RE: An example of why modern 'national security' databases are a bad idea.

RE: An example of why modern 'national security' databases are a bad idea. (Full Version)

All Forums >> [Community Discussions] >> Dungeon of Political and Religious Discussion

Message

Aswad -> RE: An example of why modern 'national security' databases are a bad idea. (6/22/2013 9:06:08 AM)
quote: ORIGINAL: Politesub53 Aswad...... The news broke on Friday so Sundays round of political chat shows should be interesting. Interesting. It broke somewhat earlier over here. Any idea why the delay? quote: Expect much to be made of this Monday when Parliament gets back to work. Good to hear. [:)] IWYW, — Aswad.

Kirata -> RE: An example of why modern 'national security' databases are a bad idea. (6/22/2013 11:25:51 AM)
~ FR ~ Every time I read about one of these breaches I find myself shaking my head, because never once do they mention the elephant in the room. Quite aside fom the fact that the average security manager seems to lack the wits of an 18 year old geek, we could copy all of our classified information on weapons systems and everything else to a series DVDs and hand-deliver them to a foreign government or a criminal conspiracy on a silver platter without any of the information doing its recipients the slightest bit of good, if only it was securely encrypted. Why in hell such critical resources are stored in a form that makes them instantly available to anyone able to gain access to the server is beyond me. K.

Real0ne -> RE: An example of why modern 'national security' databases are a bad idea. (6/22/2013 1:29:40 PM)
so its easy to get ripped off, so every alphabet agency can pop in and get what they need when they need it and if they get caught its OOPSIE! Just a coincidence. OMG how could have that slipped through our hands like that, and then version 2 will have a different loop hole in it. I didnt see a thing, hey you boys hurry up so I can turn around. anyone thinks that is anything BUT institutionalized incompetence by design is smokin some really good shit. Of course when it comes to state secrets then its put under top security armed guards, until they can make some money off of it.

Aswad -> RE: An example of why modern 'national security' databases are a bad idea. (6/22/2013 2:23:04 PM)
That's not the only elephant in the room, and it's probably the best understood one. Encryption is theoretically sufficient, if proven techniques are used. Practically, however, you also need to access the data, and the encryption happens in real software on real hardware in real locations. That affords ample opportunities for data to be compromised, if one forgets about the difference between theory and practice, or fails to deal properly with the practical side of things. That, of course, was the problem with the Schengen database. It was encrypted, certainly. But neither key management infrastructure nor access infrastructure were adequately secured. Also, there is a tendency for management to override technical decisions on political grounds. Some manager owns stock in a company, or has a friend in a company, or has constituents from a region where the company is a major source of tax income and/or jobs, and decides to use the solution that company is peddling. The professionals tell them the product is a closed solution that can't be verified as to its quality and that a quick analysis of what little one can access indicates there are probably serious flaws in the product. The manager insists on going ahead with using the inferior product, and notes that there will be serious repercussions for alerting upper management to the planned weak spot in the solution. Security gets breached as a consequence of using the inferior product, the technical staff gets slammed, middle management gets promoted, and upper management is mystified, while media propagate the nonsensical idea that it's impossible to avoid the problem, allowing management to continue getting away with sabotaging the work. This is part of why I'm rather explicit in my contracts. I'll stand for my own mistakes, and the mistakes of a subordinate, but I'll not stand for the mistakes of a superior. Nor do I respond well to threats, so I prefer to be clear up front on what the lines of communication and decisionmaking are. If upper management doesn't want to know that there's problems, they don't get to know. If they want to know, they will know. Places that won't agree to clarifying the terms of my work there aren't worth working for. It'll always come back to bite you on the ass, otherwise. Anyway, yeah, while encryption is great in theory, it's only a tiny piece in the puzzle, practically speaking. As usual, the problems are human, as are the solutions. IWYW, — Aswad. P.S.: Have you been reading the visions Selmer Bringsjord has been pushing at Congress? ETA: The petition to pardon Snowden (link). Just realized I haven't posted it here before.

Page: << < prev 1 [2]

Collarchat.com © 2025

Terms of Service

2.734375E-02