Congress's reaction is predictable and hilarious, but to be fair, they are only talking about banning P2P use on government computers. I don't have a problem with that. If you are working on government contracts, you should probably have a seperate computer from where you keep your music, porn, etc.
I work with military... stuff. When we have a classified or higher document, it doesn't go on our normal computers, like the one I'm using now. It goes on The Secret Computer, which is in its own room, on no networks, and it requires a key, a passcard, and supervision. Things like USB are locked out. It's a secure station. You can't hack it because there's no access to the device. Social Engineering won't work that well because you've got to be vetted every 5 years to maintain your access. Plus, we're all psychologically tested, have credit checks, and are generally very well looked after.
That is for that rare slice of documentation that is classified and is allowed on a computer. It's a nightmare to get a copy of a classified document -- do you think they would allow you to just hit "print" and get a second (or hundredth) copy? These files are very often (and yes, it's 2009) paper only, sent via special channels. You don't just email Secret documents off to whomever has a.mil email address. Generic workstation + classified document = security violation = jail.
Now, the WHOLE ARTICLE IS BULLSHIT
IT IS A PRESS RELEASE BY A COMPANY THAT STANDS TO MAKE MONEY FROM A MONITORING CONTRACT
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?
(Note for the pedantic: I'm using "Classified" as an umbrella term for anything that requires a security clearance because I didn't feel like typing out the various levels of document classification over and over again.)
Personal information is not 'classified', but it is 'sensitive'; so yes it can be the case where data is sensitive but not classified.
You're right on about the press release thing though...my thoughts exactly. When I read "and previously reported the Presidential Helo plans were found online" and other similar things. Maybe we want to look at this company that just *happens* to keep finding things online that help it out business wise. (yes I know the helo plans were traced specifically but just sayi
Marine One is usually a Sea King. The first deployment dates back to 1961, so the designs are even older than that, and has dozens of flavours.
Could a layperson tell the difference between the plans for the S-61NR (A civilian search-and-rescue model) and the VH-3A The POTUS zips around in? I doubt it. Makes for a good press release, though.
And incidentally much P2P software is written to avoid installing to Program Files and HKEY_LOCAL_MACHINE or any other resource that would require admin rights.
The reason for that would be that the ability to limit the installation of programs is aimed at something other than preventing communication between computers.
The right approach to preventing the transmission of information from one computer to another would be using tools developed for that, such as proxy, firewalling and the like.
However, if I wanted to "leak" something I just need an https connection. Using any anonymyzer + zip,rar,7z program + good password + directory encryption + rapidshare.
2) Our building doesn't have the infrastructure for the other networks - we're civilian contractors.
One could point out that if you're naming names on a public channel that those names aren't particularly secret. My clearance level is sufficient for my work.
Knowledge of the existence of SIPRNET and JWICS in itself isn't classified. Even the DoE's ESN network is public knowledge. The cat is already out of the bag anway, it's detailed extensively in Wikipedia and other websites. You're really out of the loop. That's probably why they haven't extended their networks to your facility.
I have to agree with you. It's a bullshit story with no regards to facts. Matter of fact, some of those "leaked" info had to be available publicly. For instance, the list of nuclear facilities in US is by COMPLIANCE with IAEA's nuclear nonproliferation agreement.
http://www.eia.doe.gov/cneaf/nuclear/page/at_a_glance/reactors/nuke1.html [doe.gov]
Regardless, none of those listed sites entails any of US nuclear weapons facility or infrastructure or security protocol.
And also note that every government computer network that I've ever heard of already prohibits running basically anything but Microsoft Office and Internet Explorer, so a law banning P2P on government networks is completely superfluous and would only serve to make legislators look like they're actually doing something.
You sir, are wrong. You have startling amount of misinformation on sensitive document handling. You scare me.
There is no "Classified or higher". It is either classified or it is not. "Classified" is not a classification.
Personally Identifiable Information (PII) is unclassified but considered sensitive, and an official incident is filed when there is possibility that PII has been disclosed. There is also Unclassified Controlled Nuclear Information (UCNI), which by definition is unclassified but sensitive and
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?
Not necessarily, IAEA's documents are frequently labeled documents sensitive even if everything in them is taken from press releases.
Almost every computer that handles classified information for the DoD is connected to a network. Not the Internet of course, but SIPRNET or one of the 30 or so other classified networks, depending on classification level and other considerations. I don't recall ever needing "a key, a passcard, and supervision" to access any of them, just a user name and password, like every other computer.
Damn near nothing is paper only anymore, and any time I needed a copy of a document I clicked the
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup.
Not 100% true. There's a level called "sensitive non-classified" that I used to work with when I was a Fed. We had all kinds of investigations into academic misconduct/financial crimes (grant fraud), and if it was leaked that the scientist/researcher was under investigation, it could destroy their career and tarnish their school's reputation, even if the investigation doesn't turn anything up. So it's not classified, but it's stuff that most certainly gets redacted when a FOIA request is filled.
It might also be, that the company has already made some money from RIAA, MPAA and/or M$.
Who would most like to get P2P off the web? The first two, because they perceive it as a threat.
Who creates a virtual-monopoly desktop OS that has ridiculous vulnerabilities they don't like to address? The last one.
Besides, it is well within feasibility, that Micro$oft execs think P2P is responsible for a big chunk of the (albeit slowly) growing popularity of Linux. I mean, they hired Seinfeld as their spokesman, and th
"Love your country but never trust its government."
-- from a hand-painted road sign in central Pennsylvania
Wow (Score:5, Insightful)
ban the man (Score:5, Insightful)
We must ban everything that we don't understand until we can feel safe again.
Re: (Score:5, Insightful)
Congress's reaction is predictable and hilarious, but to be fair, they are only talking about banning P2P use on government computers. I don't have a problem with that. If you are working on government contracts, you should probably have a seperate computer from where you keep your music, porn, etc.
Re:ban the man (Score:5, Insightful)
I work with military ... stuff. When we have a classified or higher document, it doesn't go on our normal computers, like the one I'm using now. It goes on The Secret Computer, which is in its own room, on no networks, and it requires a key, a passcard, and supervision. Things like USB are locked out. It's a secure station. You can't hack it because there's no access to the device. Social Engineering won't work that well because you've got to be vetted every 5 years to maintain your access. Plus, we're all psychologically tested, have credit checks, and are generally very well looked after.
That is for that rare slice of documentation that is classified and is allowed on a computer. It's a nightmare to get a copy of a classified document -- do you think they would allow you to just hit "print" and get a second (or hundredth) copy? These files are very often (and yes, it's 2009) paper only, sent via special channels. You don't just email Secret documents off to whomever has a .mil email address. Generic workstation + classified document = security violation = jail.
Now, the WHOLE ARTICLE IS BULLSHIT
IT IS A PRESS RELEASE BY A COMPANY THAT STANDS TO MAKE MONEY FROM A MONITORING CONTRACT
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?
(Note for the pedantic: I'm using "Classified" as an umbrella term for anything that requires a security clearance because I didn't feel like typing out the various levels of document classification over and over again.)
Re: (Score:3, Insightful)
You're right on about the press release thing though...my thoughts exactly. When I read "and previously reported the Presidential Helo plans were found online" and other similar things. Maybe we want to look at this company that just *happens* to keep finding things online that help it out business wise. (yes I know the helo plans were traced specifically but just sayi
Re: (Score:2)
Marine One is usually a Sea King. The first deployment dates back to 1961, so the designs are even older than that, and has dozens of flavours.
Could a layperson tell the difference between the plans for the S-61NR (A civilian search-and-rescue model) and the VH-3A The POTUS zips around in? I doubt it. Makes for a good press release, though.
Re: (Score:1)
And incidentally much P2P software is written to avoid installing to Program Files and HKEY_LOCAL_MACHINE or any other resource that would require admin rights.
The reason for that would be that the ability to limit the installation of programs is aimed at something other than preventing communication between computers.
The right approach to preventing the transmission of information from one computer to another would be using tools developed for that, such as proxy, firewalling and the like.
However, if I wanted to "leak" something I just need an https connection. Using any anonymyzer + zip,rar,7z program + good password + directory encryption + rapidshare.
Thus, th
Re: (Score:2)
Two things:
1) I oversimplify for /.
2) Our building doesn't have the infrastructure for the other networks - we're civilian contractors.
One could point out that if you're naming names on a public channel that those names aren't particularly secret. My clearance level is sufficient for my work.
Re: (Score:1)
Knowledge of the existence of SIPRNET and JWICS in itself isn't classified. Even the DoE's ESN network is public knowledge. The cat is already out of the bag anway, it's detailed extensively in Wikipedia and other websites. You're really out of the loop. That's probably why they haven't extended their networks to your facility.
Re: (Score:2)
Re: (Score:2)
I'd like to agree.
And also note that every government computer network that I've ever heard of already prohibits running basically anything but Microsoft Office and Internet Explorer, so a law banning P2P on government networks is completely superfluous and would only serve to make legislators look like they're actually doing something.
Re: (Score:2)
I Generic workstation + classified document = security violation = jail.
Unless you're Sandy Berger. Then you're OK as long as you use a sweaty textile storage device.
Re: (Score:3, Informative)
You sir, are wrong. You have startling amount of misinformation on sensitive document handling. You scare me.
There is no "Classified or higher". It is either classified or it is not. "Classified" is not a classification.
Personally Identifiable Information (PII) is unclassified but considered sensitive, and an official incident is filed when there is possibility that PII has been disclosed. There is also Unclassified Controlled Nuclear Information (UCNI), which by definition is unclassified but sensitive and
Re: (Score:2)
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?
Not necessarily, IAEA's documents are frequently labeled documents sensitive even if everything in them is taken from press releases.
You've got to be kidding me. (Score:2, Informative)
You're joking, right?
Almost every computer that handles classified information for the DoD is connected to a network. Not the Internet of course, but SIPRNET or one of the 30 or so other classified networks, depending on classification level and other considerations. I don't recall ever needing "a key, a passcard, and supervision" to access any of them, just a user name and password, like every other computer.
Damn near nothing is paper only anymore, and any time I needed a copy of a document I clicked the
Re: (Score:2)
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup.
Not 100% true. There's a level called "sensitive non-classified" that I used to work with when I was a Fed. We had all kinds of investigations into academic misconduct/financial crimes (grant fraud), and if it was leaked that the scientist/researcher was under investigation, it could destroy their career and tarnish their school's reputation, even if the investigation doesn't turn anything up. So it's not classified, but it's stuff that most certainly gets redacted when a FOIA request is filled.
Re: (Score:2)
I should also note that stuff is permanently redacted, even after the investigation is over (and we don't turn up anything naughty).
Sensitive, Classified, Who Cares? (Score:1)
It might also be, that the company has already made some money from RIAA, MPAA and/or M$.
Who would most like to get P2P off the web? The first two, because they perceive it as a threat.
Who creates a virtual-monopoly desktop OS that has ridiculous vulnerabilities they don't like to address? The last one.
Besides, it is well within feasibility, that Micro$oft execs think P2P is responsible for a big chunk of the (albeit slowly) growing popularity of Linux. I mean, they hired Seinfeld as their spokesman, and th