He knew the person who left the door open would call the police and pretend that Dave somehow opened the door. So, he called a neighbor who understands doors and could confirm that, yes, the door in fact was left wide open. He wanted a witness, in case the person who was renting the house lied to the police. The neighbor he called, Dan, called the renter and informed her she left her door wide open. The renter couldn’t be bothered to call Dan back, ever. Instead, she called her door repair guy to call Dan back. This door guy works full time for the renter and was actually the one who left the door open to begin with. Dan and Dave had to explain repeatedly to the door guy: a. That the door was left open b. What door it was on the house c. How to close the door d. How to secure the door, so this did not happen again e. That they were lucky a burglar did not see the open door and steal anything or vandalize the house before Dave saw the open door and Dan reported it *BREAK* 1. No one was "caught." The issues were reported by Dave. In fact neither the county nor the state could tell if they had EVER had a data breach. The state was very clear about that. 2. Dave stopped as soon as he proved the holes were real. There was no rummaging around inside someone else's system. He did not take any information, either. 3. Dave never perused around the system. He simply logged in once to show the holes were real, not a honeypot. As soon as he proved his point, he backed out and never entered again. 4. None of the information was released to the public until AFTER Dave helped them fix the holes, and the systems were claimed to be secure. 5. Dave not only reported the holes, he showed them how to find the holes. After explaining where the holes were, they still could not find them. So, he showed them how to fix the holes and gave them Best Practices going forward. The state asked for a written report, which he provided. They gave him permission to go into the system. When Dave found they did not even have the most basic tools to detect intruders, he provided them with those software tools. 6. The FDLE did not actually investigate. They just tried to find a law they felt Dave broke (which is not an applicable law in this case), and tried to figure out how to nail him on it. They reported the current Supervisor's claims as fact without investigating. The claims turned out to be false. The FDLE did not put a real IT person on the case and STILL does not understand what happened or how it happened. The only dates they used they received from Dave and I, in cooperating into the investigation of why the holes were left there for years to begin with. The investigation is supposed to be into the Gross Negligence of the state and county. However, the FDLE is allowing themselves to be used as political pawns by a corrupt politician. *BREAK* There is a synopsis at: www.gofundme.com/237czxgc You can find more videos and information at www.Facebook.com/DanForSupervisor Also, there is a list at www.DanSinclair.com/supervisornews.htm The site is ugly and boring. However, the facts are accurate. I see on here some posts that appear to be from one of the two under qualified IT guys for the agency that was responsible for protecting the systems, and did not. FYI, the IT person responsible used a password of 1234. I can tell you now as it has been changed. That gives you an idea of the problem we are dealing with here. All of the UserID's and Passwords they left exposed to the public facing interface were in clear text and part of the primary database. There are a L