Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security

Encryption Would Not Have Protected Secret Federal Data, Says DHS 142

Posted by samzenpus from the might-as-well-give-up dept.
HughPickens.com writes: Sean Gallagher reports at Ars Technica that Dr. Andy Ozment, Assistant Secretary for Cybersecurity in the Department of Homeland Security, told members of the House Oversight and Government Reform Committee that in the case of the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, encryption would "not have helped" because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. Ozment added that because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network. "If the adversary has the credentials of a user on the network, they can access data even if it's encrypted just as the users on the network have to access data," said Ozment. "That did occur in this case. Encryption in this instance would not have protected this data."

The fact that Social Security numbers of millions of current and former federal employees were not encrypted was one of few new details emerged about the data breach and House Oversight member Stephen Lynch (D-Mass.) was the one who pulled the SSN encryption answer from the teeth of the panel where others failed. "This is one of those hearings where I think that I will know less coming out of the hearing than I did when I walked in because of the obfuscation and the dancing around we are all doing here. As a matter of fact, I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are in keeping information out of the hands of Congress and federal employees. It's ironic. You are doing a great job stonewalling us, but hackers, not so much."

Comment Re:StartSSL ? (Score 2) 97

I used StartSSL to obtain a certif for my small website when they came up. Spent a while to learn the procedure. A year later I had to redo it all when it expired. Pain in the ass, so I gave up. There should be either: long duration certificates (just like you can get a domain for 10 years), or a shell script that you can cron on your server that will renew automatically yearly.

Comment Re:Why is this relevant? (Score 1) 558

by dargaud (#49885557) Attached to: Ask Slashdot: What Hardware Is In Your Primary Computer?

Honestly in most scenarios where both servers get wiped out, data recovery is probably low on the list of problems.

I don't know, maybe one of your Windows VM catches a ransomware, it encrypts your network drive (which is basically your entire RAID), and before you notice all the encrypted files are backed up over the clean ones. Your backup is now useless, unless incremental.
Yahoo!

Yahoo Killing Maps, Pipes & More 176

Posted by samzenpus from the so-long dept.
alphadogg writes: Yahoo is shutting down its mapping service, Pipes and reducing the availability of Yahoo TV and Yahoo Music. The company has decided instead to focus on three major parts of its business: search, communications, and digital content. "We made this decision to better align resources to Yahoo's priorities as our business has evolved since we first launched Yahoo Maps eight years ago," says the company.
Microsoft

Microsoft To Support SSH In Windows and Contribute To OpenSSH 285

Posted by Soulskill from the headlines-you-probably-didn't-expect dept.
An anonymous reader writes: Microsoft has announced plans for native support for SSH in Windows. "A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems." Based on the work from this new direction, they also plan to contribute back to the OpenSSH project as well.

Comment How do I XP it ? (Score 5, Insightful) 290

by dargaud (#49810851) Attached to: Windows 10 RTM In 6 Weeks
Genuine question here: I've been using Linux for most things for the past 15 years. For exactly 3 programs I still need Windows, so I run XP in a virtual machine. But I've been warned that the next versions of my progs won't support XP anymore, so I'll have to jump to Win10. Since I don't give a shit about any of the 'advancements' that have occured since then, how can I remove all the gimmicks and simplify the Windows user interface to make it like XP, simply ? Is there some Win10 to XP converter to keep me from trudging through endless options and shitty tweaking downloads ?

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close