US Congress probes accidental top secret file sharing US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing. A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security. At issue …
If this hinges on whether a default installation shares files by default or not, surely it's pretty damn easy to prove whether it does or doesn't by, you know, simply installing it and seeing what happens.
The respected members of congress / the senate / whoever are surely too old for this pantomime "yes it does", "oh no it doesn't" malarkey.
did he forget email? people emailing sensitive documents is also a software problem not a user problem
don't require systems be set up securely, instead ban p2p software because it's all the p2p softwares fault when people go and change settings and mess with computers to make them insecure - i wonder how much bribery money he got paid to sprout that bullshit? and i really can't guess which company it was that bought him off...
sorry i forgot it's not bribery if you pay government officials to bullshit for you, it's just "creative accounting"
Does a sane world _really_ need politicians & career lawyers discussing software design and implementation and threatening to "step in" with some regulation?
If you want to be on the secure side, just don't use the damn thing, or find find an implementation on the (remaining) free market that is well-designed and fulfills your security evaluation criteria. How hard can it be?
"The file-sharing software industry has shown it is unwilling..."
There is a regulation-worthy "industry" in every nice, isn't there, Mr. I-make-work-for-myself?
Anyone handling sensitive data needs to be comptetent enough to look after the data in their care. This isn't about Limewire or other P2P apps but encompasses much wider considerations like the use of email (including private accounts e.g. Palin), USB sticks, notebooks, PDAs, mobile phones, cameras, etc. People who can't grasp the importance of the issues involved probably should not have access to sensitive data, at least, not in a form which they can copy or otherwise disseminate.
What I don't understand is how IT policies and auditing in the organisations concerned allow users to install and run applications like Limewire on systems which can access sensitive data. Are US government systems containing classified documents really allowed to connect with the Internet and/or do they allow files to be copied to other systems or media?
The folk using a computer containing sensitive information for file sharing should be fired and or prosecuted. You should have a work machine and a personal machine seperately. If people are using their work machines for file sharing its not the fault of the software vendor but the idiot behind the keyboard thats at fault.
I'm pretty sure they don't need a new law for this. They could have them terminated under the anti terror laws.
Um.
What sort of an admin allows users full control to a point where they can install a P2P program? I've never allowed users admin access on a network i've been administering, why is the US government doing differently? If it's this much of a problem you could always prevent it from running via group policy instead of forcing the manufacturer(!) to change the default settings.
I mean seriously. Accidentally sharing a Top Secret document? Oh. Everything suddenly makes sense. This was done by a politician, or political appointee wasn't it? Anybody else they'd (quite rightly!) have crucified for negligence.
I am sure that good Mr. Edolphus Towns committee chair is only worried about our security (think of the children) and has never taken any money from the entertainment/media industry. Yep P2P much like commie linux and the Satanical internet and its evil gambling will surely bring down western civ. I got an idea why don't they quit hiring worthless clueless employees instead. Oh wait thats right the politicans buddies and familys need jobs too.
.. when governments use their own incompetence as an argument for more control over the internet. But it's also extra sad. Especially when that control would end up in the hands of the very people who have just demonstrated they're not very good with computers. But of course it's all the software's fault. Bad software! Haha. Wonderful. :) .. :(
... has shown it is unwilling or unable to ensure user safety,"
No, the file-sharing software industry expects users or admins to use their *BRAINS* and not install (or allow to be installed) their software in ways or in places that allow access to confidential information!
Whatever happened to *responsibility*???
Uh Duh, there are already regs out there banning P2P on Gov puters... The problem is that admins are not locking down there machines tight enough! The problem lies in that the "tech saavy" (LoL) gov employees want way more privs than they can actually handle. Just lockem down and that will prevehttp://www.theregister.co.uk/Design/graphics/icons/comment/stop_32.pngnt most of the P2P worries but not all....
My experience of users is that they will try to install anything.. whether they have admin rights or not.
Unfortunately users not having admin rights on a Windows machine is not enough because apps such as Google Chrome/Earth and Skype install themselves in the users application data profile folder which of course unsurprisingly has full access rights for the user. I know nothing of p2p software but I suspect this type of software does the same. All we can do as sysadmins in these cases is add a 'software restriction policy' to Domain group policy when we discover a breach like this.
Who's fault is it? Microsoft's? The software creators? The users?
Can someone from Microsoft tell me what good reason there is for allowing a corporate user without administration rights to be able to install un-sanctioned software to the %appdata% folder and also can a programmer from Google or Skype tell me why they think it's a good idea to create an installer that exploits this security hole and installs files to the %appdata% folder if the user (for valid reasons) doesn't have admin rights?
Software can partially solve the problem (block installation/block network traffic), but its nothing compared to a well enforced user agreement. I work for a company that handles patient data and although the traffic would be blocked, if we caught someone doing this they'd be shitcanned. No questions.
We couldn't do that in the goverment though! These are special people and they have to be treated as such! It wasn't his fault he installed some file sharing software and shared your social security details, it was the softwares fault! Yes yes its the 5th time hes done it, but we cant fire him over something that small! That would mean my department would get fewer tax dollars!!!!
I cant wait until we start handing them over our healthcare records.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
