Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - Encryption Would Not Have Protected Secret Federal Data Says DHS

HughPickens.com writes: Sean Gallagher reports at Ars Technica that Dr. Andy Ozment, Assistant Secretary for Cybersecurity in the Department of Homeland Security, told members of the House Oversight and Government Reform Committee that in the case of the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, encryption would "not have helped" because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. Ozment added that because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network. "If the adversary has the credentials of a user on the network, they can access data even if it's encrypted just as the users on the network have to access data," said Ozment. "That did occur in this case. Encryption in this instance would not have protected this data."

The fact that Social Security numbers of millions of current and former federal employees were not encrypted was one of few new details emerged about the data breach and House Oversight member Stephen Lynch (D-Mass.) was the one who pulled the SSN encryption answer from the teeth of the panel where others failed. "This is one of those hearings where I think that I will know less coming out of the hearing than I did when I walked in because of the obfuscation and the dancing around we are all doing here. As a matter of fact, I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are in keeping information out of the hands of Congress and federal employees. It's ironic. You are doing a great job stonewalling us, but hackers, not so much."

+ - U.S. lawmakers demand federal encryption requirements after OPM hack->

Patrick O'Neill writes: After suffering one of the biggest hacks in federal history at the Office of Personnel Managemen, the U.S. government is sprinting to require a wide range of cybersecurity improvements across agencies in order to better secure troves of sensitive government data against constant cyberattacks. The top priorities are basic but key: Encryption of sensitive data and two-factor authentication required for privileged users. Despite eight years of internal warnings, these measures were not implemented at OPM when hackers breached their systems beginning last year.

The calls for added security measures comes as high-level government officials, particularly FBI director James Comey and NSA director Adm. Mike Rogers, are pushing to require backdoors on encryption software that many experts, like UPenn professor Matt Blaze, say would fundamentally “weaken our infrastructure" because the backdoors would be open to hackers as well.

Link to Original Source

Comment: Re:Is it unconstitutional? (Score 1) 82 82

No, it only prevents them from scooping up US communications, the NSA's actual mandate is to do whatever it wants outside the US, however a loophole in many of the rulings and laws allow them to practically scoop up all US communications. Close the loophole, and hopefully it would solve the problem, however I do not see that happening.

Comment: Re:Niggers run the country and now they are marxis (Score 1) 82 82

This may have worked to, however when Mandela was replaced, it all went to shit pretty quick.

Go read this http://www.moneyweb.co.za/arch... to give you a pretty good idea of how things are. The current president is a moron. Thabo Mbeki, slightly less a moron, but still a moron.

Mandela had lofty goals, and I truly (as a white person no less, who grew up in South Africa) believe he had the best intentions, but his successors have done nothing but consolidate power and money, cronyism is rife in SA, they are the cause of many of the problems. Eskom used to be at the forefront of power generation and research, and now, they can barely keep the lights on. As of today, they are currently practicing load shedding (think planned.. or in many cases un rolling blackouts).

Until the current parties figure out how to replace the stupid people with those who have the best interests of the country at heart, instead of their own power and finances, nothing will change. In that respect, SA is very similar to the US, voting along party lines rather than voting for the best candidate.

Comment: Re:Blah blah blah. (Score 1) 82 82

Obama has done his fair deal to repair things, like his healthcare plan, but the problems that Bush has created in eight years cannot be undone in eight years. That will take much longer.

The same can be said for any president. Government moves at a glacial pace at most times. What one president fixes during his term was caused by a president many years prior, and at the same time, any problems the current president causes will take many years for the next one to fix. This is the way it is, and is not specific to Republicans or Democrats, or any political entity in any country for the most part.

Comment: Re:F(ck them. (Score 5, Informative) 214 214

Verizon has been trying to shed their wireline service for years. They have done a few here and there, using Reverse Morris Trust (basically a way to fuck the company buying VZ's assets, and the constituents... Frontiernet has screwed up everything they have touched)

The timing just coincides with the FCC ruling, and a great opportunity for VZ to talk out of it's collective ass

Comment: Re:Lawful Content (Score 4, Insightful) 379 379

Well, that can be a little ambiguous. For example, The Pirate Bay (yes we all know 99% is illegal content), it provides a service, that has legal uses, albeit very very small. So blocking a legal service with illegal content might not fly. The fact that TPB is not in the US might make things difficult, since as long as the service complies with requests to remove illegal content (even if they are slow about it), it is still technically complying with requirements of a legal service, and therefore should not be blocked.

I guess we will see.

Comment: Re:General public not interested in municipal inte (Score 1) 417 417

You do realize that is what he is trying to do... Give you, and your neighbors the choice and opportunity to build your own (well vote to have someone build it for you) broadband network. The reason he is getting involved is that there are about 20 or so states that have laws on the book, written by the telecoms themselves, that outright ban cities, counties, municipalities, etc from building out there own network should the populace decide they want to, or puts restrictions in place that make is almost impossible to build out the network. These are protectionist laws for the incumbents, and removes YOUR choice, which you are bitching about.

Do a little research before making stupid statements, otherwise you look just like the me to people who vote straight down party lines regardless of how stupid their party is (that goes for both sides).

Comment: Re:Dear Obama.... (Score 2) 417 417

You do realize that Franchise Agreements are not necessarily bad. They are typically a double edged sword, both protecting consumers in that locality, but also providing (in some cases stupidly long term, 1 VA area did a 100 year agreement) a monopoly to a particular content/broadband provider.

VZ, ATT and Comcast have all lobbied the crap out of those localities, and gutted the franchise agreements, removing requirements like they have to wire up the entire area, and removing consumer protections such as limiting price hikes.

So eliminating them might not be the answer, better enforcing them when they are signed and making sure they are not stripped of any meaningful content that does not benefit the telco would be a good start.

Comment: Re:Free up some more frequency blocks (Score 1) 417 417

As much as I hate Verizon (and I do really hate Verizon, but not as much as I hate Comcast), Verizon offers fixed LTE (http://www.verizonwireless.com/b2c/lte-internet-installed/) It's not cheap mind you, but it at least uses the same network and bands as their LTE phones, so if you get LTE phone service from VZ where you live, you should be able to get their home LTE service.

Comment: Re:I NEED SPEED! (Score 1) 417 417

Or maybe he runs a server, or maybe he is a developer pushing out udpated ISO's every night or every few hours.. Or maybe he lives in a house with 5 roommates who all constantly play games and stream movies...

Or maybe, he just works from home and transfers allot of data between his home office and his corporate office...

Don't be a dick..

You can't go home again, unless you set $HOME.

Working...