The US government on Monday enacted new policies designed to prevent mass leaks similar to one rolled out over the weekend, when Wikileaks released thousands of classified diplomatic cables. On Sunday, the Pentagon announced new procedures for the use of thumb drives. Computers that store classified data will no longer be able …
US Government to implement bog standard security measures that most businesses adopted ten years ago.
"...the new guidelines would ensure that employees can access sensitive data only when it's required for their jobs."
Wow. Steady on now, don't get carried away.
spot on PMSL
US Government to implement bog standard security measures that most businesses *should have* adopted ten years ago.
many companies still handle security in a similar way to governments, just tell the auditors (who are just as clueless) that they follow basic security best practices, whilst in reality everyone must run everything as administrator and must be able to plug in their mp3 player and must have unrestricted internet access because otherwise their "critical applications" don't work (the .avi.exe video files from that russian website need to run with administrator access...)
it's ITs job to try and secure the computers, and it's managements job to get in their way, if they let the experts get on with doing their jobs then how would they justify their own jobs?
While I see Wikileaks as a somewhat less than sterling entity - I have to admit that I'm enjoying the thorough arse kicking that they are delivering to our fearless (and spineless) leaders...
Wait a minute!
He took in Telephone on CD-RW?! That means he's a music thief pirate!
Forget the national security crap, this is the real story!
Actually, he got all that done in 3:41?! Christ, imagine what would have been released if he'd been a fan of Rush...
I would think that he'd be able to download the entire TOP SECRET stash if he had been listening the extended version of In-A-Gadda-Da-Vida, then!
They are only now implementing the kind of security that businesses have used for years? After the horse has bolted?
"Computers that store classified data will no longer be able to write onto removable media"
WHAT? Ye Gods, what maniac ever allowed them to do so in the first place?
How on Earth???
When I worked at [redacted] we weren't allowed to bring in CD-RWs. If you wanted a music CD it had to be a real one, that you couldn't blank. And the USB drives were disabled, naturally.
So what happens...
if someone brings in a CD-RW that happens to have a fake label on it (maybe even silkscreened so you can't tell it's fake) and knows how to re-enable, unplug, or even jury-rig a USB port? Maybe it's time to bring back pure read-only drives and bring back BIOS that have no USB support at all. But next thing you know, they'll know how to rig a data transfer device into the keyboard port (which CAN'T be disabled or you can't log in--since the USB ports needed for a bioscan are supposedly disabled).
When's the last time you've seen an old-school keyboard and mouse? We still have them lying around our office, but more and more they're becoming scarce. I'm not even sure if my most recent machines have plugs for them anymore... might have to get one of thse USB adaptors to use one with my netbook ;)
The scary thing is I saw a defcon presentation a while back demonstrating a hacked USB keyboard embedded with an Arduino that was able to, IIRC, root out the Windows machine they plugged it into. USB and removable media (CDR/DVDR drives) have no place in secured environments anymore than Internet access does.
Every desktop computer in my organization has PS2 connectors for keyboard and mouse on the ATX motherboard. Is there a new ATX standard or a replacement I'm not aware of?
This is a good reason why they should be kept too, showing the downside of a universal USB connection. While I'm sure someone could mount an attack thru them it would be a heck of a lot harder than for Joe Sixpack to just plug in a USB thumb drive.
Locking the gate after the horse has bolted eh? And trust the Merkins to try and classify as a terrorist anyone who makes them look foolish or dishonest.
I'm not sure I'm a particular fan of Assange but somone has to hold those in power to account and until someone comes up with a better system we'lll have to settle for Wikileaks.
Note to all western government, keep your noses clean and you won't haveto fear the next data dump now will ya!
Not just the Americans.
"And trust the Merkins to try and classify as a terrorist anyone who makes them look foolish or dishonest"
Lots of states with armies in the middle east do the same.
Bolted - Horse - After - Door - Close
Rearrange the words to suit.
Funny, I just heard the slamming sound of a................
.............stable door being hurridly bolted.
Terrorist organisation ? Let me laugh !
Really , trying to classify Wikileaks as a terrorist organisation is not only a lie but an attempt to shut down free press. There is no terrorism involved here. In fact most are quite a bit relieved to read the memos.The information gives us an insight into diplomacy we never had.And that's perfectly fine. Remember that the US Government must be held accountable to the People of the USA
Just shows how crooked the people in power , Bush administration then the ongoing Obama administration really are, that hurts them personally. Being held accountable for their actions is extremely important. These people represent the US Citizen and the People of the USA . They have a right to know. Any attempt to shut WL down by calling them terrorists is total hypocrisy. Shame to the US response. Message to J.A. : Keep up the good work.This latest bit by the USA is just proof you're doing your job right.
Read the messages and cables.Every bit that could be real cause for concern has been redacted and scensored by Wikileaks. The rest if embarassing will teach them to keep their big mouths shut.As for the USA using their embassies as spies nests , all embassies do it.
Canucks , UK , France , Russia .. i mean .. What the heck you think ? Intelligence ain't a game played straight by anyone. Forget the perfect world.We live in a place where the citizen is left in the dark so if we do not get the info , we think it's all fine , get laws and courts to take decisions that are based on what we actually know. If it's otherwise , maybe , just maybe , it's time for intel services to start giving us a bit more info on what they do. And if that don't suit them either maybe it's time to revisit the whole system top to bottom and let them publish ALL the info on the net to actually short circuit all that was supposed to stay secret. Blow em out the water so to speak.
Time for a beer ( 6 am .. ) yup .. Good day.
Remembering Woodward and Bernstein
It is my recollection that W&B and the Washington Post were threatened with similar charges at the time, for "exposing" the fact that the emperor had no clothes! Sometimes (though I doubt anyone in any government will learn this lesson), just shutting up is the most effective tactic to deal with such exposures... From my perspective, I hope they never do learn that lesson! :-)
New security proverb
A secret known to 3 million people is a secret no longer.
Title goes here
To be fair, this isn't really a closing door after the horses have bolted situation. There's plenty more horses in that stable, just because 1 or 2 of them have bolted doesn't mean its too late to stop the rest of them.
@"categorize Wikileaks as a terrorist organization"
Maybe they should get a rubber stamp made up (with "terrorist organization" printed on it) so they can then label whoever they like as a terrorist organization, so they can then twist their laws even further to take down any group or person that shows them up for what they are really like.
This attitude of "categorize Wikileaks as a terrorist organization" shows how close some politicians are to Totalitarian attitudes.
So Gary McKinnon taught them nothing..? I'm looking forward to the next batch of leaks already.
Best of luck!
I can imagine the US Gov has a few hundred thousand PCs in use at any given moment, it only takes just one that has not had the USB ports locked down to let the info flow out!
I'm sure someone has thought of sending stuff out through ADSL machines, the main networks being firewalled but free-standing machines not being closely monitored. Quite often find the top-dog's machine must have a secure ADSL ( line for his own personal use! ) , so when he goes home you plug in your laptop and do the biz.
Only way to be 99% sure is to have VT100 dumb terminals and no external networks, after all you could still snap the screen with your mobile-phone camera!
The man has balls. I mean, it's one thing to personally go against the US government, but to actually admit to singing along to Lady Gaga...
The US government may be pi*ed about the diplomatic stuff, but if Wikileaks have something on a major bank then they can expect some _serious_ hassle in the next couple of months.
So much for SIPRNet separation
"The measure was described as a “temporary technical solution” to the problem of Pentagon personnel who may move vast amounts of secret information to unclassified computer systems"
And how is it possible for this situation to happen on TS-clearance computers at all? Some of the Wikileaks docs have been extracted from the SIPRNet. I thought that "The Recruiter" was fiction, couldn't believe that something as braindead as that could be possible.
There goes the US gov't, trusting their sensitive stuff to MS Windows OS.
So this is government transparency in action then, hide war crimes, murders, rapes, genocide back room deals and all other illegal stuff!
remember kids its only terrorism when they do it, our governments act with impunity using banned chemical weapons, poison the earth with depleted uranium rounds, illegally invade other countries, torture, murder, yada yada!
USA, UK, Israel Global Terrorists.
From the perspective of someone working for a company providing methods to secure documents, I am amazed that the pentagon and the government have not put any such tools in place. If this is the level of security in government, just imagine the level of security elsewhere.
Note this is by no means a single incident. Recall the TSA screening manuals being posted online, the climate research papers leak and many more incidents... You can see some more examples on our site: http://www.watchdox.com/threat-center.
Colour anyone embarrassing the U.S. a terrorist, then break the law persecuting them!
American lawmakers are hypocrites. The concept of rule of law is a nice phrase which they conveniently forget when it suits their purposes.
The Patriot Act breached The U.S. Constitution, but no government prosecutor wants to go near a court with it. So the U.S. Congress will pass yet more illegal laws, no doubt trying to make them retroactive - which courts often reject.
As for 'locking the data down' - this should have happened way back when the Army arrested their man.
Wouldn't have happened in China - they monitor computer terminals and would have caught this leak when it started.