Pentagon Confirms 2008 Computer Breach — 'Worst Ever' 157
jowifi writes "The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."
This is likely why MS has GPOs in W7 (Score:5, Insightful)
This is likely why Windows 7 has explicit GPOs to either set USB flash drives read-only, or deny them the ability to mount whatsoever. Other programs that have this functionality are PGP Universal, and Symantec Endpoint Protection.
Now, if MS can put autoplay/autorun to rest six feet under with Clippy and Bob, that would be a good security advance.
The right reaction? (Score:5, Insightful)
This reminds me of the joke of the man that, having learned that his wife was fucking other men in the couch in the living room, moved the couch to the garage.
USB drives have a purpose for legal uses. Wouldn't it be better to improve their systems so that USB drives couldn't be used in harmful ways?
More Self-Serving Hype (Score:4, Insightful)
Rob Rosenberger at VMyths notes: [vmyths.com]
So why this story? Well (from the same source):
Was it Windows, again? (Score:2, Insightful)
So, what system the computer were running? Why is that information never in this news reports? Are they assuming that computers just runs, without any software on it? Don't they know that computers usually have an operation system on it to be useful?
I really had it now. I clicked through the pages and agent.btz is mentioned. Nobody had mentioned that's a Windows worm Worm:W32/Agent.BTZ http://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml [f-secure.com] Platform is Windows 32, of course. Why is nobody is mentioning the operation system? Why is nobody blaming Microsoft? Oh George W. Bush was briefed on it, was he briefed on it that the worm is only useful on Windows systems and that his military is vulnerable?
His article appeared intended partly to raise awareness of the threat to United States cybersecurity — “the frequency and sophistication of intrusions into U.S. military networks have increased exponentially,” he wrote — and partly to make the case for a larger Pentagon role in cyberdefense.
How about they mentioning that's it's increased on Windows and that Linux and other systems are save and sound? How about they ditched this system which proved times after times after times to be the only system that is vulnerable?
Re:This is likely why MS has GPOs in W7 (Score:4, Insightful)
Related note: A similar piece of malware and the ensuing hassle is what prompted me to switch to Linux for good.
Re:This is likely why MS has GPOs in W7 (Score:5, Insightful)
There should never have been a way to enable autorun in the first place. The very notion of automatically executing code or installers form a piece of media without the user explicitly taking any action is antithetical to proper security.
Re:The right reaction? (Score:5, Insightful)
After actually having implemented such a methods, it is noticed that nobody ever uses the classified network except for highly official stuff, when the project is done. It seems that all work in progress is just being saved on the non-classified network.
Trust me, I have implemented just about any security method in a variety of settings (medical, financial, ...). The fact remains that people can't be bothered to lock their screens when they step out because it's "too difficult" and "too complicated" let alone click the button to encrypt their e-mail or their USB sticks.
Re:Was it Windows, again? (Score:3, Insightful)
For example, why go to a house, with a burgler alarm, no windows, doors that you have to pick, that has $100 million if you can go to anther house that has basically no alarm, has open backdoors, and has only $1 million, though they MIGHT have a key to get into the OTHER Place, though you also get to the 100 million EASY? And even better yet, is finding the same easy system that has no money BUT also might contain the key to the above 100 million system.
I will take the one that is easy to get into to. So do the blackhats.