80% of .gov Web Sites Miss DNSSEC Deadline
79
netbuzz writes "Eighty percent of US federal agencies — including the Department of Homeland Security — have missed a deadline to deploy DNS Security Extensions, a new authentication mechanism designed to prevent hackers from hijacking Web traffic. The deadline that whooshed by was Dec. 31, 2009. Experts disagree as to whether this level of deployment represents a failure or reasonable progress toward meeting a mandate set by the Office of Management and Budget in the summer of 2008. OMB officials declined to say why the agency hasn't enforced the DNSSEC deadline for executive branch departments."
Re:I'm not a huge fan of DHS either (Score:5, Insightful)
The reason why the DHS gets more attention here than other departments is because they are the Department of Homeland Security. The importance of irony when ridiculing the government is not to be overlooked.
Re:I'm not a huge fan of DHS either (Score:3, Insightful)
Now where is the full list of orgs that have or have not done it?
Why, looking for a shopping list? :)
Seriously, this time I could even understand if it was not released for "reasons of national security". It would be one of the few cases where that excuse actually makes sense.
Re:I'm not a huge fan of DHS either (Score:3, Insightful)
Second, Security through obscurity is no security at all or No security through obscurity.
Lack of government IT knowledge (Score:3, Insightful)
So does this show a lack of government IT ability. Or is it more representative of the general inertia of government. I would worry more about the former. Where the government is exposing itself to the wilds of the internet without the ability to protect itself.
Re:I'm not a huge fan of DHS either (Score:3, Insightful)
Seriously, this time I could even understand if it was not released for "reasons of national security". It would be one of the few cases where that excuse actually makes sense.
Because the terrorists who are going to attack using a sophisticated DNS cache poisoning technique are obviously too stupid to download a list of government websites and go through them one-by-one to see which are using DNSSEC.
Re:of course (Score:4, Insightful)
1) Yeah? And?
2) IT wasn't unrealistic.
How long does it take to implement?
1) Get deadline
2) Start product evaluations
3) Pick Product(s)
4) Implement Product
5) Write Howto: for all the idiots out there
If we use 3 Months (1/4 year) for each step, we're looking at 1 year, three months to implement, including figuring out time lines for implementation.
Once you start rolling out, you cookie cutter as much as you can, so you have easy, consistent configurations and implementations.
I don't get why it takes so long.
Re:of course (Score:2, Insightful)
If we use 3 Months (1/4 year) for each step
You've never worked for a government agency, or on a government contract, have you? 3 Months for "Getting the deadline" is usually unrealistic!
NOTE: This reality pisses me off to no end...
Re:of course (Score:3, Insightful)
DNSEC is not the same as writing a program. It is a service that does one thing. DNS .. Securely.
The protocols are ALREADY set, it is just a matter of configuration and implementation.
Again, other places have DNSEC working right, so what is so hard about getting it working here? I mean besides normal Bureaucratic Government Ineptitude?
Re:of course (Score:1, Insightful)
That's because we elect/hire people into government positions that:
1) look good
2) are well spoken (talk a load of shit, but do it well)
3) have the majority of their education devoted to playing the system (lawyers, MBAs, etc.)
4) are endorsed by moneyed interests
rather than people that:
1) Look normal
2) Act dumb on camera but get shit done
3) Have the majority of their education devoted to their field of expertise (Doctors, Engineers, Climatologists, etc.)
4) are endorsed only through public funds.
When you put a bunch of egotistically driven, incompetent simpletons together, you honestly expect them to come up with a rational, workable, and reasonable solution to a given problem within a set deadline, rather than them outsourcing the problem to underlings with minimal (if any) system constraints, then concocting strategies to cover their asses when playing the blame game when the implementations dont mesh up, appear slipshod, and poorly planned?
That seems to be what most people who elect politicians seem to think. Politicians and MBAs are professional weasels. End of story.
We need to elect actual professionals into the various government agencies that manage our infrastructure, rather than the crop of simpering incompetents we have now.
4 out of 5 Slashdot editors are complete failures (Score:3, Insightful)
This is what the subject line in my RSS reader (Thunderbird) just gave me:
4 Out of 5 of<nobr> <wbr></nobr>.gov Web Sites Miss DNSSEC Deadline
WTF? Are you writing this stuff in MS Word?
Because I constantly see this stupid shit. And no human would ever do something like that.