Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Media The Military United States

Worm Attack Prompts DoD To Ban Use of External Media 295

An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."
This discussion has been archived. No new comments can be posted.

Worm Attack Prompts DoD To Ban Use of External Media

Comments Filter:
  • heh (Score:2, Funny)

    by Anonymous Coward

    be careful where you stick in the USB stick.. :)

  • by Hahnsoo ( 976162 ) on Friday November 21, 2008 @03:16PM (#25849993)
    This sounds like common sense. Seriously. Several years ago, a military bud of mine said that the worst threat to their security is the USB flash drive.
    • Absolutely - our internal company network has banned personally-owned USB drives in DoD closed areas for years. It's obvious.

              Brett

      • Re: (Score:3, Interesting)

        by ShieldW0lf ( 601553 )
        That's all well and good, but it's not going to stop grunts from using them to look at porn in the field. If I was going to do a cyber attack on the DoD, I'd be leaving virus infected DVDs full of porn lying around in occupied areas. You're pretty much guaranteed that it'll get passed from person to person.
        • by Creepy Crawler ( 680178 ) on Friday November 21, 2008 @04:06PM (#25850843)

          It needs to be said:

          In linux, one can remove exec permissions from a whole device via the noexec switch in /etc/fstab .

          • It needs to be said:

            There is no technological defense against PEBKAC.

            I'm still not entirely against the idea of a license for internet use. By "not entirely" I mean my idea of a license would never get used since it'll get abused.

            My idea is simply, get a license that says you know about the dangers, and you have demonstrated a basic understanding on how to avoid them. When you sign up for internet service, provide license number and you get an account.

            If my idea were taken into consideration though, it'll t

            • by Creepy Crawler ( 680178 ) on Friday November 21, 2008 @04:37PM (#25851401)

              ---There is no technological defense against PEBKAC.

              You are absolutely wrong. If a system is designed properly, or set up properly, the user cannot wreak havoc on a system or the network.

              In windows, there are many ways to do X behavior that changes the system. Therefore, Windows is hard to secure properly. It is possible, only by globally applying over-secure regedits that disable even basic functionality. Instead, I propose Linux as a good starting point.

              PEBKAC, at least in the business setting can be effectively eliminated by the use of simply being unable to even execute the programs.
              Games? Not on the HD.
              Web browser? If you need it, you'll be in the webbrowser group.
              Some document program? does your job require documents, if it does, you'll have that.
              Are you a developer for 3d stuff? If so, you get DRI rights. If not, no permission. Can Windows restrict access to the 3d device?

              My question is why do you grant rights to users when they do not justify those rights? We need to provide granular access so that the user is limited in what they do and act only in prescribed ways.

              As for that, the only way users can then screw things up is if they do not back up their user files, which you should already have thought of. A morning rsync of the /home (which should be mounted from the server) should take care of basic backup issues. Then it turns to your problem of access to the backups (which could be automated also). It really is a game of admin vs user, and you must outsmart stupidity. You do that by providing 1 way as the only way.

              ---Something about "internet license"

              meh. You do that by providing a punishment via the lines of willful negligence. If one does not provide basic security to prevent infection/takeover or notices and takes no heed, one is guilty and owes a fine to the party harmed. In the course of a botnet, that would be the proportion of bandwidth they used (based upon the actions of the the takeover tool).

              Simply put: use the laws we already have now, and not some new, easily to corrupt, new license.

              • Or, you know, we could just drop offenders off the network.

                I don't give a crap what people do to their PCs, as long as they don't mess with mine. Nuke them right at the switch if you can!

          • noexec doesn't prevent exploits of applications that read the data though. But yes, it makes it a lot harder.

          • by CaptainDefragged ( 939505 ) on Friday November 21, 2008 @04:40PM (#25851433)
            You can with Windows as well.
            • Perhaps I should clarify that statement... In windows, you can remove exec permissions from a removable device with group policy and USB Drive Letter Manager.
              • by Creepy Crawler ( 680178 ) on Friday November 21, 2008 @04:48PM (#25851577)

                Why is everything in Windows managed by tools that do not come with the default installation?

                I can perfectly manage a Linux installation without 3rd party or "optional" tools found on some website. Windows requires X tools that provide basic functionality on their site, and not default on the CD.

                I hate that.

                • by Anonymous Coward on Friday November 21, 2008 @07:06PM (#25853423)

                  Why is everything in Windows managed by tools that do not come with the default installation

                  We prefer to be called administrators you insensitive clod.

              • Re: (Score:3, Informative)

                by cheater512 ( 783349 )

                No thats what the admins at my old school thought too.

                It only means explorer cant execute anything from there.
                Any other program can in fact still execute programs.

                For example a single line of vbscript in a word document works rather well. :)

                noexec on Linux prevents any execution at all.

          • Re: (Score:3, Informative)

            by waffle zero ( 322430 )

            You can still execute any binary by loading it with ld-linux.so, the dynamic loader.

            I.E.

            /lib/ld-linux.so.2 SOME_EVIL_BINARY

    • I've always felt the same way. For a long time our company was able to control the risk of data walking out the door by limiting who had CD burners. Nothing worth taking could fit on a floppy...

      Unfortunately, we haven't updated our policies and anyone could bring or take anything. Firewalls and e-mail scanning are all designed to protect anything from outside coming in... those don't work so well when someone just slaps a thumbdrive with the latest worm in their machine. 'Cause lets be honest - no matter
      • by richlv ( 778496 )

        um, i'm not. i'm not really afraid sticking whatever cd or usb drives to my computer - and i haven't run antivirus for 7 or so years. ok, the same goes for windows...

      • by LWATCDR ( 28044 )

        We had that problem with travel notebooks. We use Linux firewalls and never had any problems with worms... Until a programmer brought back a notebook that he took on a trip and plugged it into the network.
        Well live and learn. It isn't just thumb drives you have to worry about when it comes to data growing legs.
        I have a 6 gig memory card in my cellphone and my PC has bluetooth.
        The amount of data you can move easily today is just scary.

    • by RulerOf ( 975607 )
      Only it was with people bringing in docx files and expecting to use them with OpenOffice and blaming the IT department when it wouldn't work. So I followed some guides and wrote a script, threw it up in a GPO and now only Admins can use USB storage.

      The procedure is a HUGE pain in the ass (you need to modify ACL's on registry keys and the whole 9 to cover all angles) but scripted it was as simple as "USBStorage.exe </enable|/disable>" in a logon script.

      I think it took all of two hours.
    • Yeah, it's pretty ridiculous that DoD is only now banning external media on their premises, when that's been standard operating procedure in the video game industry for years. Let's see, what matters more... the next year's copy of Madden, or the next Patriot missile specs?

      *facepalm*
    • by mrjohnson ( 538567 ) on Friday November 21, 2008 @04:30PM (#25851289) Homepage

      It is.

      But then the network is also so locked down that often times that's the only way to transfer large files. There are shared network drives in the States but they're paltry and always 100% used by some officer's powerpoint presentation and his 2 hour home video.

      When my unit was deploying to Iraq I gave all of my guys 2g thumb drives loaded with the data that the company needed. They attached it to their dog tag chain and I had them swear up and down to wear it at all times.

      There was simply no other way provided.

    • by Yvanhoe ( 564877 )
      The problem isn't the external media, it is the OS that considers as safe any exe labeled as a autorun on it. Seriously, this is the feature that made me install an antivirus on WinXP. Until then I thought that windows updates and sane practice would be enough but then I discovered that even without user prompting (as they usually and annoyingly do for almost everything) they execute untrusted application from an unidentified third party. I can't think of a single good reason for this :
      1) to exist at all
      2
    • Re: (Score:2, Interesting)

      Yeah, what's more alarming is that the military is several years behind on their operating systems, such as running Windows 2000. They are even severely behind on applying patches to these machines as well, because of the amount of testing they require to patch a machine. So the rule of thumb: To infect the military, use an outdated attack and it will probably succeed.
  • by markov_chain ( 202465 ) on Friday November 21, 2008 @03:16PM (#25849995)

    ... external media bans DOD! [slashdot.org]

  • Auto-infect (Score:5, Insightful)

    by robo_mojo ( 997193 ) on Friday November 21, 2008 @03:17PM (#25850015)
    Sounds like someone forgot to disable auto-run.
    • Re:Auto-infect (Score:4, Insightful)

      by Nerdfest ( 867930 ) on Friday November 21, 2008 @03:40PM (#25850419)
      It's quite sad that you need to with most (all?) versions of Windows. This should be the default state, especially with viruses coming right from the factories in digital picture frames, etc.
      • Re: (Score:3, Interesting)

        While I agree with you (I disable it on ALL my systems), just image Joe Bob phoning Blizzard bitching that noting happened when he put the CD in the drive!

        But then again, I also believe that banking sites should authenticate to YOUR private key, that credit cards should have rolling pins and that it should be illegal to run windows on anything that handles security or financial information...

        While all these ideas seem sane, practical and necessary to me, the average person would become irate when they find

    • by WD ( 96061 ) on Friday November 21, 2008 @04:01PM (#25850755)

      Forgot to disable AutoRun, perhaps. But actually, it's quite non-intuitive how to disable AutoRun in Microsoft Windows. There are several options, and none of them (and even all of them combined) will disable AutoRun and AutoPlay features in their entirety. In fact, up until recently, Windows Vista had the logic reversed for one of the AutoRun features! i.e., if you take the effort to disable the AutoRun feature, you actually put yourself at more risk. More details here:
      http://www.kb.cert.org/vuls/id/889747 [cert.org]

      But luckily, there is a single registry value that can disable AutoRun at its core. Once this change is made, Windows will not interpret the Autorun.inf file on any device, effectively disabling AutoRun for all devices, including USB drives, network shares, and more. Get the scoop here:
      http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html [cert.org]

      • Re: (Score:3, Interesting)

        by whoever57 ( 658626 )

        Forgot to disable AutoRun, perhaps. But actually, it's quite non-intuitive how to disable AutoRun in Microsoft Windows.

        And then, after disabling Autorun, iTunes whines at you about it.

  • by DesScorp ( 410532 ) on Friday November 21, 2008 @03:23PM (#25850095) Journal

    Chuck Windows, and adopt Unix. I realize there are some possible implications of using Linux because of the GPL, but then use BSD. There are bright Comp Sci guys in the military and DOD. Customize a military Unix, and use it throughout all the services. In fact, I think it's long past time DOD did this. With the computerization of everything from planes to ships, now's a smart time to do it. There's no way Windows should be running a ship of war.

    • by robinsonne ( 952701 ) on Friday November 21, 2008 @03:29PM (#25850211)
      It looks like you're trying to blow up that building. Would you like to use:

      1)Grenade
      2)An RPG
      3)Airstrike
    • You can have windows, but you cant have windows and running as administrator 24/7, the same way you cant have linux and running as root 24/7. If this is the same trojan from that wired.com article then it doesnt work without admin rights. Autorun will attempt to run it, but when it tries to write to the machine registry and to c:\windows then its just going to fail.

      >here are bright Comp Sci guys in the military and DOD.

      They might have bright coders but if their sysadmins are letting them run as local adm

    • ./configure (Score:5, Funny)

      by robo_mojo ( 997193 ) on Friday November 21, 2008 @03:33PM (#25850277)
      make war
      • by genner ( 694963 )
        Failed dependency: UN approval missing.
        • Re: (Score:3, Funny)

          Loading deprecated library: Democracy Exporter
        • Re: (Score:3, Funny)

          by jmyers ( 208878 )

          # make clean
          # ./configure --force
          # make war
          # make install
          boom copied to /usr/local/bin
          please edit /usr/local/etc/war.conf and set COUNTRY
          #

          • by genner ( 694963 ) on Friday November 21, 2008 @10:35PM (#25855043)

            # make clean # ./configure --force # make war # make install boom copied to /usr/local/bin please edit /usr/local/etc/war.conf and set COUNTRY #

            vi /usr/local/etc/war.conf
            COUNTRY="TERROR"
            :w
            :q
            /bin/war
            Starting war on TERROR...
            Error: TERROR is not a valid COUNTRY.

    • I think you misinterpret the needs of the DOD. In cases where important systems are in place they use UNIX. It's all the systems running outlook, MSWord, visio and other office products that are to blame. Tough part is, (even I have used it for years) OpenOffice is just not ready for the common user. Or better yet, the common user is not ready for OO or any OS other than Windows. Just transitioning them to [ add flavor of ubuntu here ] is not that easy.
      • Why does it have to be an easy transition? They're in the military, give them OpenOffice on *nix, and tell them that's what they use now.
    • Re: (Score:2, Insightful)

      by ZackZero ( 1271592 ) *
      Disclaimer: IAAS (I Am A Sailor)

      Windows does NOT run a ship of war; I cannot say exactly what operating systems are used on the critical components (i.e. NOT shipboard LAN)but can say that they are a derivative of Unix. They are always kept in secured spaces and cannot simply be infected with a worm or virus. They're not even connected to the Internet.

      The issue affects workstations kept on-land, and is likely covering those that are marked unclassified. Those are the ones running Windows - and I'll sa
    • Re: (Score:2, Informative)

      Windows doesn't run a ship of war. Some flavor of Unix (Solaris, HP-UX) or Linux (custom or RedHat) are used for all Command and Control computers. Windows is just used for office work and such. So logistics and paperwork are suffering, but thats it
    • What problems should GPL pose to DOD? I mean even it they modify the code they don't even have to release the modification unless they distribute the code, but if they only use it in DOD they are covered they don't have to release any modification.

    • Only using one OS would be a bad idea. One OS == only one thing to crack. Better off using a mix of a few operating systems. harder to take down all of them with one single hack.

    • Re: (Score:2, Insightful)

      by link-error ( 143838 )
      You mean like the version developed by the NSA? http://en.wikipedia.org/wiki/Selinux [wikipedia.org]
    • Re: (Score:3, Insightful)

      by Bobb Sledd ( 307434 )

      You don't understand the scope of what you're suggesting.

      Let's take just one job -- a DoD web developer for example. You have an internally secure web site used for data collection that (we'll say) runs on IIS, PHP, MSSQL and is developed using an IDE such as DreamWeaver (and probably PS is involved too), and is developed specifically for the DoD version of Internet Explorer. It's already been run through testing and received certification for security and all.

      To move to a non-Windows based platform, you

    • by Thaelon ( 250687 )

      IDWFTDOD (I Did Work For the Department of Defense), so FYI: DoD has been using !Windows since before Windows existed on their ships/planes etc. That is, the ships and planes don't run on windows and never have. Note that I didn't say what they do run.

      You're right there are bright Comp Sci guys in the DoD. They're way ahead of you on this one.

  • by Synn ( 6288 ) on Friday November 21, 2008 @03:25PM (#25850163)

    Because a virus can come from there as well. Along with web access, usenet access, ftp access.... might just as well unplug the network cable just to be safe.

    Or they could install an OS that wasn't insecure by design.

    • Only if your email client allows it.
      Who needs anything beyond plain text in an email?

      • Who needs anything beyond plain text in an email?

        The SMTP standard used for sending email does not support anything but plain text. What you see as binary attachments are actually encoded as plain text.

        The problem with email executable attachments is not in the email itself, but in the piss-poor operating system most people use, which runs with superuser rights most of the time. In a superior OS, like Linux for instance, a virus in an email attachment wouldn't have privileges to infect anything but the user

        • by Hucko ( 998827 )

          I love linux, but Id much prefer my military to be running open-bsd, plan 9, or a mix of all three.

    • All access across the Internet can be filtered and scanned.

      The security risk here is that there is no way to scan external media until it is already plugged in, and no matter what the anti virus vendors say even malware that they detect will often manage to execute before the file is flagged.

  • by bl8n8r ( 649187 ) on Friday November 21, 2008 @03:30PM (#25850231)

    ftfa: "Due to the presence of commercial malware.."
    So.. this was malware someone purchased?

  • I'm very surprised it hasn't been already. It probably will have been by the time this gets posted though. "This wouldn't be happening if they were using Linux!"

  • by TheModelEskimo ( 968202 ) on Friday November 21, 2008 @03:32PM (#25850255)
    Dave Richards, the administrator of the Largo, Florida computer network, came up against this problem. He made the system mount USB disks as FTP shares, and made the file browser hide any executable files on the share so they couldn't be transferred.http://davelargo.blogspot.com/2008/02/hp-thin-clients-and-usb-access-for.html [blogspot.com]

    I'm not surprised the DoD just completely shut the door on these things, but I think that for most admins, a solution like Dave's would be a really good compromise.
    • The next day, userx who has a little bit of know-how has gone home renamed said .exe file to .ex!, comes into work the next day, copies it to his desktop, renames it again, runs it and infects himself.
      • That's worth considering. I wonder what sort of protections could be put in place to make it less viable. Of course, once you've done something that devious on your work computer network, I'd say you pretty much better assume that if caught you would be fired.
        • I know how I'd handle it on Unix. Removeable drives get mounted with the noexec option (or an equivalent set of permissions for filesystem types that don't have the concept of an execute bit). If users aren't allowed to install software on their own, then /home gets mounted that way too. Then it doesn't matter what tricks the user plays or what they rename the file to, the filesystem won't permit the execute permission bit to be set and without that bit the system won't treat the file as executable. You can

  • Mark my words, it is because of Windows. If Linux or BSD based systems were predominant in the Pentagon, this would not be an issue.

    The world, the U.S.A. is so screwed up. We all know what the problems are, but we can't address them because no one in position of power will discuss them.

    • Re:Windows.... (Score:2, Informative)

      by negRo_slim ( 636783 )

      Mark my words, it is because of Windows. If Linux or BSD based systems were predominant in the Pentagon, this would not be an issue.

      The world, the U.S.A. is so screwed up. We all know what the problems are, but we can't address them because no one in position of power will discuss them.

      Let me play the troll here... and agree with you, how absurd it would be for our own military to purchase software from one of our premier software companies. A company that provides a consistent tax revenue and employment opportunities. and as others have pointed out, no malicious agents would dare sully the name of the *nix by writing custom software to go after a high profile target like the US military and it's related assets.

      • And if they did write such software, they'd surely not survive the ridicule and public humiliation of having their efforts graded against standards developed over 30 years of malicious pranksters with Computer Science degrees and way too much time on their hands trying to get access to the system to guarantee themselves an A (or at least get copies of the professor's answer sheet for the final). Which is in the end the reason Unix is more resistant to attack than Windows: Windows attempts to add security to

      • how absurd it would be for our own military to purchase software from one of our premier software companies.

        Who has a world famous reputation for poor performance, reliability, and security.

        A company that provides a consistent tax revenue and employment opportunities.

        Security != Money. Damn it! Just because a company is profitable does not mean it has a good product.

        no malicious agents would dare sully the name of the *nix by writing custom software to go after a high profile target like the US military an

    • Re: (Score:3, Interesting)

      Get real. Security all comes down to the person who's task it is to implement it. Running Unix (or any compatible rip off) only gives you an additional layer of security through obscurity . Sorry fanboys, it's true. It's not a end all solution, and you would still need someone to take the time to plan for any possible security breach. Obviously, that includes any media (CDs, FlashDrives, Floppies) attached to the system. This isn't the first military fuckup, now you want to blame Microsoft instead of t
      • Bingo! (Score:3, Interesting)

        by snspdaarf ( 1314399 )

        Get real. Security all comes down to the person who's task it is to implement it.

        Years ago, I was on a DoD facility where scheduling was being done on a UNIX box. Everyone there used the console for their work, everyone used the root account to do their work, and the password was written in on the first page of the book marked "Procedures" that was beside the console.

        • Years ago, I was on a DoD facility where scheduling was being done on a UNIX box. Everyone there used the console for their work, everyone used the root account to do their work, and the password was written in on the first page of the book marked "Procedures" that was beside the console.

          I call this a lie. There is no way this would happen in a DoD shop.

      • Security all comes down to the person who's task it is to implement it.

        To a point this is true, however, Windows is far more insecure to begin with.

        Running Unix (or any compatible rip off) only gives you an additional layer of security through obscurity .

        Not true at all. It gives you an over-all more secure base from which to begin.

        Sorry fanboys, it's true.

        No it isn't.

        Obviously, that includes any media (CDs, FlashDrives, Floppies) attached to the system.

        Why? Why would those devices be a security breach unl

    • I worked for DoD. I ran Solaris Unix, and every other machine in the office ran that or Linux. Every machine is vulnerable to someone with physical access; blaming this on Windows is stupid and pointless.
      • blaming this on Windows is stupid and pointless.

        Yes, of course, how many Solaris or Linux viruses are there?

        I do not buy the hogwash equivocation argument that all security vulnerabilities are the same. There are degrees and there are levels of ease of deployment.

        If a 12 year old script kiddie can exploit a windows system easily, but it takes a 20 year software security expert to exploit a UNIX system, I'd call that different.

  • Yesterday, a terrorist attack on the NHS [today.com] brought three London hospitals to a halt.

    The terrorists, representing an organisation calling itself "Microsoft," apparently used insecure third-party contractors to put a virus-running platform called "Windows" into critical systems in the hospitals, in order to extort money from them on an annual basis.

    It is understood that a large percentage of all businesses are infected with the virus, wasting up to 25% of employees' working time and opening the companies to further attacks from related criminal organisations demanding to see all their licenses.

    The virus in question, W32.SHILL/ZDNET, takes over the host's IT systems, leading to aches, pains, nausea, vomiting, pumping out prodigious quantities of faeces and a terrible compulsion to spread the infection to others. The patient also walks with a shuddering stumble and asks for their hospital meal to include tasty, tasty brains. Recovery has commenced when they have an overwhelming urge to throw their computer out of the window. "Getting this stuff out of the system makes MRSA look like a walk in the park," said one cleaner, waving his shit-encrusted hands about for emphasis.

    When the infection became known, ambulances were diverted to other hospitals. "We have maintained a safe environment for our patients throughout the incident," said a spokesman for Barts NHS Trust, "keeping them in the Clostridium difficile culturing lab rather than risking exposing them to 'Windows.'"

  • Skynet (Score:2, Funny)

    Skynet became self-aware at 2:14am EDT. By the time Skynet became self-aware, it had spread into millions of computer servers across the planet. Ordinary computers in office buildings, dorm rooms, everywhere. It was software in cyberspace. There was no system core. It could not be shut down.
    • Re: (Score:3, Funny)

      by psnyder ( 1326089 )

      The pieces are finally starting to come together...

      • Skynet [wikipedia.org] was first introduced in a film staring Arnold Schwarzenegger [wikipedia.org].
      • Arnold Schwarzenegger was born on July 30th.
      • On July 30th, 2007 (10 years after Skynet became aware), CrunchGear runs an article [crunchgear.com] about MojoPac, a program that "Puts Your Desktop On A USB Drive". The very type of interface the DoD now sees as a threat. In the article they state that when you use MojoPac, "...the host computer is oblivious to anything going on."
      • Foxnews reported the D [foxnews.com]
  • by 602 ( 652745 )
    The V.A.--at least the healthcare part of it-- banned these months ago to prevent data from wandering away..
  • DoD needs a security nazi ( soup nazi style ).

    Since I am the 2nd most paranoid person on earth I hereby nominate myself.

    Semper Fi, carry on.

  • I work as an IT contractor for the USAF and what it boils down to is muddied interpretations and lack of discipline. They already have regulations stating what you can and cannot do with data coming in and out of the work place. No, you're not allowed to bring a floppy in from home. No, you're not allowed to take a government floppy home with you. The same regulations should, by default, extend to CD/DVD/USB/any and all media but since they're not specifically written that way, people could quote the AFI back and say it was allowed. This new ban is merely a clarification to close the loophole.

    Did they swat a fly with a nuclear bomb? Sure.
    Has it worked? So far.

    • Re: (Score:2, Informative)

      by jdoverholt ( 1229898 )

      As an end user in the USAF I'd like to offer a bit more perspective on how exactly this filtered down.

      The official policy, as it has been preached to us for quite awhile, is that you're not allowed to use personally-owned removable media. If the government issues you a thumb drive, you're good to use it all over the place, so long as you scan it for viruses before accessing on a government PC. This latest policy change had a bit of wording that struck me as... well, dumb.

      Starting this week, upon logon

  • I think "All your bases are belong to us" just got a little more frightening.

  • Why isn't the federal government using an operating system that refuses to load or execute any programs that do not have an authorized digital signature from an agency security officer? Anything that hasn't been tested and approved, no matter where it came from, never gets the chance to run.
  • Slashdot bans vague sensationalist stories from Wired and Fox.

    There is nothing about this story that is really news. Viruses and the like are always a problem. Bad user behavior is always a problem. And this "unprecedented ban" is nonsense. Now, maybe actually enforcing it for the Army may be news, but external media on government networks has been a big nono for a long time unless it was purchased by the government for government use. That whole bring your own crap from home has always been somethin
    • Speaking from within the Air Force, "external" media has a different definition than you think. For example, an Air Force purchased USB drive (FIPS certified hardware encryption), only plugged into Air Force owned and maintained computers, is forbidden under this directive.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...