Jump to content

The dangers of our new normal...


Recommended Posts

 

The flipside is that you also have a hard time arguing that NSA shouldn't be gathering as much data as possible to spot anomalies, as cybersecurity has long moved beyond stopping intrusion to detecting anomalies to catch the intruders after the fact.

Link to comment
Share on other sites

 

The flipside is that you also have a hard time arguing that NSA shouldn't be gathering as much data as possible to spot anomalies, as cybersecurity has long moved beyond stopping intrusion to detecting anomalies to catch the intruders after the fact.

Cyber security and cyber surveillance are two very different things.

 

(Typing on the run before meetings so forgive my scattered responses)

 

For clarification, I am in no way saying or believe that the U.S. shouldn't be in the spying business. But there are limitswhen it comes to violating American citizens constitutional protections.

Edited by GreggyT
Link to comment
Share on other sites

http://thehill.com/policy/cybersecurity/244888-report-second-major-fed-hack-hit-military-intel-workers

 

http://www.nytimes.com/2015/06/13/us/white-house-weighs-sanctions-after-second-breach-of-a-computer-system.html?_r=0

 

 

Is the irony intentional or not? State sponsored hackers steal data about federal government employees and it is viewed by many as an outrageous violation worthy of potential sanctions against China. Yet, revelations about the American government doing the exact same thing to its citizens is viewed as "necessary" to keep us safe from terrorists.

 

I write fiction for a living and I couldn't come up with something as absurdly ironic as this. I doubt Swift could have either.

 

 

 

 

 

Reporter admits he just wrote what the UK government told him to write in Snowden / MI6 story:

 

https://www.techdirt.com/articles/20150615/11565531344/reporter-who-wrote-sunday-times-snowden-propaganda-admits-that-hes-just-writing-what-uk-govt-told-him.shtml

 

"It's then that he makes the "we just publish what we believe to be the position of the British government" claim. Howell then points to one of the many contradictions in the story: the idea that Russia/China hacked into the Snowden files... and the claim that they were just handed over. And again, Harper pleads ignorance. He's just the stenographer:

 

Again, sorry to just repeat myself, George, but we don't know, so we haven't written that in the paper. Um... you know, it could be either. It could be another scenario

 

I mean, it could be that the great fairyland dragon from the 6th dimension dreamed up the Snowden documents and then gave them to Russia and China. Who the !@#$ knows? I'm just a reporter, man. Why would you ask me for evidence or facts? I'm just rewriting what some government guys told me!"

 

Edited by GreggyT
Link to comment
Share on other sites

The OPM Hack Is the Clearest Symbol of the Obama Era

by Michael Brendan Dougherty

 

You might expect outrage, but so far this system-wide failure has been met with a shrug. The federal government zealously guards its powers to compile ziggurats of data on Americans when those powers are challenged by libertarians like Rand Paul. But the job the government is actually supposed to do with data — keep it safe and us safe with it — is entirely left undone. The zeal disappears once the data is stacked, somewhere. Wherever.

 

In a sense, the data breach reveals how far American government is from republicanism in character. Republics are flinty things. Men who govern republics are supposed to find it shameful when they waste the public’s money. They are supposed to think of their failures as a kind of betrayal of the public trust. But how many people are going to get fired for this? How many will lose contracts or suffer public and professional humiliation? None is my guess.

 

{snip}

 

The IRS data breach. The postal service data breach. The National Oceanic and Atmospheric Administration hack. The data breach at federal contractor US Investigations Services, which performs background checks on DHS, ICE and border patrol units.
And now, the epic OPM hack.
We are governed by progressives who have an infinite faith in the federal government’s ability to manage enormously complicated tasks and almost no interest in ensuring the government actually does those tasks well.

 

Link to comment
Share on other sites

The OPM Hack Is the Clearest Symbol of the Obama Era

by Michael Brendan Dougherty

 

You might expect outrage, but so far this system-wide failure has been met with a shrug. The federal government zealously guards its powers to compile ziggurats of data on Americans when those powers are challenged by libertarians like Rand Paul. But the job the government is actually supposed to do with data — keep it safe and us safe with it — is entirely left undone. The zeal disappears once the data is stacked, somewhere. Wherever.

 

In a sense, the data breach reveals how far American government is from republicanism in character. Republics are flinty things. Men who govern republics are supposed to find it shameful when they waste the public’s money. They are supposed to think of their failures as a kind of betrayal of the public trust. But how many people are going to get fired for this? How many will lose contracts or suffer public and professional humiliation? None is my guess.

 

{snip}

 

The IRS data breach. The postal service data breach. The National Oceanic and Atmospheric Administration hack. The data breach at federal contractor US Investigations Services, which performs background checks on DHS, ICE and border patrol units.
And now, the epic OPM hack.
We are governed by progressives who have an infinite faith in the federal government’s ability to manage enormously complicated tasks and almost no interest in ensuring the government actually does those tasks well.

 

 

:beer:

Link to comment
Share on other sites

 

This is the equivalent of invoking "OCinBuffalo" three times.

Nah, you've invoked me all by your idiot self.

 

This it's literally the same thing as asking "what is the difference between a coupon rate and a discount rate?". That invokes you, and only one time is required.

 

Your dopey ass would proceed to fill page after page in response, especially if anybody dared to question you about anything, no matter how trivial.

 

So spare us the hypocrisy. Just because I know a lot about the subject matter being discussed, and you do not, as evidenced by your long posts in this thread, doesn't mean you get to pretend that if the topic was finance, you wouldn't be writing book post after book post.

Edited by OCinBuffalo
Link to comment
Share on other sites

Oh yeah, and for a bunch of people that "never read my posts", I love how often the word "scope" has been used since I introduced it into this thread.

 

:lol: You rent, but I own.

 

And for hopefully the final time: "As much data as possible" is not what this job requires.

 

Rather the job requires "as much of the right data as possible". And, only if that data is producing actionable results. If the SCOPE of our project calls for the collection of a billion records, that is because of the requirements-->design. Not because of anything else. Similarly, the next scope may only require 10k records. It's always about what is necessary to get the job done. So, whining about "bulk" data collection, or whether meta data is used, or whether the SCOPE of the data we collect is expanded to every type of data conceivable...is stupid. Consider: if we think we have an operative who infiltrated the country in March....what good is any data before that? Thus, if there is a problem, then it's because we have <March data in the warehouse dedicated to this effort, and NOT, because we are "bulk" collecting trying to find this guy through pattern recognition.

 

The problem we are trying to solve is the sole determining factor of our tactics. Therefore, the first question that must be asked is never about tactics :rolleyes:, rather it is about problem definition/project scope: what is the problem we see, and what do we think we need to do to solve it? If the answers to those 2 questions are acceptable, then using whatever tactics are necessary to get the job done are acceptable, but, if any tactic isn't producing results(like these million records over here that have shown us nothing, and aren't ever going to), dump it.

 

I guess I will try explaining it another way: we are all familiar with public opinion polls, right? Do scientific public opinion polls require "As much data as possible"/1 million respondents? No, they only require 2000. They do however require qualified, "likely voters", to be the most accurate snapshots of where things currently stand. A series of them taken together has a 50/50 chance of showing a trend, and the reason it's 50/50 is hooking snapshot together is not the same as designing a predictive data model.

 

The best way to determine what voters are thinking is to create an analytic, predictive data storage facility.....which is what Obama's campaign did, which is why he won, and also explains how Romney's, as well as Gallup's internal polling was so off. They were working with the old, hooking snap-shots together method, and it fooled a lot of people, then failed.

 

One tactic was successful, the other was not. Both sides collected "bulk data", and meta data, about people. So "bulk data" made no difference. The difference was, one side knew how to do my job(EDIT: The Obama campaign hired Accenture, not Google, not Apple. :rolleyes:) and the other side didn't.

Edited by OCinBuffalo
Link to comment
Share on other sites

Your dopey ass would proceed to fill page after page in response, especially if anybody dared to question you about anything, no matter how trivial.

 

 

Between the two of us, only one has a tendency to fill page after page on trivial stuff. And you couldn't even help yourself in this instance, as per above.

Link to comment
Share on other sites

While the media was distracted yesterday by the shiny bauble also known as Donald Trump, real news was being made during a House Oversight hearing on the hack of sensitive information from Office of Personnel Management computer systems.

 

 

Thankfully Roll Call put together a video of lowlights from the hearing that show OPM Director Katherine Archuleta getting grilled by members of both parties and providing no real answers as to what happened or who’s to blame. It really does make for good T.V. and we wonder why the cable newsers were more interested in Trump than “cyber Pearl Harbor.”

 

 

Anyway,her performance was infuriating and you’ll probably want to grab a pitchfork and storm the proverbial castle after giving it a view...............

 

 

https://www.youtube.com/watch?v=A9Y6IefNq2Q

 

 

 

 

 

OPM Breach Includes Congressional Staffers. “The notices likely came as a surprise to the House and Senate staffers affected by the breach, because they were previously informed that only those with executive branch experience were likely affected.”

 

 

.

 

 

 

.

Edited by B-Man
Link to comment
Share on other sites

While the media was distracted yesterday by the shiny bauble also known as Donald Trump, real news was being made during a House Oversight hearing on the hack of sensitive information from Office of Personnel Management computer systems.

 

 

Thankfully Roll Call put together a video of lowlights from the hearing that show OPM Director Katherine Archuleta getting grilled by members of both parties and providing no real answers as to what happened or who’s to blame. It really does make for good T.V. and we wonder why the cable newsers were more interested in Trump than “cyber Pearl Harbor.”

 

 

Anyway,her performance was infuriating and you’ll probably want to grab a pitchfork and storm the proverbial castle after giving it a view...............

 

 

https://www.youtube.com/watch?v=A9Y6IefNq2Q

 

 

 

 

 

OPM Breach Includes Congressional Staffers. “The notices likely came as a surprise to the House and Senate staffers affected by the breach, because they were previously informed that only those with executive branch experience were likely affected.”

 

 

.

 

 

 

.

 

I know these people. I used to work with and for some of them.

 

There's not a lot I can say. But I will confirm that Archuleta is way the hell out of her depth (and while the questions she was asked were ignorant and obnoxious, she was so woefully unprepared that there's really no defending her.) So is Donna Seymour. And as I used to be involved with some of that work, I know for a fact that one of the people giving testimony (won't say who) flat-out lied under oath.

Link to comment
Share on other sites

 

....data encryption is a valuable tool.... :lol:

 

Retrofitting data encryption on to the particular system they're talking about would be a royal pain in the ass. I don't think they could do it in less than five years.

 

The funny thing is that a lot of their security is ridiculously tight, but in all the wrong places. To get two systems to talk to each other, you need a RKF ID on CDEV, mapped to a certificate generated from the Root CA, corresponding to an AD account, that has a role defined on a completely different server using yet ANOTHER certificate for authentication. And a THIRD certificate to secure the communications channel. All to secure one data stream between two computers on the same subnet, that can't be accessed without breaking two firewalls. And then each of the computers STORES THE DATA IN THE CLEAR.

 

Yeah...no one's hacking your service bus when they can steal the entire database, you morons.

Link to comment
Share on other sites

 

Retrofitting data encryption on to the particular system they're talking about would be a royal pain in the ass. I don't think they could do it in less than five years.

 

 

I can appreciate how difficult and time consuming something like that might be. I was laughing at the way she was replying to Chaffetz - her canned response sounded as if she was giving a bad 6th grade oral report on the subject.

Link to comment
Share on other sites

After Claiming USA Freedom Act would be a boon to ISIS, Ex-NSA now mocks how weak reform is:

 

 

 

If somebody would come up to me and say “Look, Hayden, here’s the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you’re going to be required to do is that little 215 program about American telephony metadata — and by the way, you can still have access to it, but you got to go to the court and get access to it from the companies, rather than keep it to yourself” — I go: “And this is it after two years? Cool!”

 

Michael Hayden

 

 

 

https://www.techdirt.com/articles/20150618/06521231384/after-claiming-usa-freedom-would-be-boon-to-isis-ex-nsa-director-now-mocks-how-weak-usa-freedom-is.shtml

Link to comment
Share on other sites

 

I can appreciate how difficult and time consuming something like that might be. I was laughing at the way she was replying to Chaffetz - her canned response sounded as if she was giving a bad 6th grade oral report on the subject.

 

I watched the whole hearing. It's the first time I've been entertained by something on CSpan, largely because it involved people I used to deal with on a weekly basis.

 

I was shocked at how poorly Director Archuleta showed at the hearing. Admittedly, it's not her job to get into the weeds on this stuff, and some of the questions she was asked were obnoxiously ignorant...but it IS her job to be prepared to discuss it when she's hauled in front of the House Oversight Committee. She was was full gatorman unprepared. I can't imagine her keeping her job after this.

Link to comment
Share on other sites

 

I watched the whole hearing. It's the first time I've been entertained by something on CSpan, largely because it involved people I used to deal with on a weekly basis.

 

I was shocked at how poorly Director Archuleta showed at the hearing. Admittedly, it's not her job to get into the weeds on this stuff, and some of the questions she was asked were obnoxiously ignorant...but it IS her job to be prepared to discuss it when she's hauled in front of the House Oversight Committee. She was was full gatorman unprepared. I can't imagine her keeping her job after this.

 

I don't have much faith in the feds when it comes to removing someone due to incompetence (what difference, at this point, does it make?).

 

You may be a little too young to remember this, but CSPAN aired the PMRC hearings on lyrical content in popular music, which pitted James Baker's wife, Al & Tipper Gore among others against the likes of Dee Snyder, John Denver, and Frank Zappa. It was beyond entertaining.

 

Link to comment
Share on other sites

 

I don't have much faith in the feds when it comes to removing someone due to incompetence (what difference, at this point, does it make?).

Congress will get what Congress wants, and Elijah Cummings hates OPM, for some reason. I think OPM might have kicked his puppy or egged his house or something.
But at Archuleta's level...she won't be removed. She'll "resign" to "pursue other opportunities" or "spend time with family" or something. Probably in about three months, when the furor's died down.

 

You may be a little too young to remember this, but CSPAN aired the PMRC hearings on lyrical content in popular music, which pitted James Baker's wife, Al & Tipper Gore among others against the likes of Dee Snyder, John Denver, and Frank Zappa. It was beyond entertaining.

 

 

I remember the furor - Dee Snyder testifying before Tipper Gore, looking more like a woman than Tipper Gore, and me wondering "Who the &#33;@#&#036; is Tipper Gore? When was she elected?" Never saw the actual hearing, though.

 

Frank Zappa, in front of Congress. Too bad they couldn't get Joe Walsh, too. God, I miss that presidential ticket...

Link to comment
Share on other sites

 

Frank Zappa, in front of Congress. Too bad they couldn't get Joe Walsh, too. God, I miss that presidential ticket...

 

 

I've been a fan of Zappa's work since I was in 9th grade (200 Motels was my introduction), and was lucky enough to see him live 3 times. That said, despite my deep admiration for the man and his music, I can't for the life of me imagine what the country would have been like under President Zappa.

Link to comment
Share on other sites

×
×
  • Create New...