US Military Will Soon Begin Testing NSA's New, Post-Snowden Security Measures (dailydot.com) 72
Patrick O'Neill writes: The U.S. military will closely review the NSA's security measures as concerns mount that foreign adversaries and independent hackers are targeting the American government in cyberspace. "We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general, wrote in the letter.
Post-Snowden NSA (Score:5, Insightful)
Indeed, if a lone consultant like E. Snowden could pull such a leak, one can imagine what entities with far more resources and know-how (like the Russian FSB / former KGB) have been doing for years.
Re: (Score:1)
NSA motto: "In God We Trust, Everyone Else We Polygraph"
Re: (Score:3, Interesting)
No, to stop someone like Snowden you don't need an absolute dictatorship. You need to restrict access to systems so that employees only have access to the things they need. You have to create an environment of professionalism where people don't share passwords. You monitor access logs. You know, the things that competent corporate IT usually does already.
To stop someone like Snowden you just have to have adopted best practices (like the Real World) uses instead of a cowboy attitude towards security (lik
Re:Post-Snowden NSA (Score:5, Insightful)
No, to stop someone like Snowden you don't need an absolute dictatorship. You need to restrict access to systems so that employees only have access to the things they need.
That won't work if you're doing things that are morally outrageous, because employees that need access do need access, and if one of them develops a conscience there's no way you can stop them from sharing the information. With draconian measures you can make it hard for them to extract solid proof, but that's all you can do, and that's very hard.
You know, the things that competent corporate IT usually does already.
LOL. In 20 years in the business, what I've seen is that almost no corporate IT departments are competent to secure their own data.
Re: (Score:1)
Worse than those with a conscience are whose with righteous fury for their own political side. It is trivial to insert an operative amone the thousands of agents with this access, who can report back to their politician boss on their opponents' strategy and network and planning.
With little more than a check box of getting a warrant, and not even that for much of it that is still valuable, there are no technological barriers or even logging for later review by electrd officials.
Re:Post-Snowden NSA (Score:5, Insightful)
Personally, I'm totally Snowden-proof, and I don't have a fraction of the resources of the NSA. To stop someone like Snowden, all you need to do is stop committing tons and tons of crimes.
Re:Post-Snowden NSA (Score:4, Informative)
Whoosh.
You missed his point entirely.
a) His point is Snowden wouldn't compromise his trust in the first place, because he's not committing and concealing tons of crimes.
b) His point is that even if Snowden did compromise him, and leaked his activities... well ... it would be an uninteresting list that practically nobody would care about it.
As he said, he is *SNOWDEN* proof. He is not *hacker proof*.
Re: (Score:2)
Exactly what were Snowden's motives? Would he have done all that if he didn't believe the NSA was committing what he thought were crimes? Did he actually believe they were crimes? (The NSA actions are not unequivocally crimes.) Why did he release documents that embarrassed the US that just showed the NSA was doing its job?
There's stuff on my system that I really don't want anyone else getting hold of, including some banking and tax information. Someone who broke in would find no evidence of crime, b
Re: (Score:1)
Exactly what were Snowden's motives?
That would probably have been clearer if you would have had a seat at the pizza party he had at the Russian embassy in Hong Kong for his birthday.
Why did he release documents that embarrassed the US that just showed the NSA was doing its job?
Because it rendered some of those methods useless while causing diplomatic problems for the US and the NATO alliance. It is the sort of thing that someone schooled in the Soviet school of political warfare might do. Funny that Snowden is being guarded by the FSB, formerly known as the KGB, and his Russian lawyer is on the public committee for the FSB and a frien
Re: (Score:2)
Then you are willfully ignorant of the 4th Amendment. Unequivocally.
Re: (Score:1)
Much as most people here are willfully ignorant of Article II of the Constitution, its jurisprudence, and the scope of the 4th Amendment.
Re: (Score:2)
I am well aware of the Fourth, and have thought about this quite a bit, so I'm neither ignorant nor willfully so. I could be wrong.
I'm not saying they're not crimes. I'm saying that they are not unequivocally crimes. A lot of this depends on interpreting the law.
The Fourth mentions searches. What is a search? Back then, it was simple: somebody searching your papers would go through them, reading them, and looking for something presumably specified by a warrant. Nowadays, what is it? Is automati
Re: (Score:1)
Have you ever looked into the case of Kim Philby?
Re: (Score:2)
You know, the things that competent corporate IT usually does already.
But do they? All these hack jobs could have prevented if they didn't shortcut proper IT procedures and budget.
Re: (Score:2)
Re: (Score:1)
Besides being a patriot who cares about civil liberties and the NSA following its charter to monitor *foreign* intelligence, not *domestic* intelligence, of course. Yes, people who actually follow the legal and ethical guidelines of the work you hire them for are always a risk to entrenched bureaucracies.
Hey, wait, I know! Maybe if the NSA focused on intelligence data, instead of all private communications in the whole world, they'd have a bit more focus and could do a better job! But oh, wait, that would r
No it was a Black Hoodie (Score:3, Funny)
he normally wore a Black hoodie with a parody NSA logo done by the EFF
and kept a copy of the constitution ON HIS DESK
and nobody thought to check if this guy was going "Off The Rez"??
Re: (Score:1)
Yeah. What an asshole. How dare he mock a US government agency that is breaking a number of laws and, in doing so, undermining core American values. And a constitution? No real American would want anything to do with that! I can't think of any reason that someone working for the US government would poses a copy of the constitution. Clearly he's a terrorist.
Re: (Score:3)
It's easier for someone without those "resources" to do such a thing because they can't be picked out from the crowd. Snowden didn't have any red flags in his life to be singled out...
Right, Snowden didn't have any huge red flags indicating that he was a security concern. Whereas Russia always makes sure their spies are very clearly spies and have tons of red flags indicating that.
... making any to match him would mean not trusting anyone. To stop someone like him you'd have to live in an absolute dictatorship with censored media and summary executions.
Here's the interesting thing, though: you're talking about a security agency that taps our phone calls and reads our emails because they don't trust anyone. So what are they doing trusting people? How did some random independent contractor have so much access and so little oversight that he could pull all o
Re: (Score:2)
First, I don't see that they have definitely committed crimes. Some of that stuff is a matter of interpretation, and while I don't buy the NSA's interpretation I'm not the final authority here.
Second, nobody is literally trying to shoot Snowden. He's wanted to stand trial and almost certainly be convicted and spend a lot of time in prison.
Errr...thanks? (Score:2)
"...We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general...
Well, nothing like starting this investigation in a timely manner. After all, by government definition the information that was leaked over two years ago only caused "exceptionally grave damage" to national security.
I suppose it's about time they got around to checking out the security controls...
Re: (Score:3)
Yep, coming up with new security controls, testing them internally for coverage, re-engineering them for holes should take...what...about an afternoon for you?
Re:Errr...thanks? (Score:4, Insightful)
As Mr. Franklin said... (Score:5, Insightful)
Who is Going to Check up on the Military (Score:1)
The military needs to worry about getting its own house in order. Private Manning was given access to a wide range of documents for no apparent purpose and the military only discovered he had abused that access when the the documents showed up on Wikileaks. Likewise they "caught" Snowden only because he made the documents public. We have no way of knowing who else leaked information or who they leaked it to. There is no reason to believe the US government is capable of keeping data secure, that includes t
Re: (Score:2)
The Seattle Public Utilities - Recycling Division [slashdot.org] of course.
You watch our grease, we'll watch your network.
Here we go again (Score:2)
I found an image of it! (Score:2)
https://bossip.files.wordpress... [wordpress.com]
It's their new system that is hacker proof. Every person using a military computer will have one of these with them
So what has Special Ed has done that's wrong? (Score:1)
Re: (Score:2)