Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

P2P Network Exposes Obama's Safehouse Location

timothy posted more than 5 years ago | from the this-is-an-unsecured-channel-please-acknowledge dept.

Security 307

Lucas123 writes "The location of the safe house used in times of emergency for the First Family was leaked on a LimeWire file-sharing network recently, a fact revealed today to members of the House Oversight and Government Reform Committee. Along with the safe house location, the LimeWire networks also disclosed presidential motorcade routes, as well as sensitive but unclassified document that listed details on every nuclear facility in the country. Now lawmakers are considering a bill to ban P2P use on government, contractor networks."

cancel ×

307 comments

Sorry! There are no comments related to the filter you selected.

Wow (5, Insightful)

GofG (1288820) | more than 5 years ago | (#28872661)

If it had been leaked by uploading it to a server, would they ban the ftp protocol?

ban the man (4, Insightful)

OrangeTide (124937) | more than 5 years ago | (#28872669)

We must ban everything that we don't understand until we can feel safe again.

Re:ban the man (5, Insightful)

dirtyhippie (259852) | more than 5 years ago | (#28872867)

Congress's reaction is predictable and hilarious, but to be fair, they are only talking about banning P2P use on government computers. I don't have a problem with that. If you are working on government contracts, you should probably have a seperate computer from where you keep your music, porn, etc.

Re:ban the man (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28873151)

I agree 100%. I don't bring my laptop where I keep my pr0n, music and run my P2P apps, this should be common sense for anyone and this should be twice as apparent for someone working for the gov't.

If I was allowed to have mod points I would have modded you up.

Re:ban the man (1)

GigsVT (208848) | more than 5 years ago | (#28873197)

Would you support banning HTTP on government computers too?

Re:ban the man (1)

Freetardo Jones (1574733) | more than 5 years ago | (#28873335)

Yes. It is their property and they can set whatever rules they want on its use.

Re:ban the man (1)

GigsVT (208848) | more than 5 years ago | (#28873509)

It applies to contractor's computers too.

Re:ban the man (1, Interesting)

nizo (81281) | more than 5 years ago | (#28873455)

Mostly I would promote beatings and the pillory for people who put classified information on a computer that is ever connected to the internet. This would be on top of the usual loss of clearances and everything else that would already happen now.

Re:ban the man (2, Funny)

KronosReaver (932860) | more than 5 years ago | (#28873577)

Perhaps the Internet can just ban the Government instead...

It would be a WIN - WIN Situation

Re:ban the man (1)

Gerzel (240421) | more than 5 years ago | (#28873527)

And the next time a government contractor wants to get the latest linux distro?

There are other uses of P2P than just porn, music, etc.

Re:ban the man (3, Insightful)

sbeckstead (555647) | more than 5 years ago | (#28873711)

He can go to a computer on the proper network and download it just like the military has to do now. There are darn few uses for P2P that can't be handled better by something else.

Re:ban the man (5, Informative)

NotBornYesterday (1093817) | more than 5 years ago | (#28873349)

You say this as a joke, but that's what members of congress are actually talking about. FTFA:

Towns [House Oversight and Government Reform Committee chairman Rep. Edolphus Towns, (D-N.Y.)] said that the file-sharing industry's promises to self-regulate itself had clearly failed. "Specific examples of recent LimeWire leaks range from appalling to shocking," Towns said. "As far as I am concerned, the days of self-regulation should be over for the file-sharing industry."

Saying "the days of self-regulation should be over" is congresscritterspeak for "we're about to regulate another industry", which in this case would be a) bad, b) useless, and c) undeserved. Bad because it would stymie technical development in the US, and useless because said development would then simply take place elsewhere in the world. Undeserved, because Limewire did not attempt to spread US government secrets. Their software was simply the mechanism by which some idiot (presumably a government-employed idiot, but that would be redundant) knowingly or unknowingly loosed this material into the wild.

Other members want the issue investigated by the Federal Trade Commission, the Securities and Exchange Commission and law enforcement authorities. They said that the continued failure by companies such as LimeWire to take more proactive steps to stop inadvertent file-sharing is tantamount to enabling illegal activity resulting from the data leaks.

And how do they propose that Limewire prevent sharers from sharing government secrets? By sending someone to each Limewire installation to make sure the luser configured it correctly? To the power-grabbing, meglomaniacal nanny state committee-rats in congress, here's an idea: clean your own house first. Clamp down on those with the poor judgment to run p2p sharing apps on systems that have sensitive data. Is there a rule against it? No? Make one. Yes? Enforce it. Hell, ban p2p on all govt systems, sensitive or not, and enforce it like the matter of national security it is.

Re:ban the man (4, Interesting)

BobMcD (601576) | more than 5 years ago | (#28873707)

To the power-grabbing, meglomaniacal nanny state committee-rats in congress, here's an idea: clean your own house first.

You're completely discounting the possibility that this data was planted on LimeWire by the government expressly in order to give them this exact leverage.

Those files could be completely false, for all we know.

People that take action based on this allegation alone are dumb, dumb, dumb.

Re:ban the man (1)

sbeckstead (555647) | more than 5 years ago | (#28873675)

This is a very prudent course actually. If I don't understand it and it is obviously being misused like this I want it off my network NOW!

Re:Wow (0)

Anonymous Coward | more than 5 years ago | (#28872855)

No, I think they'd probably just arrest the person who uploaded them. If, however, it were possible for your FTP client to scan your local system for documents it may want to share and then posted an index of said documents in a public manner and then facilitated access to said documents (like LimeWire variants can), I would say yes, they would.

Re:Wow (1)

clone53421 (1310749) | more than 5 years ago | (#28873331)

Yeah, because people are too dumb to realize that sharing My Documents might – just maybe – be one of those Very Bad Ideas. Especially since they're also too dumb to realize that that's also where they keep their GF's nudes or their password list.

I've "hacked" into several e-mail accounts, instant messenger accounts, and even a RapidShare premium account by finding people's login details on LimeWire. I didn't do much of anything to cause trouble, other than verifying that the credentials were still valid, but it was sort of a proof-of-concept exercise. I didn't want to cause trouble, I just wanted to see how many people have disregarded this seemingly-obvious (in my mind) security hole.

Re:Wow (2, Insightful)

interkin3tic (1469267) | more than 5 years ago | (#28872979)

Suprise: lawmakers are once again clueless when it comes to technical issues that have been around for less than 100 years.

The real question is who is advising them so poorly?

Re:Wow (1)

Lally Singh (3427) | more than 5 years ago | (#28873337)

Mostly poly-sci student interns.

Re:Wow (1)

thePowerOfGrayskull (905905) | more than 5 years ago | (#28873541)

Suprise: lawmakers are once again clueless when it comes to technical issues that have been around for less than 100 years.

The real question is who is advising them so poorly?

Actually, I would say - depending on the final implementation - this may be remarkably clueful. Let me put it in a context that's a little closer to home: I don't want stupid employees with access to my tax records using their PCs to do anything but work. Each additional thing they do increases the chance that going to go and "click on the bunnies", thus ensuring that my data - and yours - is available to whichever botnet claims the machine. So hell yeah - ban all non-governmental use of file sharing. Ban web browsing. Ban fscking ftp. If they don't need it to do their jobs, they shouldn't have it.

The same could be said of ANY employee of an organization that has access to sensitive customer information. We're not talking about protecting people from themselves here (futile at best) -- rather, it's protecting people from the stupidity of other people outside of the realm of their control.

In the age of networked and portable computers, pDAs, lives can be ruined on a massive scale by one careless click.

That being said, I absolutely trust congress to screw this up and pass a bill that prohibits federal employees from using any and all Internet-based tools without 18 levels of approval. This in turn will require hiring more federal employees to manage the approvals process. That will require hiring more federal employees to manage HR and payroll... and if there's one thing that HR is good at, it's instuting more policies that add more overhead and more wasted money on irrelevant education, training, etc. Which in turn means hiring more personnel...

Re:Wow (1)

INeededALogin (771371) | more than 5 years ago | (#28873049)

If it had been leaked by uploading it to a server, would they ban the ftp protocol?

That would be espionage. They would be tried for treason.

Re:Wow (0)

Anonymous Coward | more than 5 years ago | (#28873513)

That's OK, Wikileaks and Slashdot says it's all fine, leak away, my man, leak away!

Oh wait, it's not some poor schmuck in the Army who's put in danger, it's The One, The Almighty, The Barry.

So all of a sudden, leaking information isn't a good thing?

---
If you Mod me down I will become....well, it just makes you a hypocritical ass.

Re:Wow (0)

Anonymous Coward | more than 5 years ago | (#28873129)

If it had been leaked by uploading it to a server, would they ban the ftp protocol?

Stop giving them ideas!

Not this again... (3, Insightful)

mlts (1038732) | more than 5 years ago | (#28872681)

Its not P2P in itself that is wrong. It is the use. The leaked information could have wound up on a website, blog, or FTP server, and I'm almost sure nobody would be saying that those technologies should be banned.

Re:Not this again... (4, Insightful)

gnick (1211984) | more than 5 years ago | (#28872789)

Still, unless there's some strange and compelling business need, no big business should be allowing employees to run Limewire at work IMO. Especially on government machines with sensitive information. Some P2P may be useful for business purposes. But Limewire?

Re:Not this again... (1)

Lord Ender (156273) | more than 5 years ago | (#28872827)

Some filesharing software shares all of a person's data by default, or at least makes it easy to mistakenly configure it to do so. Most, if not all, filesharing software makes it easy for someone to inject trojaned or backdoored software into the network in such a way that average users cannot distinguish it from legitimate software.

It is a perfectly reasonable security trade-off for an organization to prohibit the use of filesharing software, so long as the term is adequately defined.

Re:Not this again... (1)

interkin3tic (1469267) | more than 5 years ago | (#28872861)

The leaked information could have wound up on a website, blog, or FTP server, and I'm almost sure nobody would be saying that those technologies should be banned.

Don't give them any ideas!

Re:Not this again... (1)

Darth_brooks (180756) | more than 5 years ago | (#28873093)

You're right, It's not P2P itself. It's the perception of what P2P is. I say P2P here, and we think of torrents for ISO sharing (at least, for legitimate use). Say P2P anywhere else and people think "Oh yeah, that's that program that lets you get free music and shit."

As far as the latter use is concerned, there's no way that stuff belongs on any work related network, government or otherwise. Ban away. Anything legitimately work related can be obtained by other means. What you do at home is not my concerned, what you do on the PC's I have to manage is. I mean, really, who uses Limewire to D/L ISO's?

Re:Not this again... (1)

PRMan (959735) | more than 5 years ago | (#28873723)

Even better. Have a blanket ban on P2P except for a single IT employee that can download things for the IT staff. Problem solved.

Re:Not this again... (0)

Anonymous Coward | more than 5 years ago | (#28873195)

Its not P2P in itself that is wrong. It is the use. The leaked information could have wound up on a website, blog, or FTP server, and I'm almost sure nobody would be saying that those technologies should be banned.

I was going to say the same thing. This has nothing to do with the technology or medium. The issue is how the information got leaked that's the real security risk.

The P2P network is in fact so not responsible that there's even no reason based on this news to ban P2P in government use. The information should have been kept classified and secure and therein lies the problem.

Re:Not this again... (1)

Jugalator (259273) | more than 5 years ago | (#28873273)

Its not P2P in itself that is wrong. It is the use.

Of course, I actually don't think they're mistaking themselves there. But rather looking to ban use on gov't networks just so stupid users won't use it incorrectly and share everything they've got.

Re:Not this again... (4, Insightful)

MozeeToby (1163751) | more than 5 years ago | (#28873283)

The issue isn't the P2P per say, it's the fact that many P2P programs make it easy to accidentally mark files for uploading that you don't mean to. A lazy/stupid/uninformed user stands a decent chance of sharing information without even realizing it, I remember trying to explain that to someone in my family way back when Napster was big, that they were sharing all of their documents out over the network because that is where they happened to store their downloaded files and they had marked the folder as one to share, not realizing that it would share files other than those they had downloaded.

Any program that can upload user documents without the user having knowledge of it shouldn't be used on any kind of sensitive system. In my mind, bit torrent is relatively safe from this, since it requires the user to create a torrent and make it available, not the kind of thing that is going to happen accidentally.

Re:Not this again... (1)

nonumnos (840989) | more than 5 years ago | (#28873617)

Let's take that one step further. Let's also ban fax machines. You know, I could end up faxing something sensitive and type in the wrong phone number! (Oh noes!)

its already banned on all government networks? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28872697)

whatever network administrator lets limewire traffic outside of the firewall needs tossed

Re:its already banned on all government networks? (2, Funny)

Major Blud (789630) | more than 5 years ago | (#28872749)

Man, the jokes are going to start pouring in:

"Now that's government transparency"

"After exposing the location of the vice-presidential bunker earlier this year, Joe Biden also forgot to uninstall Limewire from his netbook"

Re:its already banned on all government networks? (1)

gnick (1211984) | more than 5 years ago | (#28873319)

My first thought was, how in the world did the Pres get LimeWire running on his BlackBerry?

Location.. nigga stole my location! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28872707)

adddriiaannnn

Encryption? (4, Insightful)

sexybomber (740588) | more than 5 years ago | (#28872717)

If the leaked data was so sensitive, shouldn't it have been encrypted, or at the very, very least, password-protected? That seems like a no-brainer.

Re:Encryption? (1)

smallshot (1202439) | more than 5 years ago | (#28872801)

Even if it was encrypted or password protected (implies some form of encryption), this kind of information is obviously classified and should not be on computers with external internet access. I didn't read the article yet, but i doubt P2P networking is why it got leaked, just the medium used.

Re:Encryption? (0)

twiddlingbits (707452) | more than 5 years ago | (#28872971)

RTFA, it's SENSITIVE but unclassified. Perhaps it was underclassified but that's not the point. Using Limewire on a Gov't machine is a really bad idea. If this had been about details related to GWB no one would have even mentioned it.

Re:Encryption? (1)

smallshot (1202439) | more than 5 years ago | (#28872985)

Now that I've actually read the article, I discover the information was NOT classified, though considered so sensitive "it would not have been available even with a Freedom of Information Act request." Even so, information is leaked by people, not P2P software.

Re:Encryption? (1)

Freetardo Jones (1574733) | more than 5 years ago | (#28873401)

Even so, information is leaked by people, not P2P software.

But if they weren't able to run the P2P software in the first place it would have had a 0% chance of being leaked to Limewire.

Re:Encryption? (1)

Algorithmn (1601909) | more than 5 years ago | (#28872891)

The data must be unencrypted to access the information. Mission critical data is useless if its always encrypted.

Re:Encryption? (1)

Brigadier (12956) | more than 5 years ago | (#28872941)

you would be surprised how many white house interns are non brainers

Re:Encryption? (1)

martas (1439879) | more than 5 years ago | (#28873095)

of course it should have. the way i see it, things like this happen because people still don't realize that data security should be treated the same way as good old physical security. if the president's bodyguards say duck, the president ducks without asking any questions. people like the secret service are respected, and they have authoritah. until everyone gets it through their thick skulls that what they do in their computer is just as real as what they do in the physical world, stupid things like these will keep happening.

Re:Encryption? (1)

Fastolfe (1470) | more than 5 years ago | (#28873369)

How do you know it wasn't encrypted and password-protected? You have to decrypt and provide a password to access an encrypted and password-protected volume, right? The problem here is that the moron had Limewire configured to scan for and share everything on his system, including the sensitive stuff. If he did this after he'd opened the encrypted volume, Limewire would have been able to access it like any other file.

Re:Encryption? (0)

Anonymous Coward | more than 5 years ago | (#28873559)

most gov. computers run whole drive encryption that protects against theft of hardware. Upon login, decryption capability is given to the user. any program requesting access to the data would have it decrypted on the fly. A P2P client would be a process running on the user's account and have the data available to it. Because access is given to the user at login. The bigger question here is why is there P2P software on a gov. comp? What need is there on a gov. network? Why did the user in this case have admin rights enough to install software, especially if he or she wasn't savy enough to know not to share the whole harddrive?

I see absolutely nothing wrong with banning Peer-2-Peer on a network of secure systems that should be for official use only. As a matter of fact, I think software running on gov. system should be pre approved anyways. I almost guarantee there's no approved peer-2-peer software for gov. computers.

Re:Encryption? (0)

Anonymous Coward | more than 5 years ago | (#28873703)

Dude, it is the government, they don't know the meaning of encryption.

p2p on government networks (0)

maharg (182366) | more than 5 years ago | (#28872721)

p2p on government networks eh, who would have thought it ? before you know it they'll be insisting on airgaps between the LAN and t'internet..

Information wants to be free (5, Funny)

davidwr (791652) | more than 5 years ago | (#28872731)

Information wants to be free.

Especially high-value information.

Re:Information wants to be free (1)

jerep (794296) | more than 5 years ago | (#28873565)

Exactly, its the people who keep information for themselves who are the thieves.

We all praise our society for its freedoms but the only free things we have are the choices between hundreds of meaningless entertainments and foods.
I for one welcome our pirate friends who free more and more informations every day.

If i learned how to code through leaked sources, maybe someone will protect the president out of this leaked information.

It never stops. (1)

arthurpaliden (939626) | more than 5 years ago | (#28872765)

People who have no idea of how the Internet or its related technology works making laws to regulate it. Next it will be brief cases becasue sometimes important documents get left in them and then they get lost or stolen.

Re:It never stops. (1)

Absolut187 (816431) | more than 5 years ago | (#28873293)

Laptops get stolen out of cars all the time.

They should really ban cars.

Because... (1)

Darkness404 (1287218) | more than 5 years ago | (#28872795)

Because these documents could never be exposed using HTTP, FTP or a number of other protocols. So of course the answer is to ban P2P.

Re:Because... (1)

Fastolfe (1470) | more than 5 years ago | (#28873421)

There's a subtle difference here, though. When you install an HTTP or an FTP server, it doesn't "helpfully" offer to scan your entire computer for things to share, and publish that information in a search engine. Yes, misconfigured software can expose sensitive data, but in this specific case, the P2P software in question makes it ridiculously easy to accidentally share things you probably do not want shared.

Re:Because... (1)

maxume (22995) | more than 5 years ago | (#28873531)

Absolutely, they should ban user installation of server daemons on user workstations, not restrict it to a particular type of software that happens to default to serving everything on the computer.

P2P and Revered Connections (1)

Algorithmn (1601909) | more than 5 years ago | (#28872797)

Banning or simply ensuring employees that they will be terminated in the event you use P2P software is a good idea. Financial Institutions already enforce strict policies regarding P2P software. Notice we haven't heard of a bank getting P2P'd lately?

Re:P2P and Revered Connections (1)

twiddlingbits (707452) | more than 5 years ago | (#28873265)

Banks use P2P software but it's over trusted network links and the information is encrypted. What do you think the sevice is that handles wire transfers but a P2P program moving money from one bank account to another electronically according to rules. Data transfers are tightly controlled. So, it's not P2P technology that is the issue, it's using a PUBLIC P2P system where you don't know if the person on the other end is trustworthy and won't pilfer anything you exposed but didn't protect.

And? (4, Informative)

Vinegar Joe (998110) | more than 5 years ago | (#28872807)

Biden has already told the press the secret location of the VP's emergency bunker.

http://blog.newsweek.com/blogs/thegaggle/archive/2009/05/15/shining-light-on-cheney-s-hideaway.aspx [newsweek.com]

Re:And? (1)

Algorithmn (1601909) | more than 5 years ago | (#28872931)

I forgot about that!!! There is no firewall with enough throughput to shut him up.

Re:And? (1)

pluther (647209) | more than 5 years ago | (#28873101)

The difference here is that this is the currently used locations, routes, etc., used for the current administration, as opposed to one of the hiding places built for the use of one guy who's no longer in office.

Re:And? (3, Informative)

Lazlo Woodbine (54822) | more than 5 years ago | (#28873219)

Years [bbc.co.uk] after BBC broadcast it to the world.

Re:And? (1)

Chris Burke (6130) | more than 5 years ago | (#28873435)

Yeah, so the big question for me is where is Obama's safe house? Would it perchance also be directly beneath his regular house?

ZOMG the Presidential Safe House is the basement of the White House?!

who was responsible for the data? (1)

droidsURlooking4 (1543007) | more than 5 years ago | (#28872809)

If any data is that sensitive, then the responsibility should be assigned to someone (an actual person). It will be their job to make sure it doesn't end up on the Internet. Wow. How tough is that?

Re:who was responsible for the data? (0)

Anonymous Coward | more than 5 years ago | (#28872913)

Yep. People guarentee privacy. Not networks or applications.

Re:who was responsible for the data? (1)

nizo (81281) | more than 5 years ago | (#28873025)

As far as I know, anyplace that has sensitive documents like this has a dedicated security officer. Now picture being that guy, while people you have trained do exactly what you told them NOT to do and put things on every kind of media known to humankind and then inadvertently carry sensitive stuff home and and dump it on their machine running Limewire. Yes USB thumb drives are restricted (some places go so far as to seal USB ports to make sure people don't stick unauthorized drives into the machines) but morons are surprisingly cleaver at actively circumventing the best laid plans to keep them leaking information.

Of course there is also the nice happy possibility that the data was collected via some other means and was leaked to Limewire from the machine of some spy.

P2P in government offices (1)

Galestar (1473827) | more than 5 years ago | (#28872815)

They only say they want to ban P2P in government and contractor offices and frankly this does make sense. I don't work for the government, but I'm not about to start running Limewire or a torrent client on my work computer. I also certainly hope none of my coworkers do, since if they're dumb enough to, they're probably also dumb enough to let Limewire find and share any file on their harddrives that it wants - including code, payroll, proprietary software etc.

Firewall (1)

Krneki (1192201) | more than 5 years ago | (#28872851)

Do they have anyone in charge of the Firewalls in the White house?

And why are they using Windows for security sensitive information?

Yeah, blame P2P, oh and Canada too, just to be sure.

Re:Firewall (1)

jerep (794296) | more than 5 years ago | (#28873619)

Personally I blame the government itself. Who needs a secret president hideout when you can just pick the next guy in line to do the same job, its still gonna be the same corporate people making the decisions anyways.

Let me know when... (1)

Photo_Nut (676334) | more than 5 years ago | (#28872871)

Let me know when the government bans all forms of communication...

Until then, the problem with secret information is always going to be a matter of trusting the people who you share the secret. Secret service routes and secret emergency locations are secret for a reason, but this kind of breach of security is not due to the technology used to leek it, but rather due to the people who leaked it.

Rather than going after P2P technology, the government should be looking into who leaked this information and making it easier to discover and prove who leaked it, and then put them in front of a firing squad.

And any members of congress looking at technology tools and thinking that the tools did the sharing and not the people using them are themselves tools of an uneducated public. We need a better education system, but we're not going to get one by electing uninformed politicians whose only issue is whether women have a right to emergency procedures if they involve the termination of a pregnancy. Running for the US government is a popularity contest, and once people make it there, the job becomes lining ones pocket through lobbying.

Sure, I may be over dramatizing to make a point... Did you expect anything less on Slashdot? :)

Honestly why on earth is this a bad idea? (0)

Anonymous Coward | more than 5 years ago | (#28872973)

They aren't banning the use of peer to peer, they are banning the use of p2p on government sensitive networks

Shouldn't that be a duh? Would you consider it a bad idea for your bank to disallow limewire from being installed on their computers?

Biden? (0)

Anonymous Coward | more than 5 years ago | (#28872981)

It looks like Biden is a Limewire user.

Let me guess: the safehouse is under the White House?

Maybe we should ban tweezers as well.... (1)

paulsnx2 (453081) | more than 5 years ago | (#28872983)

As others have said, the problem isn't P2P networks.

But something has to be done to insure our safety, right?

Wrong. If doing something like baning P2P technologies doesn't make us safer (and it will not), then doing so will cost us money for absolutely no return on said funds.

I never feel safer when people that make policy do so in a way that proves they have no grasp of the problem. They need to find out who leaked the information and deal with them. That is low tech, find who is at fault and ban THEM.

You're doing it wrong... (1)

Monkeedude1212 (1560403) | more than 5 years ago | (#28872997)

"Now lawmakers are considering a bill to ban P2P use on government, contractor networks."

P2P has never been by any means "Secure" (save ones built for a very specific function, like the blizzard patcher) - in fact programs like Limewire are known as the diseased prostitutes of the internet for all the trojans you will eventually acquire.

For the Government to use Limewire... for it to even BE there...

I can't even think of what to type next to describe such a fail. Facepalm doesn't cut it.

Re:You're doing it wrong... (1)

INeededALogin (771371) | more than 5 years ago | (#28873189)

For the Government to use Limewire... for it to even BE there...

Right.. it was the government that was using Limewire. The government is made of people. People make mistakes... especially when you have as many of them working for you(the US government is the largest employer in the US). Epic fail... I don't think so... 1,000s of companies make this mistake every year.

Bans on poorly understood connectivity software (1)

tgrigsby (164308) | more than 5 years ago | (#28873001)

What they're really criminalizing is stupidity. Not P2P per se, but the use of a class of software that, when not properly configured, could give the world access to all your files, including ones that you may not want the world to have access to. And the kind of information on a government computer is can be so sensitive that you can't just make it a matter of policy, punishable by termination; you have to make it a crime.

Someone on here mentioned FTP, and they would be correct that setting up an FTP server on your machine and enabling FTP access to all the directories on your machine would be just as bad, perhaps even worse if you allow write access and gave a hacker the ability to push executable modules onto the host system.

But let's be honest, that's not enough. Any bill they come up with has to also make it a requirement that government and contractor systems prevent P2P software from reaching the outside world, with violation of the law punishable by heavy fines, mandatory complete shutdown investigation of the office/company, and and in the case of a contractor, being barred from being awarded government contracts ever again.

Remove admin rights (1)

javacowboy (222023) | more than 5 years ago | (#28873013)

I'm not sure why they're making such a big fuss about this.

All government departments should remove admin rights to their employees workstations so that they can't install unapproved software. There should also be period audits to ensure that unauthorized software didn't somehow find its way onto those workstations anyway and remove them.

What's the big deal?

Before everyone jumps to the defense of P2P... (2, Insightful)

jpstanle (1604059) | more than 5 years ago | (#28873035)

What business do P2P file sharing apps have one government and contractor computers? While I'm sure many will rightfully point out the security through obscurity is rarely effective, and this information could have been leaked through any number of less sexy protocols like FTP, P2P file sharing has no business on government and contractor networks (BTW, when I say contractor networks, I'm referring to those that may contain sensitive or classified information). P2P apps are certainly the most common and available means of inadvertently turning a client node into a wide-open file server.

These are not commercial ISPs or home PCs we're talking about here. These are tax-payer financed networks. What business do these users have using tax-payer owned resources for downloading music/movies/etc. whether they are copyrighted or not? If you're not going to control the software installed on these workstations, at the very least the network traffic rules should not allow for this kind of outgoing traffic on client nodes.

"Gov't secrets" is an oxymoron (1)

nitroamos (261075) | more than 5 years ago | (#28873057)

This story is just like Biden revealing the secret bunker. The gov't needs to do a better job keeping secret things which need to be secret. You can't blame the inspector (e.g. P2P) for pointing out holes in your security. I want the First Family to be safe, but I'm unwilling to compromise my liberties to guarantee this (not that this is the proposed solution; I'm just saying).

At least flaws like these in security are being discovered during "peace" time.

Miss Direction (1)

jvillain (546827) | more than 5 years ago | (#28873075)

Or the whole thing is just misdirection. It just smells funny.

PsyOps (2, Interesting)

bloobamator (939353) | more than 5 years ago | (#28873085)

Or it could be good old disinformation. It's hard to believe that the Fed's firewalls allow P2P traffic.

LimeWire is to Blame (3, Insightful)

atomic_bomberman (1602061) | more than 5 years ago | (#28873119)

How could LimeWire let this happen? This is just as bad as fork and knife manufacturers who fail to keep fat, dumb people from eating too much.

Get your heads out of your asses (1)

qoncept (599709) | more than 5 years ago | (#28873155)

I read through here and basically saw nothing but a bunch of smart ass comments about other ways documents could be lost or leaked. Great.

Tell me* when the last time you installed software on a briefcase and it automatically indexed all your media and documents, by default, and then broadcast it to millions of other people.

Tell me* when the last time you downloaded [ a linux distro / "something" ] from an ftp server, while in the meantime everyone else connected downloaded all of your media and documents (that were shared, again, by default).

Tell me* when the last time you posted a message on a forum, and while you did it, you accidentally attached a document containing all your passwords. Shared by default in Limewire.

And finally, tell me* the last time you downloaded ANYTHING via ANY p2p protocol that was legal and that didn't have an alternative place to download. Why the hell should anyone using a government computer be using Limewire or Bittorrent?

* Don't actually tell me. I'm not at all interested.

Re:Get your heads out of your asses (1)

Krneki (1192201) | more than 5 years ago | (#28873199)

WoW patches its clients via P2P. And it's a serious business for 10M people.

Re:Get your heads out of your asses (1)

jpstanle (1604059) | more than 5 years ago | (#28873309)

| WoW patches its clients via P2P. And it's a serious business for 10M people.</quote>

Yeah, and WoW is appropriate official business appropriate for use on tax-payer funded government networks. </sarcasm>

Re:Get your heads out of your asses (1)

Krneki (1192201) | more than 5 years ago | (#28873391)

I'm talking about P2P. What people use on working computer is the employer concern not mine.

P.S: At work I'm trying to implement an ALLOW system for exe files. So if you want to run an new exe file you need an explicit permission from the tech department. Sadly the management doesn't agree with me.

Re:Get your heads out of your asses (1)

clone53421 (1310749) | more than 5 years ago | (#28873485)

the last time you installed software ~ and it automatically indexed all your media and documents, by default, and then broadcast it to millions of other people.

the last time you downloaded "something" ~ while in the meantime everyone else connected downloaded all of your media and documents

the last time you posted ~ accidentally ~ a document containing all your passwords. Shared by default in Limewire.

Never. Certainly not when I installed LimeWire; I'm much too intelligent to let it do that.

Re:Get your heads out of your asses (1)

Jean-Luc Picard (1525351) | more than 5 years ago | (#28873595)

The issue is not that Congress wants to ban P2P on Govt. systems, its the train of thought that they should blame the software instead of the users who installed the software and allowed the directories to be shared.

Not just those in the goverment are stupid... (4, Funny)

sherpajohn (113531) | more than 5 years ago | (#28873277)

I heard a "security focal" in a large helpdesk group once tell us that mp3 files were "illegal" and anyone caught with them would be charged and fired.

Re:Not just those in the goverment are stupid... (2, Funny)

swilde23 (874551) | more than 5 years ago | (#28873621)

I worked for the Computer Science department of the state run university where I live, and we sent out an email that sounded something like that... of course, it occurred on the first day of the fourth month. But it was rather amazing how many concerned emails we got in response.

Sensitive but unclassified (1, Insightful)

QuoteMstr (55051) | more than 5 years ago | (#28873295)

Now that's an oxymoron definition. If it's genuinely important to the nation to keep a document secret, then classify it. If it's not important enough to classify, then it's not important enough to keep from the public. A transparent government is a good government.

ban P2P use on government, contractor networks (1)

nurb432 (527695) | more than 5 years ago | (#28873303)

Why stop there? Just ban p2p on the internet. Oh, and any other transfer protocol.

idiots

Sooo... (1)

ChinggisK (1133009) | more than 5 years ago | (#28873307)

So where is it?

Oops? (1)

rgviza (1303161) | more than 5 years ago | (#28873313)

Wow... Government IT Security is either forced to let nitwits use this stuff, or they are failing their employers horribly.

do we find out how they fucked up this bad? (1)

jollyreaper (513215) | more than 5 years ago | (#28873325)

It's rare that we even hear about Joe Computerguy fucking up by accidentally sharing his homemade porn stash by accident. The only examples I can think of were not accidental at all but jilted boyfriends trying to burn the ex. But ok, I can buy an accidental release -- you store your homemade porn in a default media directory, the p2p app does a scan for shareable media and autoselects it, ok, it's possible. The guy's an idiot but it's possible. But for government shit like this to make it out, the plans for Obama's canceled Marine One replacement, the stuff in TFA today? I know they say never attribute to malice what can best be explained by incompetence but this seems too deliberately stupid.

So where is the safehouse? Missing from article (1)

cshay (79326) | more than 5 years ago | (#28873355)

I can't find it via google either.

The Dick Cheny moles strike again (0)

Anonymous Coward | more than 5 years ago | (#28873439)

The former second in command filled many positions with NeoCon moles before retiring to Wyoming to re group.
  I refuse to spell ChEny correctly.

Two points... (2, Informative)

rickb928 (945187) | more than 5 years ago | (#28873519)

1. I was blocking Limewire (and Kazaa, etc.) traffic for clients with substantially less security exposure for years and years. Most P2P networks are just hives of viruses, malware, exploits, illict file sharing, and worse. My clients pretty much expected it. Of course, blocking Webshots gots people a little hot, but they get over it.

2. Any bets that the actual culprit was a security wonk, figuring they were smarter than the rest of the world? Very few of the 'security' folk I've worked with actually practiced what they preached. And most either wandered from job to job, or lasted only until the first noticeable breach. One of my former clients made the news a few months ago, because someone was putting USB keys into their corporate servers. Even the PKI repository. Apparently they thought a free utility they got from a friend at a user group was really useful. Not.

I one were deliberately trying to discredit P2P... (2, Insightful)

roc97007 (608802) | more than 5 years ago | (#28873545)

...one couldn't find a better way to do it than this.

So, where is it? (1)

Hatta (162192) | more than 5 years ago | (#28873681)

Or where was it? It's public information now, and the President sure as hell isn't going to be using it anymore, so what's the harm in telling us?

Safehouse? Not that important (0, Flamebait)

devleopard (317515) | more than 5 years ago | (#28873701)

The real fear is that somehow a scanned copy of the President's real birth certificate will leak out via P2P

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?