In my experience, many smaller companies, especially ones who offer a specific one-off product, this is a common attitude. This means they've done no real security testing on their product, or how their product is deployed and managed in a customers environment. I think it stems from a couple of things:
1) They aren't security literate. They know how to code or deploy, but they can't be bothered to learn and implement security. They have enough to worry about as it is, and security isn't one of them. It's nothing less than willful ignorance.
2) Sometimes it's more nefarious. They don't want anything impacting their customer experience. Two factor authentication? Firewalls? Application white-listing? Those things get in the way of a customer using their code they paid for. They will not endorse or support it. More over, if YOU implement, it could violate your warranty and null any SLA's. Read the fine print.
Ultimately, the (real professionals) answer is this: Defense in depth. For a small business (assuming 1-2 workstations as you've described), a premise (ISP) router based firewall will suffice, and then host based firewalls for each individual client/server/workstation. Keep AV installed, and signatures up to date. Implement a basic change management procedure, and ensure everything stays patched and up to date. All of those things can be done for relatively low cost and high yield for security return. Heck, just doing those basic things puts you head and shoulders above many peers.
Yeah. It's a subscription fee to be able to use Netflix. That's a bummer, but it is what it is. And honestly, in bits and pieces, it could still pan out for a nice al la carte service. Xbx, Netflix, and throw in TV service w/DVR, and heck, that's probably way cheaper than Verizon/Comcast. But maybe that's just wishful thinking on my part.
Steve Jobs took a dig at XBOX Live today during the WWDC.
"In just 9 months we have 50 million Game Center users. To put that into perspective Xbox Live has been around for about eight years and they have around 30 million users."
It's not the same. A one time purchase of Angry birds doesn't compare to a subscribing, active user of XBOX live. For all of Microsoft's missteps and gaffs (and there have been plenty), XBOX live seems to be the one thing they got right. It's a great UI, and it has some great content from outside providers (Netflix, ESPN). Make my XBOX a DVR and stream quality TV through it, and I don't need much else for my entertainment needs.
If we could just upgrade the blasted XBOX360 hardware, and get better QA, I'd be good to go.
No, not necessarily. A polygraph is not required for a Top Secret security clearance, not even a TS/SCI. If you work for the FBI, CIA, NSA,DIA, or work in the Whitehouse, you will need what's called a Full Scope polygraph, or a polygraph that is a combination of two polygraphs usually administered separately. The CI poly is for actual counter intel - "Are you a spy?" type questions. The other test is called a Life Style poly, and up until 15 years ago, you could ask if someone was Gay, or engaged in 'deviant' behaviors. It's since changed to be more PC, but it's still unpleasant. Other things that can require a polygraph are certain defense contracts, where the customer stipulates that to have access to the data, you must pass either a CI, or a life style poly, or both. Outside of those situations, you are not required to have a poly to have a TS.
I'd like to see a director's cut when this goes to DVD. I know Cameron had an extremely rich back story, and most of it didn't make the cut to get into the movie, since it weighed in at 2 hours 40 minutes long. I also think it would help flesh out a story that was somewhat bland.
Ah, who am I kidding? I wanna see more bad-ass CGI explosions. Screw the plot, bring on the blue alien sex.
I've used XOHM, the Spring WiMax service in Baltimore. I tested it at 3 mbps down, 1.5 up, and you can buy in daily blocks if you don't use it every day (like, 10 a day I think). I stream my Netflix with it, and it's pretty fast, haven't tried any gaming with it though.
The monthly service is way cheaper than what Comcast is offering. Sucks to be in Portland.
I think the current cyber security guy quit for a number of reasons, not the least of which was the NSA - he also couldn't get much support from his own team in DHS. For those who actually swim in those waters, everyone major three letter government agency has their own 'cyber taskforce'. And they'll be dammned if they're going to share or collaborate any of their work with others - just mention the word 'cyber', and congress will start dumping a ton of funding on you. You start taking that away, and suddenly things get personal - now you're talking cash, and you always want more funding. It's also aggravated by mission creep - suddenly another three letter agency adopts a mission similar to yours, but this is YOUR mission, you're the experts, everyone else can go hang. Most agencies will not bow to another no matter how the executive office structures it, plain and simple. While I think that the executive office taking the lead role is probably a sound move, a part of me wonders if it's just more bureaucratic shuffling that achieves nothing.
Same for me, I work for a DoD shop. Funny thing, we had ordered endpoint control software to integrate with AD, and then this came down. Frankly, I'm surprised it took this long. I know users that have huge handfuls of USB drives in their briefcases, and you could hear their wails of displeasure when the edict came down from on high banning them. So far we've confiscated all USB drives, and we're creating a tighter inventory system by physically etching serial numbers on all the devices, and tiding up our inventory database.
Honestly, it's kind of crappy. It's hurt productivity in my shop a bit, since now we have to burn CD-R's for even the smallest file move between machines. Blank CD media hoarding is going on too, since we now use a prodigious amount of them every day. No one expects DoD to relent on allowing the devices until they can come up with a DoD wide system to manage endpoints, and then, in typical DoD fashion, they'll probably ham-handedly demand everyone use the one solution they decided on. I think I'm hardly alone when I say things will get worse before they get better for DoD shops.
Four different UAV's for each respective service has nothing to do with government efficiency. Each one of those UAV's have different operational capabilities, customized to suit the needs of each service. For exampe, The Shadow and Pioneer UAV's are not armed, and are used generally to supply intel at a platoon/battalion level. The Pioneer is a bit more bulky and box-like actually, it's a pretty old plane and needs to be launched off a moving ship and is used for amphibious landings and coastal recon. The Shadow is launched off of a towed catapult as opposed to the Predator who actually needs a runway. Hell, the Dragoneye UAV is launched by a giant rubber band, and supplies intel to a squad or platoon. The Predator has a higher flight ceiling, and a greater loiter time than the smaller UAV's, because it carries out different, if superficially similar missions to it's smaller cousins.
Shake your fist all you want against the government, and it's many gross inefficiency's. God knows it's chock full of them. I would humbly suggest something other than UAV's to pick on though.
Having a security clearance and public disclosure is a tricky areas to swim in. As a rule of thumb, you can't reveal any kind of information that ties a country to a motive, method of attack, or indicates technoloigcal prowess (or lack thereof). Once you drag a specific country into a discussion, that information is (or becomes) classified.
As an example: "The Republic of Elbonia launched a DDoS attack against a defense contractor who's working on a classified Air Force widget that can make disco popular once more." would be strictly verboten. Rather it would be the very neutral "The Eastern Bloc region is responsible for 60% of DDoS attacks towards our civilian partners; many attacks target specific technologies are being developed to aid our war fighters."
So questions about China, or other countries will be summarily worded very neutral like, or just outright dodged. Not to mention you're a public official making a declarative statement about another country, which is a foreign policy can of worms.
It's the cell theory - a clearance does not automatically entitle you information you have no buisness knowing about. Why? Because you can't compromise or divulge what you don't know -- this is the greatest bane of a security officer (protecting Need to Know).
Your blanket "train everyone" response doesn't, and will not work. What's suspicious behavior? My definition is likely different from yours, and yours is different from the next guy. And while security education plays a critical part of maintaing a clearance and access to classified information, it is only layer in the greand scheme of offering security in depth for a classified facility, or program.
If you RTFA, you'll notice that this particular wiki is more 'open' and accessible than usually allowed by our intel services - and it's a risk they acknowledge and are willing to take.
This is not the first time a 'wiki' has been created for the Intel community. I can think of several offhand that have been used over the years - the trick was keeping the community using them. You see, most of them were produced by various departments and agencies. As roles and responsibilities changed, handing them off (or outright abandoning them) became common, and quality suffered. On top of that, you'll have several different intel communities using different forums/wiki's - this is practical as well as impractical. While sharing information is nice, sometimes Need to Know takes precedence over your security clearance - it's not always advisable to share everything outright, with folks who got no business knowing about it.
The most current iteration that I know of is the Harmony Database, created by the U.S. Army Intelligence and Security Command. I actually got to see the demo of this, and I was impressed. Things like video searches, document searches, and intel officers documenting and discussing what they find is neat. It's not a 'wiki', but it has the same purpose - a collaborative database that everyone contributes too, and can search.
The 'Sensitive but Unclassified' wiki gave me a chuckle - it's information that isn't classified, but not for public release. You might have seen FOUO (For Offical Use Only) - it's the same thing. The craziest stuff is FOUO, it's all common knowledge stuff - but you can't discuss it. I can't get into specifics (lol), but it does give me a chuckle.
To my knowledge, no, we've never sold something to Israel, and then watched them turn and sell it to China. Now, we have provided them (Israel) with F-16's, but these are really stripped down versions of the plane. We don't provide them our avionics package, radar, or targeting software. They have a likewise system they might install, but that's on them, not us as the seller. The U.S. government will not sell military technology to another country, without holding a trump card of more superior technology if said buying country thinks they can take us one day. I know for a fact when we do sell our technology to allied countries, we make them sign numerous agreements to not sell or give the technology to countries on our shit list. And while we wouldn't go to war with them if they did do it, they can be garunteed to never see another U.S. product ever again, which for most any country, is enough to keep them on the straight and narrow. You have to remember, we spend 400+ billion dollars a year on our military, more than any country in the world by a large margin. Everyone knows we've got the best toys, and if they want any of the action, they'd best stay in our good graces.
Your article suggests some political tensions between us and Israel, and I know we've got some beef with them providing weapons to China, but to my knowledge, nothing heavy has occured (other than the UAV's the article has mentioned, and a missle system or two that I know of personaly). Then again, I don't sit in the White House:)
I frequently work with the U.S. government to prevent export control violations in the defense contracting world. While I can't name specific countries, I can tell you that East Asia accounts for 34% of all attacks both cyber and conventional targeting U.S. Industry and government agencies (as of 2005). My peers and I agree that this is likely directly or indirectly sponsored by the Chinese government. And contrary to popular belief, about 90% of what they want is export controlled information, not classified information.
Why export controlled information? Think about how much money it takes to protect classified information - guards, safes, alarm systems etc., it's a lot of cash, and it's damn secure. Export controlled information doesn't enjoy those same protections, just export compliance waivers to sell or ship said products overseas. As an example: Say we have a dual use technology, both military and civilian use - like jet engines. We won't sell it to certain countries we compete with both economically, and militarily, but they will do their very damndest to steal it, either by forging state department waivers, lying, stealing, black-mailing, hacking - whatever it takes. Why do they want it? To equip their jets to compete with ours on the battlefield, or to sell, or maybe even find it's weaknesses to compromise if we ever went to war with them.
I'm willing to bet here that the network used to launch the attack was a University school network, which to most people seems pretty innocent - except that in China, all schools are state run and owned. Is it an academic institution, or an extension of the Chinese government? Likely both. In this instance, the Chinese government gets plausible deniability - they had no control over, or knowledge of any cyber attack. I'll don my tin-foil hat, and disagree with that assertion only because I'm jaded and cynical enough to know better.
They're a private firm, and they don't release thier figures. We can definatly say they're profitable. Forbes has done most of the legwork, so i'll refer you this article:
http://www.forbes.com/home/intelligentinfrastructu re/2006/04/27/video-youtube-myspace_cx_df_0428vide o.html
A tl;dr summary:
12.9 million unique visitors in the month of March alone:
- raised $11.5 million in venture capital in the last year
- bandwidth costs approaching $1 million a month
- estimates generated $230 million in revenue in 2005
Adsense revenue for this much traffic has to be serious $$$.
Bandwidth costs are around 1 mil a month, +/- 1-2 mil I think (no one knows for sure). And the lawsuits won't come if the others jump on the bandwagon, and supporting the hosted content, like EMI and Warner have done.
As it stands right now, Youtube seems to be making a hellacious profit. Cnet estimated them at around $1 billion in value if bought, and the potential is there for much more. Any litigation can be easily handled, and bought off when you're worth that much. I forsee an out-of-court settlement between Youtube and a copyright holder, but ultimately won't hurt thier viability as a marketable asset. Warner and EMI are already on board to have music video's hosted, and that only makes Youtube more sellable.
To really comprehend this, I think it goes much deeper than opensource standards, or integration. The DoD has an attitude, a philosphy if you will - that everything is behind closed doors and not discussed. It's a world of classified information that is protected to pretty rigorus standards. To adopt or use anything that suggests otherwise (whether or not it actually does) just flies in the face of everything they know and understand. It's just the world they live in.
When it comes to getting a Security Clearance, Uncle Sam is the same Re: Credit records. For a Secret security clearance, a basic credit check is run on you. In so far as you don't have a bankruptcy, you'll be fine generally. However, when it comes to Top Secret clearances, you pretty much have to grab your ankles.
You will be asked about every ding on your credit, and any overdue payments or defaults/foreclosures. To the investigator (and indirectly, the U.S. Government), a bad credit records means two things: One, you're susceptible to bribes (to get out of debt), and two, that you are not responsible with your finances (and thus, may not be the same way with classified information). So while it may not be the perfect item with which to measure someone's character, it's still the yardstick by which you are judged. The only brightside to a clearance is that you get a chance to explain your credit dings, with a prospective employer, you may not have that chance.
Slashdot Mirror
In my experience, many smaller companies, especially ones who offer a specific one-off product, this is a common attitude. This means they've done no real security testing on their product, or how their product is deployed and managed in a customers environment. I think it stems from a couple of things: 1) They aren't security literate. They know how to code or deploy, but they can't be bothered to learn and implement security. They have enough to worry about as it is, and security isn't one of them. It's nothing less than willful ignorance. 2) Sometimes it's more nefarious. They don't want anything impacting their customer experience. Two factor authentication? Firewalls? Application white-listing? Those things get in the way of a customer using their code they paid for. They will not endorse or support it. More over, if YOU implement, it could violate your warranty and null any SLA's. Read the fine print. Ultimately, the (real professionals) answer is this: Defense in depth. For a small business (assuming 1-2 workstations as you've described), a premise (ISP) router based firewall will suffice, and then host based firewalls for each individual client/server/workstation. Keep AV installed, and signatures up to date. Implement a basic change management procedure, and ensure everything stays patched and up to date. All of those things can be done for relatively low cost and high yield for security return. Heck, just doing those basic things puts you head and shoulders above many peers.
Yeah. It's a subscription fee to be able to use Netflix. That's a bummer, but it is what it is. And honestly, in bits and pieces, it could still pan out for a nice al la carte service. Xbx, Netflix, and throw in TV service w/DVR, and heck, that's probably way cheaper than Verizon/Comcast. But maybe that's just wishful thinking on my part.
Steve Jobs took a dig at XBOX Live today during the WWDC. "In just 9 months we have 50 million Game Center users. To put that into perspective Xbox Live has been around for about eight years and they have around 30 million users." It's not the same. A one time purchase of Angry birds doesn't compare to a subscribing, active user of XBOX live. For all of Microsoft's missteps and gaffs (and there have been plenty), XBOX live seems to be the one thing they got right. It's a great UI, and it has some great content from outside providers (Netflix, ESPN). Make my XBOX a DVR and stream quality TV through it, and I don't need much else for my entertainment needs. If we could just upgrade the blasted XBOX360 hardware, and get better QA, I'd be good to go.
No, not necessarily. A polygraph is not required for a Top Secret security clearance, not even a TS/SCI. If you work for the FBI, CIA, NSA,DIA, or work in the Whitehouse, you will need what's called a Full Scope polygraph, or a polygraph that is a combination of two polygraphs usually administered separately. The CI poly is for actual counter intel - "Are you a spy?" type questions. The other test is called a Life Style poly, and up until 15 years ago, you could ask if someone was Gay, or engaged in 'deviant' behaviors. It's since changed to be more PC, but it's still unpleasant. Other things that can require a polygraph are certain defense contracts, where the customer stipulates that to have access to the data, you must pass either a CI, or a life style poly, or both. Outside of those situations, you are not required to have a poly to have a TS.
Oh man, me too. hi5.
It's not over yet for Spirit! Still, should the unfortunate happen, I'll pour out a bottle of Ye Olde Fortran in memoriam.
I'd like to see a director's cut when this goes to DVD. I know Cameron had an extremely rich back story, and most of it didn't make the cut to get into the movie, since it weighed in at 2 hours 40 minutes long. I also think it would help flesh out a story that was somewhat bland. Ah, who am I kidding? I wanna see more bad-ass CGI explosions. Screw the plot, bring on the blue alien sex.
I've used XOHM, the Spring WiMax service in Baltimore. I tested it at 3 mbps down, 1.5 up, and you can buy in daily blocks if you don't use it every day (like, 10 a day I think). I stream my Netflix with it, and it's pretty fast, haven't tried any gaming with it though. The monthly service is way cheaper than what Comcast is offering. Sucks to be in Portland.
I think the current cyber security guy quit for a number of reasons, not the least of which was the NSA - he also couldn't get much support from his own team in DHS. For those who actually swim in those waters, everyone major three letter government agency has their own 'cyber taskforce'. And they'll be dammned if they're going to share or collaborate any of their work with others - just mention the word 'cyber', and congress will start dumping a ton of funding on you. You start taking that away, and suddenly things get personal - now you're talking cash, and you always want more funding. It's also aggravated by mission creep - suddenly another three letter agency adopts a mission similar to yours, but this is YOUR mission, you're the experts, everyone else can go hang. Most agencies will not bow to another no matter how the executive office structures it, plain and simple. While I think that the executive office taking the lead role is probably a sound move, a part of me wonders if it's just more bureaucratic shuffling that achieves nothing.
Same for me, I work for a DoD shop. Funny thing, we had ordered endpoint control software to integrate with AD, and then this came down. Frankly, I'm surprised it took this long. I know users that have huge handfuls of USB drives in their briefcases, and you could hear their wails of displeasure when the edict came down from on high banning them. So far we've confiscated all USB drives, and we're creating a tighter inventory system by physically etching serial numbers on all the devices, and tiding up our inventory database. Honestly, it's kind of crappy. It's hurt productivity in my shop a bit, since now we have to burn CD-R's for even the smallest file move between machines. Blank CD media hoarding is going on too, since we now use a prodigious amount of them every day. No one expects DoD to relent on allowing the devices until they can come up with a DoD wide system to manage endpoints, and then, in typical DoD fashion, they'll probably ham-handedly demand everyone use the one solution they decided on. I think I'm hardly alone when I say things will get worse before they get better for DoD shops.
Is this lawsuit any different from the ACLU one though? They seem to be covering the same ground.
Four different UAV's for each respective service has nothing to do with government efficiency. Each one of those UAV's have different operational capabilities, customized to suit the needs of each service. For exampe, The Shadow and Pioneer UAV's are not armed, and are used generally to supply intel at a platoon/battalion level. The Pioneer is a bit more bulky and box-like actually, it's a pretty old plane and needs to be launched off a moving ship and is used for amphibious landings and coastal recon. The Shadow is launched off of a towed catapult as opposed to the Predator who actually needs a runway. Hell, the Dragoneye UAV is launched by a giant rubber band, and supplies intel to a squad or platoon. The Predator has a higher flight ceiling, and a greater loiter time than the smaller UAV's, because it carries out different, if superficially similar missions to it's smaller cousins.
Shake your fist all you want against the government, and it's many gross inefficiency's. God knows it's chock full of them. I would humbly suggest something other than UAV's to pick on though.
Having a security clearance and public disclosure is a tricky areas to swim in. As a rule of thumb, you can't reveal any kind of information that ties a country to a motive, method of attack, or indicates technoloigcal prowess (or lack thereof). Once you drag a specific country into a discussion, that information is (or becomes) classified.
As an example: "The Republic of Elbonia launched a DDoS attack against a defense contractor who's working on a classified Air Force widget that can make disco popular once more." would be strictly verboten. Rather it would be the very neutral "The Eastern Bloc region is responsible for 60% of DDoS attacks towards our civilian partners; many attacks target specific technologies are being developed to aid our war fighters."
So questions about China, or other countries will be summarily worded very neutral like, or just outright dodged. Not to mention you're a public official making a declarative statement about another country, which is a foreign policy can of worms.
It's the cell theory - a clearance does not automatically entitle you information you have no buisness knowing about. Why? Because you can't compromise or divulge what you don't know -- this is the greatest bane of a security officer (protecting Need to Know).
Your blanket "train everyone" response doesn't, and will not work. What's suspicious behavior? My definition is likely different from yours, and yours is different from the next guy. And while security education plays a critical part of maintaing a clearance and access to classified information, it is only layer in the greand scheme of offering security in depth for a classified facility, or program.
If you RTFA, you'll notice that this particular wiki is more 'open' and accessible than usually allowed by our intel services - and it's a risk they acknowledge and are willing to take.
This is not the first time a 'wiki' has been created for the Intel community. I can think of several offhand that have been used over the years - the trick was keeping the community using them. You see, most of them were produced by various departments and agencies. As roles and responsibilities changed, handing them off (or outright abandoning them) became common, and quality suffered. On top of that, you'll have several different intel communities using different forums/wiki's - this is practical as well as impractical. While sharing information is nice, sometimes Need to Know takes precedence over your security clearance - it's not always advisable to share everything outright, with folks who got no business knowing about it.
The most current iteration that I know of is the Harmony Database, created by the U.S. Army Intelligence and Security Command. I actually got to see the demo of this, and I was impressed. Things like video searches, document searches, and intel officers documenting and discussing what they find is neat. It's not a 'wiki', but it has the same purpose - a collaborative database that everyone contributes too, and can search.
The 'Sensitive but Unclassified' wiki gave me a chuckle - it's information that isn't classified, but not for public release. You might have seen FOUO (For Offical Use Only) - it's the same thing. The craziest stuff is FOUO, it's all common knowledge stuff - but you can't discuss it. I can't get into specifics (lol), but it does give me a chuckle.
To my knowledge, no, we've never sold something to Israel, and then watched them turn and sell it to China. Now, we have provided them (Israel) with F-16's, but these are really stripped down versions of the plane. We don't provide them our avionics package, radar, or targeting software. They have a likewise system they might install, but that's on them, not us as the seller. The U.S. government will not sell military technology to another country, without holding a trump card of more superior technology if said buying country thinks they can take us one day. I know for a fact when we do sell our technology to allied countries, we make them sign numerous agreements to not sell or give the technology to countries on our shit list. And while we wouldn't go to war with them if they did do it, they can be garunteed to never see another U.S. product ever again, which for most any country, is enough to keep them on the straight and narrow. You have to remember, we spend 400+ billion dollars a year on our military, more than any country in the world by a large margin. Everyone knows we've got the best toys, and if they want any of the action, they'd best stay in our good graces.
:)
Your article suggests some political tensions between us and Israel, and I know we've got some beef with them providing weapons to China, but to my knowledge, nothing heavy has occured (other than the UAV's the article has mentioned, and a missle system or two that I know of personaly). Then again, I don't sit in the White House
I frequently work with the U.S. government to prevent export control violations in the defense contracting world. While I can't name specific countries, I can tell you that East Asia accounts for 34% of all attacks both cyber and conventional targeting U.S. Industry and government agencies (as of 2005). My peers and I agree that this is likely directly or indirectly sponsored by the Chinese government. And contrary to popular belief, about 90% of what they want is export controlled information, not classified information.
Why export controlled information? Think about how much money it takes to protect classified information - guards, safes, alarm systems etc., it's a lot of cash, and it's damn secure. Export controlled information doesn't enjoy those same protections, just export compliance waivers to sell or ship said products overseas. As an example: Say we have a dual use technology, both military and civilian use - like jet engines. We won't sell it to certain countries we compete with both economically, and militarily, but they will do their very damndest to steal it, either by forging state department waivers, lying, stealing, black-mailing, hacking - whatever it takes. Why do they want it? To equip their jets to compete with ours on the battlefield, or to sell, or maybe even find it's weaknesses to compromise if we ever went to war with them.
I'm willing to bet here that the network used to launch the attack was a University school network, which to most people seems pretty innocent - except that in China, all schools are state run and owned. Is it an academic institution, or an extension of the Chinese government? Likely both. In this instance, the Chinese government gets plausible deniability - they had no control over, or knowledge of any cyber attack. I'll don my tin-foil hat, and disagree with that assertion only because I'm jaded and cynical enough to know better.
They're a private firm, and they don't release thier figures. We can definatly say they're profitable. Forbes has done most of the legwork, so i'll refer you this article: http://www.forbes.com/home/intelligentinfrastructu re/2006/04/27/video-youtube-myspace_cx_df_0428vide o.html
A tl;dr summary:
12.9 million unique visitors in the month of March alone:
- raised $11.5 million in venture capital in the last year
- bandwidth costs approaching $1 million a month
- estimates generated $230 million in revenue in 2005
Adsense revenue for this much traffic has to be serious $$$.
Bandwidth costs are around 1 mil a month, +/- 1-2 mil I think (no one knows for sure). And the lawsuits won't come if the others jump on the bandwagon, and supporting the hosted content, like EMI and Warner have done.
As it stands right now, Youtube seems to be making a hellacious profit. Cnet estimated them at around $1 billion in value if bought, and the potential is there for much more. Any litigation can be easily handled, and bought off when you're worth that much. I forsee an out-of-court settlement between Youtube and a copyright holder, but ultimately won't hurt thier viability as a marketable asset. Warner and EMI are already on board to have music video's hosted, and that only makes Youtube more sellable.
To really comprehend this, I think it goes much deeper than opensource standards, or integration. The DoD has an attitude, a philosphy if you will - that everything is behind closed doors and not discussed. It's a world of classified information that is protected to pretty rigorus standards. To adopt or use anything that suggests otherwise (whether or not it actually does) just flies in the face of everything they know and understand. It's just the world they live in.
When it comes to getting a Security Clearance, Uncle Sam is the same Re: Credit records. For a Secret security clearance, a basic credit check is run on you. In so far as you don't have a bankruptcy, you'll be fine generally. However, when it comes to Top Secret clearances, you pretty much have to grab your ankles. You will be asked about every ding on your credit, and any overdue payments or defaults/foreclosures. To the investigator (and indirectly, the U.S. Government), a bad credit records means two things: One, you're susceptible to bribes (to get out of debt), and two, that you are not responsible with your finances (and thus, may not be the same way with classified information). So while it may not be the perfect item with which to measure someone's character, it's still the yardstick by which you are judged. The only brightside to a clearance is that you get a chance to explain your credit dings, with a prospective employer, you may not have that chance.