Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Classified Cyber-Security Directive Puts NSA In Charge

kdawson posted more than 6 years ago | from the more-ears-right-here-at-home dept.

Security 109

dpreformer sends word that President Bush signed a classified directive Jan. 8 (it only came to light this week) putting all cyber-defense and counter-offensive activity for government networks under the aegis of the National Security Agency. Previously, federal agencies had disparate intrusion and attack monitoring programs. The directive does not address private-sector networks and systems. While some lawmakers and civil-rights advocates are unhappy with expanding the NSA's role domestically, one alternative that was considered and rejected — putting Homeland Security in charge — might have been worse. "A proposal last year by the White House Homeland Security Council to put the Department of Homeland Security in charge of the initiative was resisted by national security agencies on the grounds that the department, established in 2003, lacked the necessary expertise and authority. The tug-of-war lasted weeks and was resolved only recently, several sources said."

Sorry! There are no comments related to the filter you selected.

Centralising and Consolidating (1)

AndGodSed (968378) | more than 6 years ago | (#22195138)

It might not be TOO bad of a move. Making one agency group head of related projects might make it more efficient. Uh, this being a government agency might just blow my theory out of the water though...

"Worse?" (0)

Jeremiah Cornelius (137) | more than 6 years ago | (#22195196)

Worse. a relative evaluation of the possible alternatives - begging the question:
"Worse, for whom?"

By the way - welcome to East Germany!

You mean, "Raising the question." (1)

n6kuy (172098) | more than 6 years ago | (#22195622)

Begging the question [wikipedia.org] means something else.

Re:You mean, "Raising the question." (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22195752)

In recent decades, the term has also been used to mean raising the question. This meaning describes a rather broad fallacy (or incomplete explanation) that occurs when the evidence given for a proposition is in as much need of proof as the proposition itself. The more accepted classification for such arguments is as a fallacy of many questions.
Recent decades.

Re:You mean, "Raising the question." (0)

Anonymous Coward | more than 6 years ago | (#22200014)

In recent decades, the term has also been used to mean raising the question
by the same people who say "nucular" for "nuclear" and "computer" for "monitor".

Lifetime of USA classified secrets: 18 days (2, Insightful)

mosel-saar-ruwer (732341) | more than 6 years ago | (#22195328)


dpreformer: President Bush signed a classified directive Jan. 8

Ellen Nakashima; Washington Post Staff Writer; Saturday, January 26, 2008; A03: ...According to congressional aides and former White House officials with knowledge of the program, the directive outlines measures collectively referred to as the "cyber initiative," aimed at securing the government's computer systems against attacks by foreign adversaries and other intruders...

January 26 - January 8 = 18 days.

I.e. it takes less than three weeks for "Congressional Aides" to leak our most sensitive secrets to our enemies.

I don't know why we even bother to have secrets.

In fact, the level of treason in Washington DC is so high these days that I don't even know why we bother to have a military or an NSA.

We might as well just run up the white flag and let the Chinese enslave & sodomize us.

Re:Lifetime of USA classified secrets: 18 days (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#22195488)

Treason to Bush?

Re:Lifetime of USA classified secrets: 18 days (3, Insightful)

The Anarchist Avenge (1004563) | more than 6 years ago | (#22195588)

You want a government obsessed with keeping secrets from its people? I hear North Korea is looking for sympathetic American people to use for propoganda, maybe you should go there and let us over here have some measure of transparency in our government. I'm goddamn thankful that this was leaked, I personally like to know where my tax dollars are going. You're right though, the level of treason in Washington is unacceptably high, but it's the corrupt politicians selling us out for money and power, not the aides leaking information like this, who are the traitors to the American people.

Re:Lifetime of USA classified secrets: 18 days (1)

louisadkins (963165) | more than 6 years ago | (#22198756)

I was under the impression that the new program started by NKorea specifically excluded Americans..

Re:Lifetime of USA classified secrets: 18 days (1)

nuzak (959558) | more than 6 years ago | (#22197162)

> the level of treason in Washington DC is so high these days

Indeed, but we still keep the chief executive in office.

Leave my country you fucking jackboot thug.

Re:Lifetime of USA classified secrets: 18 days (1)

Devoidoid (1207090) | more than 6 years ago | (#22198284)

Our enemies are Washington Post Staff Writers?

Re:Lifetime of USA classified secrets: 18 days (1)

mosel-saar-ruwer (732341) | more than 6 years ago | (#22200536)


Yes.

As eerie as it is... (5, Interesting)

Lally Singh (3427) | more than 6 years ago | (#22195148)

The NSA's probably the most qualified. Friends of mine who've worked there are some of the brightest people I know.

That said, I'm still pretty unhappy with them over the domestic spying. They really should have known better --- the damage to the democracy far outweighs the security loss involved. Thankfully my friends stopped working there before all this started... well AFAIK, clearances & all.

This is essentially an official statement, as I'm sure they're reading it right now.

Re:As eerie as it is... (2, Funny)

iknownuttin (1099999) | more than 6 years ago | (#22195224)

Friends of mine who've worked there are some of the brightest people I know. ...

Thankfully my friends stopped working there before all this started..

So, it's just the evil geniuses who are left?

Re:As eerie as it is... (3, Insightful)

Amorymeltzer (1213818) | more than 6 years ago | (#22195238)

It seems like the impetus for this is to give the NSA greater powers to protect the government from "cyber-attacks." In that vein, it's a smart move - hell, it is the National Security Agency.

I doubt it's that contained. The government protecting itself by better monitoring its own channels is obvious, but it's hard to disconnect the NSA from their past. As TFA said, "The NSA has particular expertise in monitoring a vast, complex array of communications systems..." This whole thing sounds to me like steps to make their dubious actions more allowable. That's how you'd start it anyway, first declare the NSA in charge of protecting the government. Then, since "90% of the threat" lies in the private sector, it needs to protect that. And so on.

At the very least, though, it's nice to know that some things are being done to make some of the important machines more secure.

Re:As eerie as it is... (0)

Anonymous Coward | more than 6 years ago | (#22195410)

You hang on to NY Times soundbites, but you're dead wrong. They've done no domestic eavesdropping in spite of the great headlines. They were listening to international calls. The only sketchy part is saving the nation millions of dollars by intercepting them on US soil instead of tapping the fiber 12 miles offshore. It is sad that the most scrupulous of the national agencies is the most maligned, but facts have no meaning to the media whores.

Re:As eerie as it is... (1)

Lally Singh (3427) | more than 6 years ago | (#22195532)

What about the big taps in the AT&T internet backbone links?

Re:As eerie as it is... (1)

SpaceLifeForm (228190) | more than 6 years ago | (#22195698)

They are not secure. Ask any terrorist with a backhoe.

Re:As eerie as it is... (1)

Lally Singh (3427) | more than 6 years ago | (#22196412)

I believe you. My point was that those taps go beyond the international phone call claim that the OP had.

Re:As eerie as it is... (1)

faraway (174370) | more than 6 years ago | (#22195714)

That's great news! More reason not to give the telecoms retroactive immunity: they don't need protection because they did nothing wrong.

Re:As eerie as it is... (4, Insightful)

rhizome (115711) | more than 6 years ago | (#22195448)

The NSA's probably the most qualified.

That may be so, but it doesn't speak to the fact that this move is designed to remove domestic surveillance from judicial review. If the NSA gets it, nobody will ever find out about any abuses, not to mention that the NSA is a policy agency and this kind of "protection" would be better put to a military arm of the government.

Re:As eerie as it is... (2, Informative)

briancnorton (586947) | more than 6 years ago | (#22195886)

NSA is DOD Agency

Re:As eerie as it is... (1)

rhizome (115711) | more than 6 years ago | (#22196176)

NSA is DOD Agency

Staffed and run by a lot of political appointees.

No political appointees at NSA (3, Informative)

Derling Whirvish (636322) | more than 6 years ago | (#22197226)

>>NSA is DOD Agency

>Staffed and run by a lot of political appointees.
There are no -- as in none -- political appointees [akamaitech.net] at NSA. Not a one.

Re:No political appointees at NSA (2, Insightful)

rhizome (115711) | more than 6 years ago | (#22197496)

There are no -- as in none -- political appointees at NSA. Not a one.

I think it's a quibble to say that politics haven't played a role in the nomination and confirmations of Negroponte and McConnell, among others.

Neither of those are at NSA. (1)

Derling Whirvish (636322) | more than 6 years ago | (#22197806)

I think it's a quibble to say that politics haven't played a role in the nomination and confirmations of Negroponte and McConnell, among others.
Neither of those are working at NSA in any capacity. Negroponte is the Deputy Secretary of State and before that he was the Director of National Intelligence. Neither position is in the National Security Agency. Mike McConnell is the current Director of National Intelligence, having previously served as the Director of the NSA having been appointed as such by the Department of Defense like any other flag command position in the military commanded by a general or admiral. But that still doesn't make anyone at NSA a political appointee. It would be like saying that since Richard Carmona was appointed Surgeon General from his position as chairman of the State of Arizona Southern Regional Emergency Medical System (ASREMS) that the ASREMS has political appointees in it. Absurd.

The NSA is a DoD agency with no vacancies that are filled by political appointment. There are NO political appointees in it. None. Not a one. Not now. Not ever.

Re:Neither of those are at NSA. (1)

sgt_doom (655561) | more than 6 years ago | (#22203374)

The NSA is a DoD agency with no vacancies that are filled by political appointment. There are NO political appointees in it. None. Not a one. Not now. Not ever.

Dood, in the case in which you haven't been paying attention - and by your remarks that would appear to be the case - NSA has (along with CIA, DIA, CIFA, DTO, etc., etc., etc.) outsourced many, far too many of its intel functions, thanks in part to the Bush administration - although it started back in the Clinton era. So, its fundamentally a moot point, unless you are familiar with all those private contractors......

Re:As eerie as it is... (1)

fluffy99 (870997) | more than 6 years ago | (#22197954)

They aren't a DOD agency in the normal sense. They have a flag officer, but they are outside of DOD for all intents and purposes. The DOD already has a joint network protection group (JTF-GNO) and they are monitoring and protecting their networks across the three branches fairly well now. NSA provides input and expertise, but they aren't doing any of the actual work. The agency that is supposed to be doing this is DISA, but their too screwed up to do anything but manage the telco stuff (and poorly at that). This initiative is probably aimed at all the non-military Federal governments that have a crappy track record of protecting and monitoring their networks. If I had to guess, I'd say the initiative calls for putting all of the federal agencies on their own network and get down to a couple of easy to monitor and protect, internet access points like the DOD did.

Personally, I'm all for having NSA monitor for attack activity and actually having the ability to stop an ongoing attack originating from outside of the US. One problem is that these attack can, and frequently do, originate from compromised computers within our borders. At that point, it becomes a question of whether you call it monitoring or spying.

Re:As eerie as it is... (1)

n0-0p (325773) | more than 6 years ago | (#22198638)

They aren't a DOD agency in the normal sense. They have a flag officer, but they are outside of DOD for all intents and purposes. The DOD already has a joint network protection group (JTF-GNO) and they are monitoring and protecting their networks across the three branches fairly well now. NSA provides input and expertise, but they aren't doing any of the actual work.
Wow, someone should really tell that to the half of the NSA in the Information Assurance Directorate [nsa.gov] , not to mention the military units that comprise roughly 50% [nsa.gov] of the agency's staff. Because your comment makes me think they're really confused about who they are and what their mission is.

Re:As eerie as it is... (1)

fluffy99 (870997) | more than 6 years ago | (#22198856)

Read what I wrote again. It didn't dispute that they fall under the Secretary of Defense and were not technically a DOD agency. While they do fall under the Secretary of Defense, and have military personnel, they are outside of the normal DOD functions and function a bit more like a sole-source contractor for the functions they provide the military (intel, comsec, IA functions). They provide services to the army/navy/airforce but do not answer directly to them.

Re:As eerie as it is... (1)

n0-0p (325773) | more than 6 years ago | (#22200618)

I'm not sure what exactly you mean. The SID half of NSA is the hub of the signals intelligence and information operations mission for the DoD. Ft Meade houses the SigInt and IO hub for every branch of service, including the 704th Military Intelligence Brigade, Naval Network Warfare Command, 694th Intelligence Group, and Marine Cryptologic Support Battalion (never ignore the Marines). Then you have the RSOCs and field sites, which are pretty much all military installations, receiving their tasking from and reporting back to the Fort. This always seemed like a pretty standard military structure to me.

The IAD half of NSA is a bit more like you say in that they do function as a service provider, security standards designator, and training institution. However, the SigInt mission accounts for a lot more in the realm of attack monitoring and analysis than I expect you are aware of. Either way, they're still a major component of DoD's information security capabilities. The NSA regularly assesses the security of DoD networks by supporting IG inspections or via organizations like the Red and Blue teams. They are also constantly participating in exercises and training scenarios, such as the Eligible Receiver exercises.

Now, your stance may be based on the fact that DirNSA reports to both the SecDef and the DNI, meaning he has one master outside the DoD. That (and the CIA's existence outside the DoD) is probably the major contributing factor to the creation of DISA in 1960. As the cold war spun up the uniformed services wanted an intelligence agency they could task independently, so they made their own. However, the creation of the NSA/CSS in 1972 added some pretty concrete guarantees to the role of uniformed services, and integrated the NSA more closely into the rest of the DoD.

Basically, I would agree with your position if it was narrowed to IAD and included in some extra caveats concerning training, exercises, and external monitoring. However, your statements certainly don't apply to NSA as a whole.

Re:As eerie as it is... (1)

fluffy99 (870997) | more than 6 years ago | (#22201446)

I was referring to primarily the IAD, which as far as we can tell was the focus of the Directive that Bush signed. As someone else posted, they certainly have the IA expertise and capability on the signint side of the house, but it's not clear if they have the manpower or resources to implement the full scope of the directive. Of course, looking at Bush and Cheney's record there will probably be a sole source contract to Haliburton of EDS to do the actual implementation with Netwarcom or NSA oversight (ala NMCI).

Re:As eerie as it is... (1)

n0-0p (325773) | more than 6 years ago | (#22201674)

That's my big fear also. It's too likely that this is just more pork for someone like EDS or Eagle Alliance. On the off chance it's done correctly, however, I can't think of a better agency to handle it.

Re:As eerie as it is... (1)

rindeee (530084) | more than 6 years ago | (#22197390)

That's because it isn't (designed to remove domestic surveillance from judicial review). It's designed to overcome the broad incompetence among the CND efforts of other departments and agencies within the USG. Sorry, no conspiracy here, just good judgment and (as rare as it is) right thinking.

Re:As eerie as it is... (1)

vaporland (713337) | more than 6 years ago | (#22197792)

'Efficient government' is better as an oxymoron than an actual fact, especially where the NSA is concerned. Do you prefer the cold efficiency of Orwell's "1984", or the loony incompetence of Gilliam's "Brazil"?

From a technical perspective ... (3, Insightful)

ScrewMaster (602015) | more than 6 years ago | (#22195202)

these guys do know what they're doing so far as security is concerned, that's true. The problem here, though, is less one of technical expertise as it is enforcement of standards and security best practices. The NSA would be the one of the best groups, I'd say, to lay out those standards in the first place ... whether they're a wise choice to enforce them is another question entirely. I don't have an answer to that.

Re:From a technical perspective .. tsarkon reports (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22195314)

Tsarkon Reports 9 Step Yoda Grease 9 steps to greasing your anus for Yoda Doll Insertion!
v 4.50.1
$YodaBSD: src/release/doc/en_US.ISO8859-1/yodanotes/9stepprocess.sgml,v 4.50.1 2008/01/25 04:40:45 tsarkon Exp $
  1. Defecate. Preferably after eating senna, ex lax, prunes, cabbage, pickled eggs, and Vietnamese chili garlic sauce. To better enhance the pleasure of this whole process, defecation should be performed in the Return of the Jedi wastebasket for added pleasure. [homestead.com]
  2. Wipe ass with witch hazel, which soothes horrific burns. (Rob "CmdrTaco" Malda certifies that his lips, raw like beaten flank steak from nearly continuous analingus with dogs, are greatly soothed by witch hazel.)
  3. Prime anus with anal ease. [zee-best.com] (Now Cherry Flavored for those butthole lick-o-phillic amongst you - very popular with 99% of the Slashdotting public!)
  4. Slather richly a considerable amount of Vaseline and/or other anal lubricants into your rectum at least until the bend and also take your Yoda Doll [theswca.com] , Yoda Shampoo bottle [homestead.com] or Yoda soap-on-a-rope [homestead.com] and liberally apply the lubricants to the Doll/Shampoo/Soap-on-a-rope.
  5. Put a nigger do-rag [firstlinemfg.com] on Yoda's head so the ears don't stick out like daggers!
  6. Make sure to have a mechanism by which to fish Yoda out of your rectum, the soap on the rope is especially useful because the retrieval mechanism is built in. [homestead.com]
  7. Pucker and relax your balloon knot several times actuating the sphincter muscle in order to prepare for what is to come.
  8. Slowly rest yourself onto your Yoda figurine. Be careful, he's probably bigger than the dicks normally being shoved up your ass! [thegreenhead.com]
  9. Gyrate gleefully in your computer chair while your fat sexless geek nerd loser fat shit self enjoys the prostate massage you'll be getting. Think about snoodling [urbandictionary.com] with the Sarlaac pit. Read Slashdot. Masturbate to anime. Email one of the editors hoping they will honor you with a reply. Join several more dating services - this time, you don't select the (desired - speaks English) and (desired - literate). You figure you might get a chance then. Order some fucking crap from Think Geek. Get Linux to boot on a Black and Decker Appliance. Wish you could afford a new computer. Argue that cheap-ass discount bin hardware works 'just as well' as the quality and premium hardware because you can't afford the real stuff. Make claims about how Linux rules. Compile a kernel on your 486SX. Claim to hate Windows but use it for World of Warcraft. Admire Ghyslain's courage in making that wonderful Star Wars movie. Officially convert to the Jedi religion. Talk about how cool Mega Tokyo is. Try and make sure you do your regular 50 story submissions to Slashdot, all of which get rejected because people who aren't fatter than CowboyNeal can't submit. Fondle shrimpy penis while making a Yoda voice and saying, use the force [toysrgus.com] , padawan, feeel the foooorce [toysrgus.com] , hurgm. Yes. Yes. When 900 years you reach [lemonparty.org] , a dick half as big you will not have. [toysrgus.com]
All in a days work with a Yoda figurine rammed up your ass.

I HAVE A GREASED UP YODA DOLL SHOVED UP MY ASS!

GO LINUX!!

Tux is the result after trimming Yoda's ears off so that Lunix people don't rip themselves a new Asshole

What you can do with you ass after sitting on a GREASED UP YODA DOLL. [theadultpress.com]


y______________________________YODA_ANUS__- [hotlinkfiles.com]
o_________________.'_:__`.________________y [hotlinkfiles.com]
d____________.-.'`.__;___.'`.-.___________o [hotlinkfiles.com]
a___________/_:____\_;__/____;_\__________d [hotlinkfiles.com]
s_,'__""--.:__;".-.";:_:".-.":__;.--""__`,a [hotlinkfiles.com]
e_:'_`.t""--.._'/@.`;___',@\`_..--""j.'_`;s [hotlinkfiles.com]
x______`:-.._J_'-.-'L___`--_'_L_..-;'_____e [hotlinkfiles.com]
________"-.___;__.-"__"-.__:___.-"________x [hotlinkfiles.com]
y____________L_'_/.------.\_'_J___________y [hotlinkfiles.com]
o_____________"-.___"--"___.-"____________o [hotlinkfiles.com]
d______________.l"-:_TR_;-";._____________d [hotlinkfiles.com]
a_________.-j/'.;__;""""__/_.'\"-.________a [hotlinkfiles.com]
s_______v.'_/:`._"-.:_____.-"_.';__`.v____s [hotlinkfiles.com]
e____.-"__/_;__"-._"-..-"_.-"__:____"-.___e [hotlinkfiles.com]
x_.+"-.__:_:______"-.__.-"______;-.____\__x [hotlinkfiles.com]
_v;_\__`.;_; I Yoda Have A _____:_:_"+._;__ [hotlinkfiles.com]
y_:__;___;_;_Greased Up ME In __:_;__:_\:_y [hotlinkfiles.com]
o_;__:___;_:_MY ASS! This Goes__;:___;__:_o [hotlinkfiles.com]
d:_\__;__:__; On FOREVER!______:_;__/__::_d [hotlinkfiles.com]

Ground Control to Yoda Doll Ballad : "Soddity"

Synopsis: --Major Tom goes to the bathroom and shoves a Yoda doll up his ass, and then gimps back to his desk to post AC Trolls on Slashdot. -Yoda Doll to Major Tom. - Yoda Doll to Major Tom. - Take your ex-lax bars and put my do-rag on. - Yoda Doll to Major Tom. - Commencing countdown, rope is on. - Begin insertion and may Goatse's love be with you. -- This is Yoda Doll to Major Tom, - You've rectally been flayed! - And the papers want to know whose shirts you wear. - Now it's time to leave the crapper if you dare. -- This is Major Tom to Yoda Doll, - I'm stepping through the door. - And I'm farting in a most peculiar way! - And my ass looks very different today. - For here... - Am I shitting in the tincan? - Far...too busy posting trolls. -- Slashdot censors you... and there's nothing I can do. -- Uploading one hundred thousand files, - I'm feeling very ill. - I don't think my feces know which way to go. - I can't tell my intestines from spaghetti- - code. Yoda Doll to Major Tom, your prostate's dead, there's something wrong, - Can you hear me, Major Tom? - Can you hear me, Major Tom? - Can you hear me, Major Tom? Can you hear... Am I shitting in the tincan? - My ass like a baboon's - Slashdot censors you - and there's nothing I can do.


The Yoda Pledge

I pledge Allegiance to the Doll
of the Greased Up States of Yodarica
and to the Republic for which it shoves,
one nation under Yoda, rectal intrusion,
with anal lube and ass grease for all.


hello.mpg lyrics.
I'm doin' this tonight ,
You're probably gonna start a fight .
I know this can't be right .
Hey baby come on,
I loved you endlessly ,
When you weren't there for me.
So now it's time to leave and make it alone .
I know that I can't take no more
It ain't no lie
I wanna see you out that door
Baby , bye, bye, bye...

A picture of your ass after YODA. [bmezine.com]

Re:From a technical perspective ... (1)

DanZ23 (901353) | more than 6 years ago | (#22195484)

The NSA would be the one of the best groups, I'd say, to lay out those standards in the first place ...
Sure as hell better than the DHS.

Re:From a technical perspective ... (1)

ushering05401 (1086795) | more than 6 years ago | (#22195926)

Your comment is eerily similar to the argument many of my associates use when justifying who they are voting for.

Is the lesser of two evils no longer evil. Officially sanctioned shrouds of secrecy do not help ensure security, they help ensure the potential for abuse.

I don't like the DHS any more than the NSA, but neither of them can do a better job securing our infrastructure than publically vetted, periodically reviewed network security procedures.

Re:From a technical perspective ... (0)

Anonymous Coward | more than 6 years ago | (#22198786)

Hey Dipshit,
The NSA security standards are, for the most part, publicly aired and vetted. The FIPS standards? Yeah, those, they're public. The whole SElinux thing? Yeah, public source code. Hmm, who's the dick now? You. Let me give you a hint. Their directions for securing networks won't be classified, either. You know why? Because, putting classified information onto unclassified machines compromises the information. Go back to chanting "bush is evil" and believing the tripe you read in the NY Times.

Could be worse, TSA could be in charge... (3, Funny)

BadEvilYoda (935532) | more than 6 years ago | (#22195206)

"Please remove your shoes before boarding the Series of Tubes..."

No shit.... (0)

Anonymous Coward | more than 6 years ago | (#22198426)

The TSA has got to be the biggest collection of the stupidest fjukwits the government ever assembled and given federal badges to. The next administration needs to make sure the very first thing they do, once in office, is not only dismantle the entire TSA and replace it with something better, but make sure that every single employee and appointee of the TSA, and every other government official who created or hired any of the TSA personnel is not ever allowed to hold any federal, state or local government job again for the rest of their lives, and extend that prohibition against public sector employment to the next three generations of their children, grand children, and great grandchildren too.

Classified Governance. (5, Insightful)

Irvu (248207) | more than 6 years ago | (#22195230)

While this is not the most secret of the secretive (for years the very existence of the NSA was a secret) the fact that duties this big were assigned by a classified letter is appalling. When you couple this with the use of National Security Letters to compel the handover of goods to any thug in a trenchcoat it more and more appears that the goal of the present administration is to produce a kingly executive. One where oversight by the public and for the public is nonexistent and the whole process is simply inscrutable to us even as were are expected to knuckle under.

It is also interesting to me that it comes from this president who campaigned on the idea of a less controlling government, a smaller government, one that stayed out of our lives. This was based largely on the accusation that Clinton's favoratism for "Hate Crimes" legislation was an invasion of our privacy. It would be ironic if it was the least bit funny.

What I find is most interesting through is the use of the NSA in this manner. In many ways it is a textbook illustration of the way in which powers and agencies once built simply grow to fill all space they can. The NSA as initially instituted was a cold-war shop with the sole purpose of tapping and securing communications abroad while the existence of the group was a secret (many Americans were not aware of it until the 70's and the publication of the book "The Crystal Palace") it was, like the CIA, clearly setup to operate abroad and to spy on everyone but Americans.

It was, for lack of a better description a tool intended to work with us against others. With this addition that role has formally changed (it practically chainged with the AT&T hypocracy). While the formal change has been a secret the fact of the matter is that ever more of our resources are being turned inwards, onwords. Ever more effort is being expended to spy on us, on Americans with the understanding that our own government fears us as much or more than the rest of the world or at least that our own resources are better spent to attack us than others.

The idea of an executive floating on hostile seas rather than operating in safe waters has one crucial flaw. Dictators fall, and take everything around them, with them.

Re:Classified Governance. (1)

letsief (1053922) | more than 6 years ago | (#22195284)

The summary (and the article) makes this program sound a lot more secret than it is. This has been in the works for a while, pretty openly in fact. A lot of people in the civilian sector of the government knew this was coming down several months ago. I'm not really sure how its going to work technically, nor do I think DHS or the NSA know either. A lot of network traffic, particularly things of a sensitive nature, is encrypted. I don't think civilian agencies are going to want to start handing decryption keys to DHS or even NSA (and no, the NSA can't just crack the crypto algorithms, nor do they have a quantum computer in their basement). In any case, this will probably be a pain for the working people at government agencies, but there's probably nothing to be worried about.

Close, with one subtle difference (3, Informative)

ChePibe (882378) | more than 6 years ago | (#22195642)

The NSA as initially instituted was a cold-war shop with the sole purpose of tapping and securing communications abroad

Close, but not quite, if memory serves.

The NSA's limits were not so much geographical as they were national. The limits are more on foreign targets - whether or not those targets happen to be in the U.S. This would include foreign embassies and consulates on U.S. soil and foreign intelligence agents operating on U.S. soil as well, if memory serves (although much of this falls under the FBI, of course).

The CIA - another agency with a foreign focus - does much the same. It has numerous intelligence officers who interview U.S. citizens who travel to foreign countries of interest when that citizen allows it, run recruiting, and work with their own officers in the UN and in other places. The difference is not so much where the CIA and NSA operate as against whom they operate.

Terrorism throws a big kink in this, as some of the terrorist/terror supporters are U.S. citizens who, however, are acting under the power or inspiration of an ideology that knows no legal boundaries. Have these people given up U.S. citizenship, in a manner of speaking, by pledging their allegiance to a "foreign military"? (look at your passport for how to give up your citizenship) But are terrorist groups, such as Al Qaeda, truly a military? Can terrorists - who act with very different motives, generally have different goals, and who often present a greater risk to life and limb - be treated as mere criminals?

It's a big area of debate at the moment and, unlike many on the web who would come down hard for one side or another, it's not entirely clear what the proper legal or policy answers are to these questions. Most law - international and otherwise - still assumes a type of war that will be increasingly rare for the U.S.; nations facing off against each other with well-identified armies. The simple fact is that war has changed, but the laws and policies are not keeping up with it - and it's doubtful they will be able to adapt with required speed.

Re:Close, with one subtle difference (4, Informative)

TubeSteak (669689) | more than 6 years ago | (#22196254)

Terrorism throws a big kink in this, as some of the terrorist/terror supporters are U.S. citizens who, however, are acting under the power or inspiration of an ideology that knows no legal boundaries. Have these people given up U.S. citizenship, in a manner of speaking, by pledging their allegiance to a "foreign military"? (look at your passport for how to give up your citizenship)
No they haven't.
AFAIK, the only way to currently renounce your citizenship is
(a) from a foreign country
(b) in front of a US diplomatic officer or consular
(c) in writing

You can read more about it at the state dept website
http://travel.state.gov/law/citizenship/citizenship_779.html [state.gov]
http://travel.state.gov/law/citizenship/citizenship_780.html [state.gov]

According to their website, you can join a foreign army as long as you do not do so as an Officer or NCO.

It's a big area of debate at the moment and, unlike many on the web who would come down hard for one side or another, it's not entirely clear what the proper legal or policy answers are to these questions.
It's one thing to discuss "the proper legal or policy answers" may not be clear, the problem is many people don't seem to understand/care wtf the laws say right now.

Mark parent informative (1)

ChePibe (882378) | more than 6 years ago | (#22196266)

Great post, thanks!

Re:Classified Governance. (1)

PsychosisBoy (1157613) | more than 6 years ago | (#22195696)

many Americans were not aware of it until the 70's and the publication of the book "The Crystal Palace"

The book was actually The Puzzle Palace [wikipedia.org] .

Mad King George [was: Re:Classified Governance.] (1, Flamebait)

Maow (620678) | more than 6 years ago | (#22196326)

more and more appears that the goal of the present administration is to produce a kingly executive.


I think this statement cuts to the heart of the matter quite nicely.

I don't know why the Mad King George moniker hasn't been applied before: perfect for the "kingly executive" and harkens back to the Revolution with a nice bit of foreshadowing.

But that's just me thinking out loud...

rb

Re:Classified Governance. (1)

dens (98172) | more than 6 years ago | (#22198446)

...it more and more appears that the goal of the present administration is to produce a kingly executive. One where oversight by the public and for the public is nonexistent and the whole process is simply inscrutable to us even as were are expected to knuckle under.
You mean before this it didn't appear that way? Man, some of you are slow!

That stooge Paller is quoted in the article, again (5, Insightful)

Jeremiah Cornelius (137) | more than 6 years ago | (#22195258)

Does he blow Schmidt and Clarke for a living? Why is he always quoted in these propaganda stories about InfoSec - not Schneier?

"If you're looking for needles in the haystack, you need as much data as you can get because these are really tiny needles, and bad guys are trying to hide the needles."
So what this fascist stooge is saying translates thusly: "When trying to find a needle in a haystack, what you really need is to gather all of the hay in the world into one pile. There's probably some needles in there!"

Bullshit. To find meaninful events, you are critical and selective. When looking for needles in metaphoric haystacks, you are best able to succeed with smaller haystacks. Anyone who has ever performed log analysis understands wht I always called "the bigger haystack problem". Log everything, and finding meaningful occurrences becomes impossible - or at least requiring too much effort for the value of the event.

Paller is a surveillance apologist, masquerading as a "security guru."

P.S. How do you really find a needle in a haystack? With a match.

Re:That stooge Paller is quoted in the article, ag (1)

tjstork (137384) | more than 6 years ago | (#22195372)

P.S. How do you really find a needle in a haystack? With a match.

So, does that mean, if you get all the hay there is, and burn it, you'll find all the needles?

Re:That stooge Paller is quoted in the article, ag (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22195444)

Yes.

Of course, you starve the livestock...

Re:That stooge Paller is quoted in the article, ag (1)

tjstork (137384) | more than 6 years ago | (#22196844)

Yes. Of course, you starve the livestock...

Ah Jerry/Elric, my sweet, thou art the champion eternal! Of course we know however, that for similar reasons, economic sanctions do not work either...

Arioch.

Re:That stooge Paller is quoted in the article, ag (1)

nacturation (646836) | more than 6 years ago | (#22195384)

"If you're looking for needles in the haystack, you need as much data as you can get because these are really tiny needles, and bad guys are trying to hide the needles."
So what this fascist stooge is saying translates thusly: "When trying to find a needle in a haystack, what you really need is to gather all of the hay in the world into one pile. There's probably some needles in there!"
That's one possible interpretation. The other is that since it's practically infeasible for a human to manually sort through a haystack, you need additional information not provided by the haystack itself. Such as if you had eyewitness reports or video footage of the needle-hider placing the needle inside, you could narrow down the search space considerably. You're right that additional haystacks will only make the job harder, but that seems to be an uncharitable characterization (though perhaps true... I've never heard of Paller) of that sentence. Your comment about being best able to succeed with smaller haystacks echoes this -- you get smaller haystacks by having more data that allows you to divide the haystacks intelligently.
 

Re:That stooge Paller is quoted in the article, ag (2, Interesting)

Jeremiah Cornelius (137) | more than 6 years ago | (#22195428)

This is a context thing. Whenever "cybercrime" or "cyberterrorism" is the topic, Paller is unearthed as the rational technology expert - rationailising the unpalatable and invasive loss of liberty that these grave threats require.

You don't see Bruce quoted by the WaPo or WSJ.

Re:That stooge Paller is quoted in the article, ag (1)

nacturation (646836) | more than 6 years ago | (#22195610)

This is a context thing. Whenever "cybercrime" or "cyberterrorism" is the topic, Paller is unearthed as the rational technology expert - rationailising the unpalatable and invasive loss of liberty that these grave threats require.

You don't see Bruce quoted by the WaPo or WSJ.
Perhaps it's true that Paller gets called in for the evil terrorism angle on security issues... creating a crisis sells papers, after all. However, your last point appears to be in error:

6 results for "Bruce Schneier" [google.com] on wsj.com.
3 results for "Alan Paller" [google.com] on wsj.com.

169 results for "Bruce Schneier" [google.com] on washingtonpost.com.
96 results for "Alan Paller" [google.com] on washingtonpost.com.
 

Re:That stooge Paller is quoted in the article, ag (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22195732)

Context is the operative word in my post. :-) I mean to provide supportive information on Government surveillance / fourth ammendment abbrogation.

Re:That stooge Paller is quoted in the article, ag (0)

Anonymous Coward | more than 6 years ago | (#22195986)

Context is the operative word in my post. :-) I mean to provide supportive information on Government surveillance / fourth ammendment abbrogation.

In that case, well duh. The newspaper decided what angle it wanted to go with and found someone to quote who would support that angle. Obviously you're not going to get a sober Schneier to support this kind of junk without some kind of arm-twisting.

Re:That stooge Paller is quoted in the article, ag (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22196152)

Right. Propaganda. Tell the story you want - then find "experts" to support the angle.

Reporting. That might include investigating the motive, historical context and legal/technical ramifications of an event. Where there are significant conflicts of interest or point-of-view, significant advocates of those views are quoted, without providing a platform for advocacy disguised as "news".

Re:That stooge Paller is quoted in the article, ag (2, Interesting)

Adambomb (118938) | more than 6 years ago | (#22195598)

P.S. How do you really find a needle in a haystack? With a match.
Or, assuming a Ferrous needle, a magnet.

It's definitely a strange argument to attempt when really what you need when searching for a needle in a haystack, is a method of needle location that IGNORES THE HAY, not cataloging each and every instance of !needle.

If one is searching for needles amongst haystacks, trying to control the size of the haystack or the number of haystacks seems rather....absurd.... Then the needles that don't want to be found now know exactly which pile to stay out of, even more so than now.

K, i think i've anthropomorphized at random enough for one post. I entirely agree with you except for that last bit, as needle finding tactics should require direct interaction with the hay itself as infrequently as possible.

Re:That stooge Paller is quoted in the article, ag (1)

JRHelgeson (576325) | more than 6 years ago | (#22197968)

No, good security and by extension proper log management is rather like finding a needle, in a stack of needles.

Joel

In soviet russia... (3, Funny)

gl12 (1164635) | more than 6 years ago | (#22195296)

Oh, it doesn't work here. Nevermind.

ENCRYPT NOW! (1)

nurb432 (527695) | more than 6 years ago | (#22195330)

Not that it matters much at this point.

Re:ENCRYPT NOW! (1)

sgt_doom (655561) | more than 6 years ago | (#22202136)

I believe, Citizen nurb432, you have made the most cogent post of any of the clueless posts on this thread:

In case no one has heard, the SAIC has coded the elections/voting software for almost all of the voting machine manufacturers.

In case no one has heard, Hicks & Associates oversees that Total Information Awarness network. Hicks & Associates (Poindexter and Cheney's handpicked boys) is owned by SAIC. TIA has inputs from NSA, NGA and all those intel contractors who happen to be involved with domestic surveillance, evidently no one has heard of al Qaeda being anyplace else but at the American voting booth. Anyone beginning to get the picture?????

Time to Start Encrypting! (5, Informative)

KookyMan (850095) | more than 6 years ago | (#22195344)

The only thing I can say, is I've started some major "learning" about encryption and various other personal privacy applications.

So far, what I've found and like are:
TrueCrypt - "On-The-Fly" Disk/Storage Encryption. [truecrypt.org] Actually, I've been using this for 24 hours and love it. I've also seen great reviews of this, and some of its very interesting features, such as plausible deniability. Oh, and its Free Open Source Software. Available for Windows 2K/2K3/XP/Vista, Linux, and soon MacOS (v5.0, due in Jan 08)
KeePass - Encrypted Password Storage Database. [keepass.info] I've been using this for years, and love it. Also good reviews. If you wish to try it, there are two versions, v1.x and v2.x. v1.x (1.10 being current) is the original independent version. Can be run standalone, no system requirements (.Net or the like). Can be run from a USB Key. v2.x (2.04 being current) is a total rewrite of the application based on the .Net libraries and are required. This version is ALPHA quality and does not yet meet the current functionality of the 1.x branch. This was started due to the fact of people requesting features that would require significant rewrites to implement. Also FOSS. Available for Windows 98/98SE/ME/NT/2K/XP/2K3/Vista 32 and 64 bit. Third party ports also available for PocketPC, Linux, MacOSX, J2ME, Blackberry, PalmOS.
Gnu Privacy Guard - An open source PGP implementation. [gnupg.org] I use a port of this, GPG for Windows [gpg4win.org] . It seems a bit clunky, and am actively looking for something to replace it so suggest away if you do know something better. I will say though that it does work as advertised, and its FOSS. GPG is distributed mainly as source code I believe, where as G4W is as binaries.

People have looked at some of us who use PGP/GPG, and other encryption/digital signatures for a few years with the look of "why do I need that, I have nothing to hide." I keep waiting for people to finally wake up and realize that the concept of "inherent privacy" (meaning anything not actively publicly published is not publicly known) is gone. We have entered the age of "explicit privacy." If you want something to be private, you must make explicitly so, especially on your computer, with these recent news articles of laptops being fair searching territories at Customs, or the reports that the NSA has feeds from AT&Ts offices to intercept everything.

You know NSA breaks those without breaking sweat. (0, Troll)

leftie (667677) | more than 6 years ago | (#22195508)

You do know the NSA supercomputers can crack any of the encryption applications the general public has access to without breaking a sweat, right?

The only people you will be keeping out with any of the above applications is like... maybe your boss, maybe a private investigator a spouse hired to find out if you are exchanging e-mail with someone you are having an affair with. That's it.

Re:You know NSA breaks those without breaking swea (0)

Anonymous Coward | more than 6 years ago | (#22195602)

The key space for AES 256 is pretty big. Even a million keys per second would take an impractical amounts of time.

NSA has back door to all encryption software. (2, Insightful)

leftie (667677) | more than 6 years ago | (#22198668)

You guys are in denial. You think there's a single public encryption application the NSA hasn't got an easily opened back door into?

Ever heard of Crypto AG?

"It may be the greatest intelligence scam of the century: For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries. These nations had bought the world's most sophisticated and supposedly secure commercial encryption technology from Crypto AG, a Swiss company that staked its reputation and the security concerns of its clients on its neutrality. The purchasing nations, confident that their communications were protected, sent messages from their capitals to embassies, military missions, trade offices, and espionage dens around the world, via telex, radio, teletype, and facsimile. They not only conducted sensitive albeit legal business and diplomacy, but sometimes strayed into criminal matters, issuing orders to assassinate political leaders, bomb commercial buildings, and engage in drug and arms smuggling. All the while, because of a secret agreement between the National Security Agency (NSA) and Crypto AG, they might as well have been hand delivering the message to Washington. Their Crypto AG machines had been rigged so that when customers used them, the random encryption key could be automatically and clandestinely transmitted with the enciphered message. NSA analysts could read the message traffic as easily as they could the morning newspaper. The cover shielding the NSA-Crypto AG relationship was torn in March 1992, when the Iranian military counterintelligence service arrested Hans Buehler, Crypto AG's marketing representative in Teheran...."

http://mediafilter.org/caq/cryptogate/ [mediafilter.org]

It's not like people can read through the machine language output of a crypto application to make sure there isn't anything extra that been attached to the output that gives away the key. It's encrypted. it looks like garbage.

All the NSA has to do is either get someone to join the project helping develop the software, or swap the download file with one that includes whatever the NSA wants included. Matter of fact... how do you know the developers of, for example, "true crypt" isn't the NSA itself?

This is the Bush Administration, dude. The most secrecy obsessed White House in US History. They've got the FBI tracking and conducting surveillance like little senior citizen Quaker pacifist groups.

You do realize there's open source versions? (1)

Ayanami Rei (621112) | more than 6 years ago | (#22198938)

You know, the kind you can self-verify are correct and pass all the relevant tests?

The mathematical algorithms are open, the implementations open... there's no reason why you shouldn't be able to find and test an implementation that you feel secure with. Be that twofish or AES, whatever.

The trick is keeping your key material and plaintext (when not encrypted) from being exposed.

Re:You do realize there's open source versions? (1)

leftie (667677) | more than 6 years ago | (#22199562)

I honestly don't think it matters. A determined party with all the resources the US Gov't has can find many, many ways to hide dormant coded instructions in plain sight.

"...Whitespace

What is Whitespace?

        Most modern programming languages do not consider white space characters (spaces, tabs and newlines) syntax, ignoring them, as if they weren't there. We consider this to be a gross injustice to these perfectly friendly members of the character set. Should they be ignored, just because they are invisible? Whitespace is a language that seeks to redress the balance. Any non whitespace characters are ignored; only spaces, tabs and newlines are considered syntax.
What are the advantages of Whitespace?

        Some things which are difficult in other languages are made much easier in Whitespace. For example, literate programming is simply a matter of writing your helpful comments in between program instructions. It's also easy to encrypt your programs. Simply write a misleading comment!

        Whitespace is a particularly useful language for spies. Imagine you have a top secret program that you don't want anyone to see. What do you do? Simply print it out and delete the file, ready to type in at a later date. Nobody will know that your blank piece of paper is actually vital computer code!
What does a typical Whitespace program look like?

        Below is an extract from a program which asks for a name then outputs it (see here for the full script.

Where can I get it?

        There is a prototype Whitespace interpreter available on this site, go to this page to download it. The source code is written in Haskell, or you can get a Linux binary. You can also read a tutorial.
Who is responsible?

        The interpreter was written by someone who shouldn't have stayed up so late, Edwin Brady, and the language was designed by two people who shouldn't have had so much to drink, Edwin Brady and Chris Morris. No doubt Andrew Stribblehill isn't entirely blameless either...."

http://compsoc.dur.ac.uk/whitespace/ [dur.ac.uk]

Now if 3 drunk guys on a binge can figure somthing like this out, what do you think the NSA has you don't know about.

Re:You know NSA breaks those without breaking swea (0)

Anonymous Coward | more than 6 years ago | (#22195616)

Assuming the NSA has that capability, then the only people you would be keeping out of your business is everybody but the NSA. You think your friendly neighborhood police detective, or district attorney, can summon the NSA to decrypt or trace whatever they want? Or more importantly, that gang that stole your laptop and is scanning the disk for credit card numbers.

Maybe the FBI can get a helping hand once in awhile, but for a myriad of technocratic and strategic reasons, it's in the NSA's best interests to keep their tools to themselves. They're not omnipotent, and while criminals might be stupid, do they catch on eventually and alter their tactics.

Most professionals, however, don't believe the NSA can crack RSA, AES or Whirlpool. And in any event, 99 times of out 100 its far easier to circumvent those obstacles. 128-bit AES key is useless when stretched from your 12-character passphrase, with maybe 50-bits of entropy. And don't forget active attacks. How often do _you_ check to see if your laptop cover was removed and a key logger installed? Or if your machine is "phoning home"?

Re:You know NSA breaks those without breaking swea (0)

Anonymous Coward | more than 6 years ago | (#22197364)

Most professionals would not tell you the truth. Some of them still push Windows as being secure. Don't want to believe that NSA can do it? Ever look up the story of Phil Zimmerman and PGP? FTC was prosecuting him, NSA stepped in and had all charges dropped. FTC did not want to do it. After a half hour recess with FTC and NSA, the FTC came back and dropped all charges. And that was in early 90's.

There is a severe lack of logic and intelligence over the last 7 years in America. No wonder we have crooks at the helm.

see above 'NSA has backdoor' post NT (1)

leftie (667677) | more than 6 years ago | (#22198702)

NT

Re:You know NSA breaks those without breaking swea (1)

Rick Bentley (988595) | more than 6 years ago | (#22195852)

mod parent up I use Truecrypt as well, it's a great application. It's also limited to 256-bit keys. Anyone wonder why? It encrypts and decrypts in no time flat, so the small keys aren't for CPU load or anything (well, not for the user's CPU load). It's because that's the biggest key we're allowed to have. I keep Googling around looking for where this rule/law/whatever is published but I never seem to find it. Does anyone have a handy link to where the laws are as to what encryption strength we can and can't have?

Encryption key size myth debunked (0)

Anonymous Coward | more than 6 years ago | (#22197600)

This is the most common myth surrounding encryption. A lot of people assume that a larger key size will make the encrypted data more secure. This is true up to the point where it becomes impractical to try and crack the encryption safeguarding your data.

To use an analogy, imagine a theoretical 1km thick steel reinforced bunker with a 1km thick blast door (completely sealed airtight). Are you going to try and drill away at that 1km thick steel reinforced concrete? Or would you instead target the method for opening the door?

Encryption is a similar circumstance where the Rijndael algorithm with a 128bit key size is equivalent to a 10km thick steel reinforced bunker (probably more - but you get the idea). Are you going to try every key in a brute force attack (drilling through the 10km thick bunker)? Or are you instead going to try and steal the key from the person holding it (coercion/trickery/stealth)?

Additionally, how are you generating your encryption keys? If you're entering a password which you can remember, the weakest point is not the key size but rather the weak point is how you are generating the key. It doesn't matter what key size you're using if you're generating the key from an md5 hash of your password 'qwerty'. Even if you're generating random keys, the weak point is the random number generator itself and how it comes up with random data.

Key sizes have little impact on your level of security because the algorithm is often the most secure part of a security system. Do you know if your attackers have soldered a chip onto your motherboard which records USB bus traffic and transmits data via fluctuations in the electricity cabling in your house to a metallic pipe/bracing that is acting as an antenna? I deliberately use this far fetched movie-plot scenario because it is many times more reasonable than someone cracking 128bit Rijndael.

There's nothing above 256-bits... (1)

Ayanami Rei (621112) | more than 6 years ago | (#22198964)

Because the algorithm doesn't exist.

There are currently no reliable symmetric cyphers that use keysizes greater than 256 bits. They just haven't been written and tested yet, because we don't need them until something drastic happens in math or quantum computing to make guessing that symmetric key feasible.

Other algorithms from PKI are where you see 512, 1024, 2048 bits. These algorithms use math that works in two directions and the security rests on the difficulty of factoring very large numbers. These types of keys are long-term use keys used to prove identity and sign documents, and protect randomly selected encryption keys that are one-time-use between parties. You need those one-time-keys when exchanging a lot of data; you'd use it with the aforementioned symmetric cypher with those smaller 256-bit keys and blocks in that case. It's simultaneously stronger per bit of key, but faster to compute than the PKI encryption.

Re:Time to Start Encrypting! (1)

letsief (1053922) | more than 6 years ago | (#22195782)

Read the article. It says that federal government network traffic will be monitored by the NSA, instead of just being monitored by the individual agencies. Are you planning to send a lot of messages from a government-operated computer network that you don't want anyone to read? If you are, why weren't you just as concerned about that agency's monitoring system catching you? Now, if you do work for the feds and you don't want the NSA to see exactly what you're doing online, your suggested tools won't help you too much. You need to make sure the communications protocol you're using with the other system is using encryption. That is, you visit SSL/TLS enabled websites. I suppose you could use PGP/GPG encryption for e-mails, but that is unlikely to work in most situations. Its mostly too bad webmail services don't use SSL/TLS for anything but sending login information.

The fact that you use Microsoft software (1)

SpaceLifeForm (228190) | more than 6 years ago | (#22195930)

Is your main problem.

NSA WAS doing this prior to W. (0)

Anonymous Coward | more than 6 years ago | (#22195364)

Problem was that W. created DHS and then put all this under them. The ppl inside of DHS are such idiots that they standardized on Windows. NSA (and major parts of DOD as well as CIA) insisted on our systems to be done only on *nix for those that are exposed to the world. The would accept any of the *nix, but prefered Solaris or a couple of Linux's. But DHS did not want to deal with us unless we ported to Windows. It was a joke. We ported parts of it, and showed them performance, and then they wanted our equipment to have at least as good as *nix. It was not even close. Needless to say, no DHS contracts.

All I have to say, is thank God. DHS was total idiots.

The NSA does ensurence as well as interception (0)

Anonymous Coward | more than 6 years ago | (#22195494)

Getting advice from the ensurence arm the NSA seems like a good thing. That part of the NSA is relatively open and does publish things openly and do development of SELinux and should give good advice. The interception side doesn't talk much.

Speaking of the president--SC predictions (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22195544)

Obama 42%
Clinton 30%
Edwards 27%
Gravel 1%. Anybody else want to predict? Post anonymous if you want. Moderate the closest one up!

The Government computer security mess (4, Insightful)

Animats (122034) | more than 6 years ago | (#22195556)

This is basically about internal U.S. Government computer security. The problem is that the last three agencies assigned this task blew it. Early on, computer security was under NIST, which is really the old National Bureau of Standards. They were just an advisory agency on this. There was also an NSA effort, about which more later.

There's a National Cyber Security Division of Homeland Security. When it was set up, it was headed by Amit Yoran, who actually knew something about the subject. He was unpopular because he publicly mentioned the vulnerabilities of Microsoft operating systems as the biggest single problem. So he was replaced by Gregory Garcia, a lawyer and 3COM's lobbyist in Washington, who has accomplished little, if anything.

The General Services Administration, which handles public buildings and purchasing for most of the U.S. Government, has a role in computer security, but they haven't accomplished much. other than some vendor evaluation.

NSA first got into computer security in the 1980s, when I had some dealings with them. They had an institutional problem. First, it wasn't about the USSR, on which NSA used to be narrowly focused. Second, the computer security effort was located at the "Friendship Annex", which was NSA's lower-security facility near Friendship Airport (now BWI). FANX was where NSA's less important stuff was done - personnel, accounting, etc. Being assigned to FANX was a big career step down within NSA.

NSA went at computer security in the same way they went at safes and locks - you build it, they break it. NSA policy on evaluating the security of computer products was that the vendor got two tries. On try one, NSA told the vendor what was wrong. Try two was pass/fail - if they could break it, it flunked, and went on the rejected list. Vendors hated this.

Under heavy pressure from vendors, security evaluation was outsourced to third party companies, and vendors could retry forever until they wore down the evaluators. The higher levels of security (fully verified everything) were dropped from the evaluation criteria.

NSA Secure Linux was a good idea that didn't really catch on. Most Linux people don't get the point of NSA Secure Linux. It's not about making Linux more secure. It's about getting applications rewritten to work under a tight security model. Unless applications are rewritten to have only very small and heavily verified trusted parts, NSA Secure Linux doesn't help much.

Re:The Government computer security mess (1)

letsief (1053922) | more than 6 years ago | (#22195720)

NIST is still has a large role in US government computer security efforts. While NIST's recommendations are advisory in nature, OMB says NIST's recommendations are mandatory in systems that fall outside the realm of national security (the NSA deals with those systems).

Re:The Government computer security mess (1)

MulluskO (305219) | more than 6 years ago | (#22196028)

http://en.wikipedia.org/wiki/FISMA [wikipedia.org]
FISMA is a big deal.

Broadly, what's happening now is an effort to reduce the number of gateways to the Internet. To force every bit in the broader organization to flow through the same pipe. Of course there are bottleneck and performance issues, and if a subgroup has their own discretion over funding they may choose to buy cable or DSL service.

In my view the most important step in the way forward is to limit employees' ability to posses copies of sensitive information. I doubt that in the past any single employee held millions of taxpayer records on his desk or would take said records home. Just because the information is digital doesn't mean it should be so widely distributed.

Re:The Government computer security mess (0)

Anonymous Coward | more than 6 years ago | (#22196224)

"There's a National Cyber Security Division of Homeland Security. When it was set up, it was headed by Amit Yoran, who actually knew something about the subject. He was unpopular because he publicly mentioned the vulnerabilities of Microsoft operating systems as the biggest single problem" - by Animats (122034) on Saturday January 26, @03:44PM (#22195556)
Amit Yoran was WRONG, overall, is why he was unpopular... & though it may make some of you guys ill to admit it (mainly your "Pro-*NIX" crowd here, especially on slashdot)?

Windows CAN be secured, very well, & quite easily!

I say that, simply because Microsoft's modern Windows NT-based OS' (2000/XP/Server 2003 & VISTA) really can be secured well, FAR above their normal defaults, & quite easily (12 steps really), especially using the guidance of the CIS Tool:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA:

http://forums.pcpitstop.com/index.php?s=b6097595b8e510f80524584195472aed&showforum=53 [pcpitstop.com]

The same thing extends to Linux & BSD variants as well guys - even SeLINUX bearing distros, such as the UBuntu/KUBuntu tribe.

(... & the results on that page(s) show that to be the case as well, with photographic proofs (from a /.'er in Bert64 no less, who provided me that much which I put up on that page (Linux run under VMWare results for CIS Tool, before using it & afterwards also))).

APK

Re:The Government computer security mess (1)

_Sprocket_ (42527) | more than 6 years ago | (#22196726)

It looks like you've put a lot of effort in to that document. I haven't gone through it in detail, but I generally think that kind of effort is a Good Thing.

Having said that, I don't think it applies very well as an argument. Yeah - you can secure Windows to a point. There's even been real progress on that realm since the old NT3.51 days. But that doesn't mean Amit Yoran was wrong.

As an aside, you put a lot of value on arbitrary scores. I'm not sure I'd compare CIS benchmark scores from one platform to another. The benchmarks do very different things; and they tend to break systems in interestingly different ways if an admin doesn't pay attention (not that they aren't a darned good starting point).

Re:The Government computer security mess (0)

Anonymous Coward | more than 6 years ago | (#22197308)

They test mostly the same general principals though:

ACL (Windows) vs. MAC (SeLinux) for example, in principal? Are REALLY, the same basic thing/idea! ... & securing them more via policy alterations really is what CIS Tool helps guide you in that endeavor.

(E.G. -> For things UserRights-wise regarding access to most all points of the system (config files, userrights assignments, filesystem, etc. et al (& more))).

The point's NOT really the score vs. other OS platforms so much, as it is for securing yourself + learning HOW to, vs. yourself really & your original OS setup. Showing it is a multiplatform test is NOT for Windows users only, but also for Linux users (especially SeLinux bearing distro users such as the Ubuntu/Kubuntu enjoy - you CAN be far more secured on those too, above & beyond the default policy given you on them).

APK

Re:The Government computer security mess (1)

_Sprocket_ (42527) | more than 6 years ago | (#22198942)

The point's NOT really the score vs. other OS platforms so much, as it is for securing yourself + learning HOW to, vs. yourself really & your original OS setup. Showing it is a multiplatform test is NOT for Windows users only, but also for Linux users (especially SeLinux bearing distro users such as the Ubuntu/Kubuntu enjoy - you CAN be far more secured on those too, above & beyond the default policy given you on them).
I would also note that getting a particular score even on a single platform really misses the point. This isn't a race for a high score. Pushing for that final number (which you do seem to mention a lot) could leave you with an unusable system. Or worse yet, encourage work-arounds that subvert the restrictions placed by CIS benchmarking and in turn leaving the end user with a false sense of security.

I agree that you can lock down a *Nix box from the default install. Exactly what that means depends - the Devil's in the details. I've applied CIS benchmarks to Solaris and Red Hat Enterprise Linux systems. It's been... interesting (in the form of considerable sanity checking - and I'm inclined to favor security). That hasn't made me suddenly shocked at the default state of either OS.

I have to admit I haven't tried applying CIS benchmarks to a SELinux-enabled Linux system. I should try it out some time. Although I would note that just because a Linux distro offers SELinux, it doesn't mean it has the feature enabled. I'm not entirely sure what you mean by "SeLinux bearing distro."

Re:The Government computer security mess (0)

Anonymous Coward | more than 6 years ago | (#22200854)

"I would also note that getting a particular score even on a single platform really misses the point. This isn't a race for a high score." - by _Sprocket_ (42527) on Sunday January 27, @04:02AM (#22198942)
I pretty much said this to you, in my other reply (I did two)... but, I have to disagree on one small "fine point" - it IS a competition, vs. your own self & current setup really.

"Pushing for that final number (which you do seem to mention a lot) could leave you with an unusable system. Or worse yet, encourage work-arounds that subvert the restrictions placed by CIS benchmarking and in turn leaving the end user with a false sense of security." - by _Sprocket_ (42527) on Sunday January 27, @04:02AM (#22198942)
Again, see my other reply - I know you did not read ALL of its content, but, I do cover areas to "look out for" in certain circumstances (such as stand-alone single user machine setups online on the public internet, vs. those in corporate (OR home) LAN-WAN environs).

If you take a read of that URL's content, you will see what I mean, with specifics in fact.

APK

P.S.=> Well, on your closing note about CIS Tool (for Linux variants, there are also others, such as Solaris &/or BSD variants as well)? I think you will try it, & find out, as I did on Windows Server 2003, that there is a LOT more to know, & learn, on how to secure a personal computer really! apk

Re:The Government computer security mess (0)

Anonymous Coward | more than 6 years ago | (#22197378)

"The benchmarks do very different things; and they tend to break systems in interestingly different ways if an admin doesn't pay attention" - by _Sprocket_ (42527) on Saturday January 26, @06:52PM (#22196726)
Well, since you have not read the entire thing, you wouldn't have caught the parts where I "warn" folks on what you can, & CANNOT do, from its contents/tips/tricks/techniques etc. et al! Especially for home LAN & Business LAN-WAN arrangements (especially AD ones).

It covers differences as to what can be done using its content, on a HOME or BUSINESS LAN-WAN arrangement for online activity on the public internet, BUT, also within a subnet range within corporate walls/intranets.

(Especially ActiveDirectory based ones, & moreso on Microsoft LanMan based ones too (Client for MS Networks + File and Printer sharing clients, for example))

vs.

A typical single PC user with a "single stand-alone system" hooked into the public internet via Tcp/IP only (all a body needs really to go online).

(HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA (via CIS Tool guidance & more):

http://forums.pcpitstop.com/index.php?s=30175a047c441667f7c926946ad24524&showtopic=150310 [pcpitstop.com]

APK

Not really a privacy problem (2, Informative)

Blackeagle_Falcon (784253) | more than 6 years ago | (#22195568)

While I have some problems with certain things the NSA has been doing of late, from the description in TFA there really isn't a privacy problem here.

"The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies"
"Supporters of cyber-security measures say the initiative falls short because it doesn't include the private sector -- power plants, refineries, banks -- where analysts say 90 percent of the threat exists."

So the NSA is going to be monitoring government networks, not private ones. I don't think there's any real expectation of privacy if you're sending bits to or over a government computer network.

This needed to happen... (5, Informative)

JRHelgeson (576325) | more than 6 years ago | (#22195878)

There is a long history here that needs to be taken into consideration... We are seeing a paradigm shift in our government that is long overdue. It used to be that the government had to protect paper documents, "eyes only", and the biggest threat were photocopiers and miniature cameras... not any more.

I wrote about this transformation [blogspot.com] last year. Is it any wonder why the NSA is being brought up and groomed to help protect the critical information assets that the United States has?

From my post:

HumInt/SigInt:
Human Intelligence, CIA
Signal Intelligence, NSA

The English have been masters at the spy trade for centuries. In WWII, the United States felt that it should get into the act and turned to the English for guidance.

With their tutelage, the CIA became a formidable tool against the Soviet threat throughout the cold war. We had clearly defined enemies with clearly defined borders. Gathering intelligence became a methodical science... then, once the Soviet Union collapsed, the clearly defined enemies with clearly defined borders went with it.

The growth of the internet created an atmosphere wherein information and 'intelligence' became a commodity. Then the emergence of an enemy that is not only difficult, if not impossible, to clearly define but who also operates entirely without borders. The polar opposite from what the CIA were trained to do.

Not only has this rule-set reset turned the CIA upside-down, it has rendered it all but useless. The UK isn't doing much better either. The problem is that western society itself is at odds with the rules required to make an effective spy agency. Our open government(s), free access to information, laws against spying on citizens and so forth are what both protect our civil liberties as well as create the environment in which our enemies can plot against us.

The CIA knew about al Qaeda operators operating in the USA prior to 9/11, yet did nothing to notify the FBI. This is because of the opposing nature of each agency. The CIA finds a criminal and wants to string them along to see what intelligence they can uncover by monitoring them. When the FBI finds a criminal, they want to string them up. From the CIA perspective, the FBI sure knows how to screw up an investigation and destroy your intelligence network.

The CIA is now dysfunctional to the point of uselessness. In fact, there isn't a single effective spy agency in the western world. The current battle we're fighting and the enemy we face is one that cannot be defeated by military might, it is a war that MUST be fought using intelligence.

So, the administration turned to the only other agency with experience in gathering and monitoring enemies. It also happens that this agency is experts at SigInt, as opposed to the HumInt. The problem is that the NSA is forbidden by law from spying on American Citizens, UNLESS they are monitoring overseas communications. This exception has always been allowed, no warrant necessary. There is no law that states that I have the constitutional right to conspire with enemies overseas.

No other nation even comes close to the SigInt capabilities of the NSA...

Re:This needed to happen... (1)

Post-Globalism (1227918) | more than 6 years ago | (#22200796)

What an excellent analysis, and history agrees with it; all centralized bureacracies tend to become bloated, ineffective and self-serving.

But isn't it the case with all models of centralized hierarchy? Despite all the efforts of the democratic systems to promote transparency, the parasitical cliques will take over and bury the old ideals which actually served the society.

Good News Bad News (1)

PingXao (153057) | more than 6 years ago | (#22195964)

The bad news is NSA shouldn't have this authority. By the time we're cooked it will be too late to jump out of the pot.

The good news is this will make it easier to get rid of DHS. I've never been a radical shrink-the-gov-to-nothing person, but DHS is a boondoggle of epic proportions. I hate the word "homeland". This isn't the 21st century of a European country, dammit, this is America. DHS's mission is to secure the nation? Isn't that what the Department of fucking DEFENSE is for? DHS is a wolf in sheep's clothing and a black hole for Congressional pork barrel spending. For every worthwhile undertaking they engage in there are 10 that serve only to enrich the wallets of those with the right connections. Put the Coast Guard back under the Transportation Department, or even DoD if it's that important (I think it is). Pick off the other tasks that really need doing and give them to DoD and the rest goes with the FBI. DHS... sayonara.

Re:Good News Bad News (0, Flamebait)

Boronx (228853) | more than 6 years ago | (#22196744)

Its fascist/imperialist name and its feudal power structure (essentially everyone is a political appointee) don't help either.

FBI-CIA-NSA = Subcontractors (2, Interesting)

not_hylas( ) (703994) | more than 6 years ago | (#22197336)

The FBI, CIA, NSA are now subcontractors for an unknown (to us, at least) asset managing entity.
It's like a shell game, Area 51 is now too well known, but they keep up appearances - wave your hand over here - palm the coin in another.
What we keep doing is concentrating on what we think is possible (tech-wise) while you have absofuckinglutly amazing things happening right under our noses. (i.e. what ARE those networking protocol hardlinks DOING in your bootblock under "bad boot sectors".
Chip crowding/code obfuscation is another.

Get the picture?

The real power doesn't want the exposure.

Paraphrase... (1)

Dirtside (91468) | more than 6 years ago | (#22197356)

"While some lawmakers and civil-rights advocates are unhappy with shooting this toddler in the face, one alternative that was considered and rejected -- feeding the toddler to the Sarlacc -- might have been worse."

Just because it could have been worse doesn't mean it wasn't a bad outcome the way it is now.

the NSA was already doing this. (1)

DragonTHC (208439) | more than 6 years ago | (#22198298)

I know most of you don't realize it, but the NSA has had monitoring capabilities in all computers since windows 95.

Microsoft gave them free reign to windows.

Don't think that Linux is left out. Do you think the NSA would generously donate the code for SELinux? It's a trade for priority placement in the kernel.

The NSA knows what they're doing. The real problem is, they're being tasked with things that violate their mandate. They had one rule: Don't spy on Americans.

The NSA is to thank for all sorts of cool technology we have now. Where do you think RFID tags came from?

I say stick to your rule, keep us safe, and give us more of your cool spy-tech.

For those who have wondered, the CIA doesn't require government money anymore. They have their own investments and hedge-funds. They never lose money. Which is how they can afford to overthrow governments and alter the course of history.

It's funny, the CIA is supposed to be the Central Intelligence Agency. They are supposed to be responsible for the 5 W's. Interestingly enough, it's the NSA which handles most of that now. The CIA does mostly HumInt and blackops these days.

Rest assured knowing that there are powerful men indeed at the reigns of these agencies. Not necessarily those appointed by sitting presidents. This is where our "shadow government" really sits. The military industrial complex is firmly embedded with these agencies. Eisenhower was right. America stopped being democratic in the mid-60's.

WARNING!! (0)

Anonymous Coward | more than 6 years ago | (#22199318)

All this is really going to do is give the Federal Government more power in the one place it has the least authority. Can we have anything without their intrusion. The Federal Government is like a spoiled teenager. If you give it a inch, it will take a mile. They will eventually make the Internet a wasteland like TV. Gone will be the free flow of ideas. Gone will be the power of the individual to be heard. Im sure they will keep the porn because it makes numb-skulls giggle. All in the name of some threat they keep dangling in front of us to gain more power over our day-to-day lives. What are the terrorist going to do? Suicide bomb the Internet? The Founding Fathers would be pissed. I know I am. Hear that? That's the slow sound of Liberty dying. May God have mercy on our pitiful soles.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?