How could this happen?!?
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
Remember, we're talking about the government.
If it's not broken, fix it until it is
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
-
Information is meant to be free.
Unless it's on Azure, then it costs an arm and a leg.
The difficult we do right away... ...the impossible takes slightly longer.
-
Remember, we're talking about the government.
If it's not broken, fix it until it is
I keep thinking about that famous quote from Armageddon -- "You know we're sitting on four million pounds of fuel, one nuclear weapon and a thing that has 270,000 moving parts built by the lowest bidder. Makes you feel good, doesn't it?" Government security? Yeah, right. That fits in the same block of oxymorons as military intelligence.
The difficult may take time, the impossible a little longer.
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
Most of the time it will be the responsibility of the IT directors or managers. It's not uncommon for people in these positions to have little to no real knowledge about security or IT for that matter. Many of them may simply be on a career course to find their way to the 'top' and are not particularly interested in the actual work they do. What can happen is that the IT technicians(people like you and me) make it quite clear what the risks are however they are not always listened to, after all why would a person who is on their way to the 'top' defer to some pipsqueak developer who knows nothing of the world of business(satire intended). I would be willing to bet that the technical people were up in arms about the security risks and were simply not listened to.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
Remember, we're talking about the government.
If it's not broken, fix it until it is
Coder (Hired) wrote:
Remember, we're talking about the government.
I was going to say the same thing. :thumbsup:
-
Remember, we're talking about the government.
If it's not broken, fix it until it is
Yes, but it's the most powerful government in the world, one that can (fbofw) project its power around the world and (again, fbofw) kill insurgents from afar in hostile countries like Pakistan, Libya, etc. It boggles the mind.
Cheers, विक्रम "We have already been through this, I am not going to repeat myself." - fat_boy, in a global warming thread :doh:
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
Simple. Lowest bid.
Software Zen:
delete this; -
Remember, we're talking about the government.
If it's not broken, fix it until it is
-
Yes, but it's the most powerful government in the world, one that can (fbofw) project its power around the world and (again, fbofw) kill insurgents from afar in hostile countries like Pakistan, Libya, etc. It boggles the mind.
Cheers, विक्रम "We have already been through this, I am not going to repeat myself." - fat_boy, in a global warming thread :doh:
-
...and a government that wants backdoors into all encrypted systems on top of that. :doh: Not only are they clueless, their advisors are also clueless.
dandy72 wrote:
...and a government that wants backdoors into all encrypted systems on top of that
Maybe they decided to provide such backdoors on their own systems.. to set an example for the rest of the business community :)
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
Most of the time it will be the responsibility of the IT directors or managers. It's not uncommon for people in these positions to have little to no real knowledge about security or IT for that matter. Many of them may simply be on a career course to find their way to the 'top' and are not particularly interested in the actual work they do. What can happen is that the IT technicians(people like you and me) make it quite clear what the risks are however they are not always listened to, after all why would a person who is on their way to the 'top' defer to some pipsqueak developer who knows nothing of the world of business(satire intended). I would be willing to bet that the technical people were up in arms about the security risks and were simply not listened to.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
On average it seems to me that Gov't IT is about 5-10 years behind current practice, depending on the Department. An interesting tidbit I heard on NPR about the hack in question, is that it occurred a few days after the government shutdown. When the entire 300+ person IT department was sitting at home.
-
On average it seems to me that Gov't IT is about 5-10 years behind current practice, depending on the Department. An interesting tidbit I heard on NPR about the hack in question, is that it occurred a few days after the government shutdown. When the entire 300+ person IT department was sitting at home.
I have seen others write something similar to what you say. However given how poor security and practise is in much of the private sector it does make me wonder how terrible the 5-10 year differences in practise are.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
-
Quote:
attackers could potentially decrypt data if they found the keys
Well quite. How have locksmiths got away with it for so long? No more keys! No more keys!
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
It is really very simple: government, at all levels, is not interested in updating infrastructure. Politicians make their careers on building NEW things, such as bridges.buildings and freeways. They do not make their name fixing things. Just take a look at our functionally obsolete and corroded bridges and highways, our leaking water and sewer systems, the fleet of Amtrak engines and cars, and the conditions of our harbors. IT is just more of the same. Major agencies can interest Congress in funding new, big projects. Minor agencies, such as the Office of Personnel Management or the National Parks Service, only get budgetary crumbs. They cannot get the funding for major upgrades of their IT hardware and software. Many of these minor agencies are still using computers build in the 1960s and 1970s. Remote terminals, such as IBM 3270s, have been replaced by PCs, but underlying it all are these old mainframes, whose software was written in COBOL by consultants who have retired or died are no longer in business. Where is the source code? Not findable. All infrastructure needs ongoing maintenance and upgrades. Business has learned this and pays big bucks to keep at least reasonable current. Government, in the executive and legislative sectors, has not and, being composed of politicians, may be incapable of learning it. Career bureaucrats learn early to pick their battles and increasing the maintenance and upgrade budgets is a battle they believe they can never win. When a crisis like this appears, the press and public opinion will force hearings and publicity-generating noise, but in the end, little will get done. The next time around, the press will point to the recommendations from this crisis that were never implemented and that generation of politicians will blame their predecessors: still, nothing will be done. To force real change, each of us must write our state and federal legislators, our county commissioners and our town or city council and pressure them to include meaningful maintenance and upgrade funds in each and every budgets. Otherwise, the new big projects will just crumble into decay just as the older ones have.
---------- Lord, grant me the serenity to accept that there are some things I just can’t keep up with, the determination to keep up with the things I must keep up with, and the wisdom to find a good RSS feed from someone who keeps up with what I’d like to, but just don’t have the damn bandwidth to handle right now. © 2009, Rex Hammock
-
It is really very simple: government, at all levels, is not interested in updating infrastructure. Politicians make their careers on building NEW things, such as bridges.buildings and freeways. They do not make their name fixing things. Just take a look at our functionally obsolete and corroded bridges and highways, our leaking water and sewer systems, the fleet of Amtrak engines and cars, and the conditions of our harbors. IT is just more of the same. Major agencies can interest Congress in funding new, big projects. Minor agencies, such as the Office of Personnel Management or the National Parks Service, only get budgetary crumbs. They cannot get the funding for major upgrades of their IT hardware and software. Many of these minor agencies are still using computers build in the 1960s and 1970s. Remote terminals, such as IBM 3270s, have been replaced by PCs, but underlying it all are these old mainframes, whose software was written in COBOL by consultants who have retired or died are no longer in business. Where is the source code? Not findable. All infrastructure needs ongoing maintenance and upgrades. Business has learned this and pays big bucks to keep at least reasonable current. Government, in the executive and legislative sectors, has not and, being composed of politicians, may be incapable of learning it. Career bureaucrats learn early to pick their battles and increasing the maintenance and upgrade budgets is a battle they believe they can never win. When a crisis like this appears, the press and public opinion will force hearings and publicity-generating noise, but in the end, little will get done. The next time around, the press will point to the recommendations from this crisis that were never implemented and that generation of politicians will blame their predecessors: still, nothing will be done. To force real change, each of us must write our state and federal legislators, our county commissioners and our town or city council and pressure them to include meaningful maintenance and upgrade funds in each and every budgets. Otherwise, the new big projects will just crumble into decay just as the older ones have.
---------- Lord, grant me the serenity to accept that there are some things I just can’t keep up with, the determination to keep up with the things I must keep up with, and the wisdom to find a good RSS feed from someone who keeps up with what I’d like to, but just don’t have the damn bandwidth to handle right now. © 2009, Rex Hammock
Thank you for that Jalapeno Bob! What you say is spot on. The only thing wrong is that "include meaningful maintenance and upgrade funds" could be done... only to be undone by the next administration. Like Social Security or . --------- "We don't do IT very well" - Barak Obama talking about the Healthcare website.
-
Thank you for that Jalapeno Bob! What you say is spot on. The only thing wrong is that "include meaningful maintenance and upgrade funds" could be done... only to be undone by the next administration. Like Social Security or . --------- "We don't do IT very well" - Barak Obama talking about the Healthcare website.
That is why I said "each and every budget." One-shots are not acceptable
Lord, grant me the serenity to accept that there are some things I just can’t keep up with, the determination to keep up with the things I must keep up with, and the wisdom to find a good RSS feed from someone who keeps up with what I’d like to, but just don’t have the damn bandwidth to handle right now. © 2009, Rex Hammock
-
As per that hack that has been reported to have occurred for all US government employees information, how in the hell could they have been so open to such an act? I have done 3rd level support for ADP and Ceridian while at RIM and those systems were majorly locked down. This is completely baffling as to the fact that there was no encryption or obfuscation considering this information was outward facing. http://www.dailydot.com/politics/opm-hack-house-hearing/[^]
Another cause is some manager or politician asking for access. IT says "no". Manager/Politician throw a fit. Access is given. Nobody cares. In 2000, I worked at a company that got hit by several computer viruses in a six month period. It got so bad, we cut our engineering lab off from the regular network and told IT to piss off. Where were they all coming from? 1) Outlook attachments, which IT refused to block and/or filter because executives wanted to keep getting their massive attachments and 2) The CEO used the company as his ISP and forbid that any firewalls be put up which would impede his family's web surfing. (The weird part is that we engineers figured all this out while IT just put their hands over their ears until it got to be too much and only then secured the network extremely well.)
