Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

White House Chief Technology Officer Steps Down

Soulskill posted more than 2 years ago | from the help-wanted-must-know-tech-stuff dept.

Government 55

New submitter Krazy Kanuck writes "The White House is running a story on their OSTP blog that Chief Technology Officer Aneesh Chopra is stepping down after being appointed to the post by President Obama in 2009. There is some mention of him returning to his home state of Virginia, and the Washington Post suggests a possible bid for lieutenant governor."

cancel ×

55 comments

Sorry! There are no comments related to the filter you selected.

Can we apply as a group? (4, Interesting)

LostCluster (625375) | more than 2 years ago | (#38846479)

Maybe we can talk someone in the White House press office to use Ask Slashdot for technical questions and Your Rights Online for recommendations on tech bills... Would somebody please put together a resume for We the People of Slashdot?

Re:Can we apply as a group? (5, Funny)

girlintraining (1395911) | more than 2 years ago | (#38846621)

Would somebody please put together a resume for We the People of Slashdot?

We could, but it would be full of contradictory skills and experiences, an entire year devoted to yelling "First Post!", and would boast certifications like "Made baby jesus cry."

Actually... It's still better than the current crop of presidential hopefuls. PRINT IT.

Re:Can we apply as a group? (0)

Anonymous Coward | more than 2 years ago | (#38847505)

"We could, but it would be full of contradictory skills and experiences, an entire year devoted to yelling "First Post!", and would boast certifications like "Made baby jesus cry."

Oh, you mean like whatsthatstuff.. um... oh yea, democracy?

Re:Can we apply as a group? (0)

Anonymous Coward | more than 2 years ago | (#38847739)

First vote!

Re:Can we apply as a group? (0)

Anonymous Coward | more than 2 years ago | (#38846845)

FUND IT.

I dont care how much it costs or who has to pay for it....

Re:Can we apply as a group? (1)

ubrgeek (679399) | more than 2 years ago | (#38847895)

And that kids is the story of How I Met Your Congress.

Re:Can we apply as a group? (3, Insightful)

clarkkent09 (1104833) | more than 2 years ago | (#38846965)

Nooo, we don't want the wider public to see how naive nerds are when it comes to politics, as evidenced daily by most posts here. Let's stay quiet and pretend we are smart.

Re:Can we apply as a group? (1)

LostCluster (625375) | more than 2 years ago | (#38847493)

Come on, were you against the SOPA/PIPA blackouts?

Re:Can we apply as a group? (1)

smellotron (1039250) | more than 2 years ago | (#38847589)

Come on, were you against the SOPA/PIPA blackouts?

Doubtful, but that's the proverbial diamond in the rough. Are you familiar with the spam [slashdot.org] form [slashdot.org] response [slashdot.org] ? I have not yet seen the equivalent for political reform discussions. I believe this is an indication that the Slashdot as a community underestimates the inherent complexity (corruption aside!) of American politics.

Re:Can we apply as a group? (1)

analyst-cz (1386075) | more than 2 years ago | (#38848191)

Did you ever notice how fatal consequences does ruling by NOT politically naive persons have? I am pretty sure we are living the era where this will change simply as the result of the nature laws force.

My hovercraft is full of eels (1)

Hognoxious (631665) | more than 2 years ago | (#38849309)

And this, children, is why you shouldn't rely on automated translation.

Re:Can we apply as a group? (1)

medcalf (68293) | more than 2 years ago | (#38847757)

Trust me when I tell you that you do not want to work in technology anywhere near the White House.

Nah (0)

Anonymous Coward | more than 2 years ago | (#38848397)

I work in technology for the White House. (In fact, Aneesh is my boss.) I rather recommend it.

D'oh (1)

waldoj (8229) | more than 2 years ago | (#38848403)

I wasn't logged in, but that was my post.

Re:D'oh (1)

medcalf (68293) | more than 2 years ago | (#38885665)

So not in OCIO, then?

At least (3, Interesting)

Dyinobal (1427207) | more than 2 years ago | (#38846499)

At least he isn't stepping down to a lobbying position for the media industry. I half expected that when I read the title. Though I guess he still can...

Re:At least (1)

jank1887 (815982) | more than 2 years ago | (#38847345)

lieutenant gov makes for a great position while he waits for the 1-2 year lobbying restraint to be lifted.

Re:At least (1)

Kerstyun (832278) | more than 2 years ago | (#38849325)

HB-1 visa's are tied to a job, so most likely his on the next plain back to calcutter.

This just in (5, Funny)

koan (80826) | more than 2 years ago | (#38846523)

Aneesh Chopra current lieutenant governor of Virginia has introduced the death penalty for on-line piracy bill (DPOP)

Re:This just in (0)

Richard Dick Head (803293) | more than 2 years ago | (#38847719)

And outsourced the executions to his friends at home

That's cool. (0)

Anonymous Coward | more than 2 years ago | (#38846625)

Now hire Lessig or Schmidt.

Big talker, little substance (1)

blahbooboo (839709) | more than 2 years ago | (#38846745)

He gives amazing speeches. Unfortunately, he really doesn't understand computers and it's a joke he was made CTO

Re:Big talker, little substance (3, Funny)

Hatta (162192) | more than 2 years ago | (#38846803)

That sounds awfully familiar somehow.

Re:Big talker, little substance (0)

Anonymous Coward | more than 2 years ago | (#38847019)

+5, Burn

Re:Big talker, little substance (0)

Anonymous Coward | more than 2 years ago | (#38847037)

Careful, or the ACTA guys might sue for copyright infrengement.

Re:Big talker, little substance (4, Informative)

artor3 (1344997) | more than 2 years ago | (#38846921)

Care to give an example to back up your claim? He seemed to do a good job, from the little I saw about him. He was behind the push to bring better internet access to rural areas, expanding access to electronic health records, and he opposed SOPA. For a new position without a very clearly defined set of goals, I'd say he did fine.

Was NHIN his baby? (0)

Anonymous Coward | more than 2 years ago | (#38847133)

Pushing for access to electronic health records as a policy statement is exactly that: big talk without substance.

The NHIN "architecture" is a great example, claiming to solve national scale health record exchange without the taboo national health identifier through an ill-thought broadcast tree for patient demographics searches. Anyone familiar with health IT, computer science, and enterprise computing boondoggles would recognize the stench of failure on that one. It's the emperor's new HIE.

Re:Big talker, little substance (0)

Anonymous Coward | more than 2 years ago | (#38849423)

Dvorak claims that Kundra is a phony:

http://www.dvorak.org/blog/2009/08/12/special-report-is-us-chief-information-officer-cio-vivek-kundra-a-phony/

Re:Big talker, little substance (0)

Anonymous Coward | more than 2 years ago | (#38849597)

Different people dude!

Re:Big talker, little substance (3, Informative)

modmans2ndcoming (929661) | more than 2 years ago | (#38846987)

consolidating the government's Data centers and starting a real push to update the infrastructure to something resembling the 2010's rather than the 1980's is not doing much?

Re:Big talker, little substance (1)

Anonymous Coward | more than 2 years ago | (#38847097)

Given that "cloud computing" is merely "mainframe computing" with a prettier name, the difference between the 1980s and the 2010s is much less than you seem to think it is.

Re:Big talker, little substance (1)

modmans2ndcoming (929661) | more than 2 years ago | (#38847295)

uhh.... it is absolutely NOT mainframe computing. GRID computing, AKA cloud computing, is not even close to time-slice based timeshare processing with dumb terminals connected to the mainframe on a LAN.

anyway... I am talking more about the actual tech....not the computing model.

Re:Big talker, little substance (0)

Anonymous Coward | more than 2 years ago | (#38850135)

And thats why you work in IT, and aren't a architect/manager/well-paid.

For all intensive purposes, its mainframe computing with different guts. Cost of entry is just lower, thats the improvement.

Re:Big talker, little substance (1)

modmans2ndcoming (929661) | more than 2 years ago | (#38851839)

So.... really it is the same topology with different technology....

Good job just agreeing with me.

Re:Big talker, little substance (2, Informative)

Anonymous Coward | more than 2 years ago | (#38847227)

When he was the CTO of Virginia, he made an agreement with Northrop Gruman that setup large systems for the DMV such that if there were any failure in the server area, the entire system--statewide--lost connectivity. It wasn't until the current governor of Virginia took office that the contract was forced to be renegotiated so that we got a better deal.

Similarly thanks to him, the Virginia State Police now rent all of their computers rather than buying them outright, and their systems lack the resources to handle their actual requirements.

Awesome job by him, not only by giving the work to a defense contractor when an in-state business could have absolutely done it better, and likely for less, but for just generally screwing it up.

In short, he left Virginia's infrastructure in a devastated position whenever he touched it because he is a fool in good clothes.

Re:Big talker, little substance (1)

modmans2ndcoming (929661) | more than 2 years ago | (#38847309)

That is pretty bad, but I would have to understand how it came to that rather than assume Northrop Grumman provided him with a list of network topologies and he picked the one with a single point of failure.

Re:Big talker, little substance (0)

Anonymous Coward | more than 2 years ago | (#38847795)

I wouldn't. Sorry.. but the fact that he went ahead with ANYTHING that has a single point of failure for any system intended for use beyond a single, recreactional user is......... fucking ridiculous.

Northrop Grumman didn't need to provide it, maliciously or lazily. Boyo just went with it. Either because he was lazy (points against), incompetent (points against), corrupt (points against), careless (points against), or powerless (potentially neutral).

I cannot envision any circumstances in which he could appear to be doing a good job and yet still let stuff like that through.

Re:Big talker, little substance (1)

modmans2ndcoming (929661) | more than 2 years ago | (#38849387)

Perhaps he bought one thing, they built another and due to a setting in some routers, they discovered that if you bring one part down, everything else comes down? To me that is not something the CTO would just be able to see and if the state did not have any Cisco engineers to validate the work of the contractor, then he had to take the contractor's word for it.

Re:Big talker, little substance (1)

nasirg (2562421) | more than 2 years ago | (#38848717)

I just couldn’t leave your website before telling you that we really enjoyed the quality information you offer to your visitors Will be back often to check up on new posts electronics shop [homesandgardenings.com]

SNAP INTO A SLIM JIM! (-1)

Anonymous Coward | more than 2 years ago | (#38846783)

Spook BackDoors In Cisco Routers
- Older news, but still relevant!!
    Please save this story and repost it everywhere
    Especially in Security Discussion Forum Sites
- You should use OpenBSD or a hardened Linux distro
    For a router, NOT these blackboxes offered with
    proprietary hardware & firmware!

http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html [forbes.com]

"Special Report
Cisco's Backdoor For Hackers
Andy Greenberg, 02.03.10, 01:45 PM EST
The methods networking companies use to let the Feds watch suspects also expose the rest of us.

ARLINGTON, Va. -- Activists have long grumbled about the privacy implications of the legal "backdoors" that networking companies like Cisco build into their equipment--functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don't have particularly strong locks, and consumers are at risk.

In a presentation at the Black Hat security conference Wednesday, IBM ( IBM - news - people ) Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's ( CSCO - news - people ) IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims' online behavior.

But the result, Cross says, is that any credentialed employee can implement the intercept to watch users, and the ISP has no method of tracking those privacy violations. "An insider who knows the password can use it without an audit trail and send the data to anywhere on the Internet," Cross says.

Cross told Cisco about his findings in December 2008, but with the exception of the patch Cisco released following the revelation of its router bug in 2008, the security flaws he discussed haven't been fixed. In an interview following Cross' talk, Cisco spokeswoman Jennifer Greeson said that the company is "confident in its framework." "We recognize that security is complicated," she said. "We're looking at [Cross'] findings and we'll take them into account."

Cisco isn't actually the primary target of Cross' critique. He points out that all networking companies are legally required to build lawful intercepts into their equipment.

Special Report
Cisco's Backdoor For Hackers
Andy Greenberg, 02.03.10, 01:45 PM EST
The methods networking companies use to let the Feds watch suspects also expose the rest of us.

ARLINGTON, Va. -- Cisco, in fact, is the only networking company that follows the recommendations of the Internet Engineering Task Force standards body and makes its lawful intercept architecture public, exposing it to peer review and security scrutiny. The other companies keep theirs in the dark, and they likely suffer from the same security flaws or worse. "Cisco did the right thing by publishing this," says Cross. "Although I found some weaknesses, at least we know what they are and how to mitigate them."

The exploitation of lawful intercept is more than theoretical. Security and privacy guru Bruce Schneier wrote last month that the Google ( GOOG - news - people ) hackings in China were enabled by Google's procedures for sharing information with U.S. law enforcement officials. And in 2004 and 2005, a group of hackers used intercept vulnerabilities in Ericsson ( ERIC - news - people ) network switches to spy on a wide range of political targets including the cellphone of Greece's prime minister.

All of that, argues IBM's Cross, means that Internet-related companies need to be more transparent about their lawful intercept procedures or risk exposing all of their users. "There are a lot of other technology companies out there that haven't published their architecture, so they can't be audited," he said in his Black Hat talk. "We can't be sure of their security as a result."

- http://search.forbes.com/search/colArchiveSearch?author=andy+and+greenberg&aname=Andy+Greenberg [forbes.com]

(C) forbes.com

Lest we forget Part 1:

https://www.networkworld.com/community/node/57070 [networkworld.com]

"Cisco backdoor still open
IBM researcher at Black Hat says opening for Feds exposes us
By Jim Duffy on Wed, 02/03/10 - 5:33pm.

The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.

This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.

In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports.

What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.

Cisco said it is aware of Cross's assertions and is taking them under consideration. To Cisco's credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse."

Lest we forget Part 2:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username [cisco.com]

"Cisco Security Advisory
A Default Username and Password in WLSE and HSE Devices
Advisory ID: cisco-sa-20040407-username
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username [cisco.com]
Revision 1.4
For Public Release 2004 April 7 16:00 UTC (GMT)
Contents

        Summary
        Affected Products
        Details
        Vulnerability Scoring Details
        Impact
        Software Versions and Fixes
        Workarounds
        Obtaining Fixed Software
        Exploitation and Public Announcements
        Status of This Notice: Final
        Distribution
        Revision History
        Cisco Security Procedures

Summary

A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled. There is no workaround.

This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username [cisco.com] .

Affected Products

This section provides details on affected products.
Vulnerable Products

These products are vulnerable:

        The affected software releases for WLSE are 2.0, 2.0.2 and 2.5.
        The affected software releases for HSE are 1.7, 1.7.1, 1.7.2 and 1.7.3.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by these vulnerabilities.

Details

A hardcoded username and password pair is present in all software releases for all models of WLSE and HSE devices.

This vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa11583 ( registered customers only) for the WLSE and CSCsa11584 ( registered customers only) for the HSE.

CiscoWorks WLSE provides centralized management for the Cisco Wireless LAN infrastructure. It unifies the other components in the solution and actively employs them to provide continual "Air/RF" monitoring, network security, and optimization. The CiscoWorks WLSE also assists network managers by automating and simplifying mass configuration deployment, fault monitoring and alerting.

Cisco Hosting Solution Engine is a hardware-based solution to monitor and activate a variety of e-business services in Cisco powered data centers. It provides fault and performance information about the Layer 2-3 hosting infrastructure and Layer 4-7 hosted services.

Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html [cisco.com] .

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss [cisco.com] .

Impact

Any user who logs in using this username has complete control of the device. One can add new users or modify details of the existing users, and change the device's configuration. Here are some more concrete examples of possible actions:

        For WLSE this means that an adversary can hide the presence of a rogue Access Point or change the Radio Frequency plan, potentially causing system-wide outages. The first action may cause long term loss of information confidentiality and integrity. The second action can yield Denial-of-Service (DOS).
        For HSE this may lead up to illegal re-directing of a Web site with the ultimate loss of revenue.
        In both cases the device itself may be used as a launching platform for further attacks. Such attacks could be directed at your organization, or towards a third party.

Software Versions and Fixes

When considering software upgrades, also consult http://www.cisco.com/go/psirt [cisco.com] and any subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance.

For WLSE, users need to install the WLSE-2.x-CSCsa11583-K9.zip patch. The patch can be downloaded from http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng [cisco.com] ( registered customers only) . Installation instructions are included in the accompanying README file, WLSE-2.x-CSCsa11583-K9.readmeV3.txt, in that same download directory. This patch is applicable to WLSE 1105 and 1130 software releases 2.0, 2.0.2 and 2.5.

For HSE, users need to install the HSE-1.7.x-CSCsa11584.zip patch. The patch can be downloaded from http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol [cisco.com] ( registered customers only) . Installation instructions are included in the accompanying README file, HSE-1.7.x-CSCsa11584.readme.txt, in that same download directory. This patch is applicable to HSE 1105 for versions 1.7, 1.7.1, 1.7.2, and 1.7.3.
Workarounds

There is no workaround.

Obtaining Fixed Software

Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/sw-license-agreement.html [cisco.com] , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml [cisco.com] .

Do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.

Customers with Service Contracts

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com./ [www.cisco.com]
Customers Using Third-Party Support Organizations

Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.

The effectiveness of any workaround or fix is dependent on specific customer situations such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers Without Service Contracts

Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.

        +1 800 553 2447 (toll free from within North America)
        +1 408 526 7209 (toll call from anywhere in the world)
        e-mail: tac@cisco.com

Have your product serial number available and give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.

Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml [cisco.com] for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

Status of This Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

Distribution

This advisory will be posted on Cisco's worldwide website at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username [cisco.com] .

In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.

        cust-security-announce@cisco.com
        bugtraq@securityfocus.com
        first-teams@first.org (includes CERT/CC)
        cisco@spot.colorado.edu
        comp.dcom.sys.cisco
        firewalls@lists.gnac.com

Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

Revision History

Revision 1.4

2004-April-12

Fixed URL for Cisco.com Downloads under Obtaining Fixed Software section.

Revision 1.3

2004-April-08

Updated Software Versions and Fixes section.

Revision 1.2

2004-April-08

Updated to include WLSE 1105 in Software Versions and Fixes section.

Revision 1.1

2004-April-07

Correction in the Obtaining Fixed Software section.

Revision 1.0

2004-April-07

Initial public release.

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html [cisco.com] . This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt [cisco.com] ."

http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html?feed=rss_technology_security [forbes.com]

Cisco handholds hackers to backdoor
Routers are vunerable to wiretapping flaw
By Spencer Dalziel
Fri Feb 05 2010, 14:39

AN INSECURITY EXPERT at IBM reported to the Black Hat conference that he discovered Cisco routers are vulnerable to a potential surveillance backdoor.

According to Arstechnica, Tom Cross, security systems researcher at IBM, gave a presentation exposing the backdoor to demonstrate how the 'lawful intercept' function in Cisco's system can be targeted by hackers to gain access to data flowing through the routers.

Hackers aren't blocked after failed attempts to access a Cisco router and notification alerts aren't sent to the administrator. Making matters even worse, ISPs can't detect and track who the culprits might be because their employees aren't allowed to detect and intercept.

It is not entirely Cisco's fault. The 'lawful intercept' function was deployed after a US Federal Communications Commission (FCC) ruling a few years ago that allowed wiretapping by law enforcement agencies on all networking hardware. All telecommunications vendors had to build monitoring solutions into their hardware.

However this ruling meant all equipment with the lawful intercept functions had gaping holes that left them open to back door surveillance attacks.

Cross told Cisco about the problem in December and it issued a patch. But there are still a lot of vulnerable systems out there because network administrators haven't applied the patch.

Cisco's wiretapping system open to exploit, says researcher
By John Timmer | Published February 4, 2010 6:20 PM

To meet the needs of law enforcement, most telecommunications equipment includes hardware and software that allow for the monitoring of traffic originating with the targets of investigations. The precise capabilities are often dictated by formalized standards, which allow any hardware maker to implement a compliant system. Unfortunately, these standards often leave the hardware wide open to various attacks that leave regular users vulnerable, and provide savvy surveillance targets the opportunity to evade the snooping. An IBM researcher has put Cisco's system under the microscope at a Black Hat Conference, and found it comes up short.

Although the standard was designed to put Cisco hardware in compliance with EU directives, it has apparently been adopted by a number of other hardware makers. The presentation, described in detail by Dark Reading, describes how its reliance on SNMPv3, creates a variety of options for attack. For example, the protocol was initially vulnerable to a brute force attacks on its authentication system; although Cisco has patched that flaw, there's no way to determine how many unpatched machines remain in the wild.

SNMP also defaults to operating over UDP, and it's relatively easy to spoof things like the source address and port for that protocol. It's possible to use TCP instead, and even limit the addresses that can access the hardware, but the protocol doesn't specify either of these. Communications aren't encrypted by default, and the system won't notify administrators when a trace is activated or disabled, meaning that hackers could potentially set up or eliminate surveillance without anyone being aware of it.

The IBM researcher, Tom Cross, notified Cisco of the issues back in December, and recommends revisions to the standard that will ensure that it is more secure by default. That might be helpful, but it still wouldn't deal with the problems posed by unpatched systemsâ"Cross himself apparently recognizes that network administrators can be hesitant to risk the disruption of service that may come with updating major pieces of equipment.

Aneesh Chopra (0)

Anonymous Coward | more than 2 years ago | (#38846871)

It's uncanny how these endless parade of underachieving posers can in three short years flush through the administrative revolving door and make our government is so much more efficient and accomplished.
One can only look in awe how America can continue to find such endless supply of underachieving posers, sorry I mean talents.

Re:Aneesh Chopra (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38846983)

And yet, it is better than it has been in almost a decade. The last admin took a great economy, peacetime, no defict, and then created world wars all over, ran up massive deficits and destroyed western economies while sending the jobs to China, North Korea, Vietnam, Venezuela, and even Iran.

Re:Aneesh Chopra (0)

Anonymous Coward | more than 2 years ago | (#38847075)

endless parade of underachieving posers

I thought this one was the shoplifter [wikipedia.org] , but I guess he already left. Hard to keep all these Indians straight.

Tango Down! (0)

Anonymous Coward | more than 2 years ago | (#38846911)

The White House has responded to two petitions about legislative approaches to combat online piracy. In their response, Victoria Espinel, Intellectual Property Enforcement Coordinator at Office of Management and Budget, Aneesh Chopra, U.S. Chief Technology Officer, and Howard Schmidt, Special Assistant to the President and Cybersecurity Coordinator for National Security Staff stress that the important task of protecting intellectual property online must not threaten an open and innovative internet.

That's what happens when you DARE stand up against the Mighty MPAA and Ruling RIAA. One down, two to go. See that, Larry page? How about you, Jimmy Wales? Like your jobs?

Pirate Party (2)

tidepool (137349) | more than 2 years ago | (#38846927)

Honestly,

This is why we (the US) needs a far more established 'Pirate Party' (Yes, the name is terrible, but the ideas behind it, I'm sure many agree with) so a shown to others, able-bodied, pool of candidates would already be present.

True, the chances of hell of actually being voted in to such a position would be slim to none, however, it is a good catalyst for said party to bring ideas and ideals to attention to the general public.

Mass. and I believe another state has an officially registered party -- Where are all the other states? Let's GO people!

Re:Pirate Party (0)

Anonymous Coward | more than 2 years ago | (#38847003)

Pffffff.... talk about names.

Republican Party -- so they want to rise up against the King of America?
Democratic Party - -that's so we have a clear alternative for the Totalitarian Party of Overlords?

On topic: FIRST you need a national Pirate Party, you have it: www.pirate-party.us (USPP). Within that organization, start looking for volunteers to set up "locals". Then use websites like reddit, slashdot and facebook to find members. http://en.wikipedia.org/wiki/United_States_Pirate_Party#State_parties is not very encouraging. This is the time to set things up, while the SOPA/PIPA fire is still hot.

Shameless plugs:
Pirate Party radio: http://www.rantmedia.ca/piratepartyradio/
NoSafeHarbor - a book published by the USPP, available under CC, if you want to check it out, start with Rick Falkvinge's chapter: http://www.nosafeharbor.com/

Re:Pirate Party (0)

Anonymous Coward | more than 2 years ago | (#38847095)

Republican Party -- so they want to rise up against the King of America?

Republicans hate the French ('freedumb fries'), you know, so that's clearly why they're in love with a thrice-damned Corsican.

Re:Pirate Party (1)

tidepool (137349) | more than 2 years ago | (#38847101)

Thank you for correcting some of my ignorance! I've read about a few Euro-based in the news, but came up rather lacking at home. I actually have already ordered the physical print copy from amazon the other day; It should be here Monday. (I figure it's worth actually purchasing).

Also, you're absolutely right about the time-frame of things -- Now is the time.

Re:Pirate Party (0)

Anonymous Coward | more than 2 years ago | (#38851131)

Hear, Hear!

In fact, given all the headlines lately, I nominate.....

.

.

ANONYMOUS Party!

The reason why is. (1)

wbr1 (2538558) | more than 2 years ago | (#38847027)

He got tired of administering (ignoring) the We The People petition site. That is a hard job.

Sounds about right (1)

dave562 (969951) | more than 2 years ago | (#38847833)

That seems to be par for the course when it comes to "super star IT staff". They tend to last 2-4 years where ever they go, and then they're off on whatever the next shiny thing their ADHD brain latches onto.

Just like Steve Chen? (1)

gelfling (6534) | more than 2 years ago | (#38847913)

Every technical/technological post this and the prior admin has tried to staff has crashed and burned. The White House understands generally, what lobbyists and Congressional staffers tell them to understand. If it doesn't have to do with posturing about either giving stuff to poor people or pretending to give educational things to the teachers of some target group it doesn't mean squat.

Remember with the appointment of Steve Chen we were going to have algae powered teleportation in 3 years? Yeah how did that Nobel Laureate work out?

Revolving Door Spins Faster (-1)

Anonymous Coward | more than 2 years ago | (#38848001)

Looks like the Exodus is gaining momentum.

Not a loss at all although.

This faggot got his fag and then some.

State of Obama = Titanic! Best to have a fist full of dollars in one hand and a Colt 45 in the other hand to secure a seat on the dingy just at the critical moment of imminent sinkage. Obama-boy needs to keep this in mind too ... least he's not left behind.

Not good to be ... behind.

Just another fraud appointee like Vivek Kundra (0)

Anonymous Coward | more than 2 years ago | (#38849839)

Like Vivek Kundra was a political appointee so Obama could suck up to India, and all of their lucrative campaign contributions.

Great post from the dice message boards:

Aneesh Chopra Involved in Washington Scandal

Blue Virginia: Congratulations to Aneesh ChopraApr 17, 2009 ... Posted by Lowell at 7:55 PM. Labels: Aneesh Chopra, Technology ... From Washington, VA to Washington, DC: Tracking Local Food. 4 hours ago ... Schools for Scandal. 7 hours ago. Too Conservative ...
bluevablog.blogspot.com/2009/04/congratulations-to-aneesh-chopra.html - Similar pages

Federal EyeJeffrey Zients and Aneesh Chopra have been tapped to serve as the federal ... Zients is a Washington-based entrepreneur connected to several local companies: ... a scandal-plauged agency suffering from low morale and concerns about its ...
voices.washingtonpost.com/federal-eye/?hpid=news-col-blog-viewall - Similar pages

He's No Technologist, But Moves in Tech CirclesAneesh Chopra studied health care policy and is a policy junkie. ... and last month its chief executive, Robert A. McCormick, resigned following a scandal over $241000 in ... Washington's technology community fared quite well in 2005. ...
www.washingtonpost.com/wp-dyn/content/article/2005/12/28/AR2005122801491_2.html - Similar pages

Federal EyeJeffrey Zients and Aneesh Chopra have been tapped to serve as the ... In addition to reporting duties for Federal Eye and the pages of The Washington Post, .... in Holder's office because of his resignation amid the Watergate scandal. ...
www.washingtonpost.com/federaleye/ - Similar pages

More results from www.washingtonpost.com
Obama tech pick on leave after raids - Washington TimesMar 12, 2009 ... VA's secretary of technology is a guy named Aneesh Chopra. ... The IT community in the Washington D.C. region full well knows that in the ...
www.washingtontimes.com/news/2009/mar/12/fbi-searches-office-obama-choice-information-chief/ - 43k - Cached - Similar pages

OLIVER NORTHANEESH CHOPRA Feb 12, 2008 ... By Oliver North. ... Fox News & Oliver North Involved with U.S. Afghanistan Massacre Cover-up. ... Oliver North , Political Scandal Figure / Radio Personality Born: 7 October 1943 ... North is sworn in before the House Foreign Affairs Committee on Capitol Hill in Washington, . ...
www.donotbreak.com/lux/?oliver-north/ - 34k - Cached - Similar pages

Washington ExecutiveBiz Event Series - Premier Events for ...Bahman Atefi has been involved in over 11 acquisitions within the last ten .... Join ExecutiveBiz and Virginia's Secretary of Technology Aneesh Chopra for ...
www.executivebiz.com/events-eb.php - 63k - Cached - Similar pages

Consumer Electronics Association Statement on White House CTO ...“CEA commends President Obama for the selection of Aneesh Chopra as the nation’s first Chief ... CEA Washington Forum. April 21-23, 2009, Washington, DC ...
money.aol.com/article/consumer-electronics-association/284727 - 13 hours ago - Similar pages

CNN Political Ticker: All politics, all the time Blog Archive ...WASHINGTON (CNN) - President Obama named two additional members of his executive team ... Officer and Aneesh Chopra will serve as Obama's Chief Technology Officer. ... Chopra currently serves as Virginia's Secretary of Technology under Gov. ... Any bets on how long it will be before a Tax scandal or a "Pay to Play" ...
politicalticker.blogs.cnn.com/2009/04/18/obama-names-performance-and-technology-czars/ - 14 hours ago - Similar pages

Politics and Government - White House and Congress - Breaking News ...After pledges to change Washington, the president’s early willingness to deal or fold has left pundits and ... In State Pension Inquiry, a Scandal Snowballs ... O'Reilly Radar. Why Aneesh Chopra is a Great Choice for Federal CTO ...
www.nytimes.com/pages/politics/ - Similar pages

stepping down (1)

slick7 (1703596) | more than 2 years ago | (#38852391)

When you can walk, walk away. When you can't walk away, run.
Finally, someone who has the guts to divest themselves before the O'bama, Bush, Clinton crime cabal has the floor drop out from under them.
Life: the time between the floor dropping and the rope going taut.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?