RSS
Twitter
Security Through Begging
from the even-better-than-security-by-obscurity dept
Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It's only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems -- so that the next time this happens, there won't be anyone on the network to download such documents. Beyond the fact that this is unlikely to have any effect (at all) on file sharing in Japan, it has nothing to do with the actual security breach. It wasn't the use of a file sharing system that was to blame here, but the security setup that allows an outside contractor to hook up his personal computer to the power plant's network without doing any kind of security check whatsoever to see if (a) his computer has malware or (b) his computer has file sharing software -- while leaving top secret documents available for his computer to access. If this is how government officials react to such leaks (taking forever and completely missing the root cause of the problem, while suggesting a solution that is impossible to implement), it's almost amazing that such leaks didn't happen sooner.
Reader Comments (rss)
(Flattened / Threaded)
Were is the IT's at
Just like any Network your have to have someone running it. What is this guy/gal doing to keep these computers from getting on the Network. Does not seem like much other then tell them not to do it, you can see how long that lasted. If your going to implement the idea to not use file sharing, that is going to hard. I see that if they let any computer hook up to the network then they could easy have there system hacked long before this happend. If they are not going to take the time to keep the network system safe then why are they complaning about the leaks. Seem like they need to go there job and not complain about there lack of quaified IT's
(reply to this comment) (link to this comment)
This is bound to work.
Everybody knows that people will not do bad things if you just ask. Just look at Sadam! We spent 20 years asking him to behave, and he did. That is why our war in Iraq is completely unjustified.
(reply to this comment) (link to this comment)
Re: This is bound to work.
"We spent 20 years asking him to behave, and he did." Saddam did no such thing. He spent from the day Gulf War I ended, until the day the US invaded in GW II thumbing his nose at the free world violating every sanction that the UN Security Council wrote (BTW, the UN was making billions, while he was at it).
(reply to this comment) (link to this comment)
Incompetent
It never ceases to amaze me that despite all the sage advice of security professionals that it is the poeple in power to implement the recommendations who completely miss the point.
(reply to this comment) (link to this comment)
Re: Re: This is bound to work.
Ummm... I think someone failed to detect someone else's irony.
(reply to this comment) (link to this comment)
Re: Re: Re: This is bound to work.
Nohe wrote: "..failed to detect someone else's irony."
Not to get too off topic, but nobody really seems to care what the orginal topic was. Was that irony or sarcasm?
If you're going to rip on someone, at least rip on them for the right reason. Hey, I guess this is related to the orginal topic after all! A good example of finding the wrong root cause. Boy am I good....
(reply to this comment) (link to this comment)
Re: Were is the IT's at
Just like any Network your have to have someone running it. What is this guy/gal doing to keep these computers from getting on the Network. Does not seem like much other then tell them not to do it, you can see how long that lasted. If your going to implement the idea to not use file sharing, that is going to hard. I see that if they let any computer hook up to the network then they could easy have there system hacked long before this happend. If they are not going to take the time to keep the network system safe then why are they complaning about the leaks. Seem like they need to go there job and not complain about there lack of quaified IT's
Pleaze sine op four mor C0re 3nglish callouses next simester!
(reply to this comment) (link to this comment)
Re: This is bound to work.
Agreed!
For Internet security, this already exists for traffic which complies with RFC 3514.
Firewalls [CBR03], packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 [RFC791] header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.
(reply to this comment) (link to this comment)
Re: Re: Re: Re: This is bound to work.
"If you're going to rip on someone, at least rip on them for the right reason."
I think he/she did. Where did you get your education?i·ro·ny (ī'rə-nē, ī'ər-) n., pl. -nies.
Sarcasm, by definition, is a form of irony.
(reply to this comment) (link to this comment)
Re: This is bound to work.
You have got to be kidding me! Granted, Saddam did not have weapons of mass destruction, however... to say he behaved shows a complete lack of understanding on your behalf. It was obviously NOT your mom, sisters, girlfriend or wife that was being habitually raped by his men. It was obviously NOT your family that lies in the mass graves that keep turning up. Woe be to America if you teach your children that this kind of thing is acceptable behavior.
(reply to this comment) (link to this comment)
Re: Re: This is bound to work.
and how do you know that the american soldiers over there aren't doing the same thing?
basically, i don't fully believe anything unless i see it firsthand.
the media is not exactly a trustworthy source of information, to put it delicately.
(reply to this comment) (link to this comment)
Re: Re: Re: This is bound to work.
I believe it after I see it on the internet ... there is no false information on the internet....
(reply to this comment) (link to this comment)
We're arguing about Iraq now?
Wow, out comes the Techdirt lowest common denominator.
(reply to this comment) (link to this comment)
Next up, NAZIS~
....end of thread...
(reply to this comment) (link to this comment)
job
It's "Dad I need a job. Can you get me in as IT manager at the plant ?" "Sure son. What did you go to college for ?"
(reply to this comment) (link to this comment)
Huawei Isn't Stupid
This is one of many reasons why when you visit Huawei in China (and increasingly, other companies), you are told that no electronic devices can be brought inside, with the exception of customer meeting areas. If you are a tech, and must enter a lab for debug, your laptop ports are literally taped shut with security tape that indicates removal and re-attachment. This is of course, only after you have obtained the 5 signatures required to get your laptop through the door.
(reply to this comment) (link to this comment)
Re: This is bound to work.
(reply to this comment) (link to this comment)
Re: Re: This is bound to work.
you missed the sarcasm. This person wasn't serious. If you've already made up your mind that everyone else is an idiot then you will often jump to the wrong conclusion and hence end up looking like one yourself.
(reply to this comment) (link to this comment)
Add Your Comment